题目链接: http://ctf.idf.cn/index.php?g=game&m=article&a=index&id=43
知识点:js语法
思路:
查看网页源码,阅读js代码,发现函数实现了加密方法,但是解密的方法并没有实现,根据加密的部分我们容易写出解密的方法,如下:
<html>
<body>
<script>
/**
* Pseudo md5 hash function
* @param {string} string
* @param {string} method The function method, can be 'ENCRYPT' or 'DECRYPT'
* @return {string}
*/
function pseudoHash(string, method) {
// Default method is encryption
if (!('ENCRYPT' == method || 'DECRYPT' == method)) {
method = 'ENCRYPT';
}
// Run algorithm with the right method
if ('ENCRYPT' == method) {
// Variable for output string
var output = '';
// Algorithm to encrypt
for (var x = 0, y = string.length, charCode, hexCode; x < y; ++x) {
charCode = string.charCodeAt(x);
if (128 > charCode) {
charCode += 128;
} else if (127 < charCode) {
charCode -= 128;
}
charCode = 255 - charCode;
hexCode = charCode.toString(16);
if (2 > hexCode.length) {
hexCode = '0' + hexCode;
}
output += hexCode;
}
// Return output
return output;
} else if ('DECRYPT' == method) {
// Algorithm to encrypt
// Variable for output string
var output = '';
var charCode = '';
var hexCode = 0;
for(var i=0; i<string.length; i+=2){
if(string[i] == '0'){
charCode = string[i+1];
}
else{
charCode = string[i]+string[i+1];
}
hexCode = parseInt(charCode, 16)
hexCode = 255 - hexCode
if(hexCode > 128){
hexCode -= 128
}
else if(hexCode < 128){
hexCode += 128
}
output += String.fromCharCode(hexCode);
}
// Return output
return output;
}
}
document.write(pseudoHash('46191d4b494a4e1c4f4a1d4d1a1b484f191d1e4a1e191a4f1d4f4c461e4a4a4f', 'DECRYPT'));
</script>
</body>
</html>
解密的结果为“9fb4651c05b2ed70fba5afe0b039a550”,将该值粘入原网页的密码输入框,走你,得到答案“wctf{jS_decRypt__Eaaasy}”
4560
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
