Post

RootMe

Javascript - Obfuscation 3

Posted Updated
Preview Image
By Mustafa Eltayeb
1 min read
RootMe

Javascript - Obfuscation 3 - RootMe

  • when start challenge this alert window will open to say “Enter Password (if you enter it wrong will say FAUX PASSWORD HAHA :( so that let’s kill this challenge ) )”

open source code and i find this js code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

function dechiffre(pass_enc){
var pass = "70,65,85,88,32,80,65,83,83,87,79,82,68,32,72,65,72,65";
var tab = pass_enc.split(',');
var tab2 = pass.split(',');var i,j,k,l=0,m,n,o,p = "";i = 0;j = tab.length;
k = j + (l) + (n=0);
n = tab2.length;
for(i = (o=0); i < (k = j = n); i++ ){o = tab[i-l];p += String.fromCharCode((o = tab2[i]));
if(i == 5)break;}
for(i = (o=0); i < (k = j = n); i++ ){
o = tab[i-l];
if(i > 5 && i < k-1)
p += String.fromCharCode((o = tab2[i]));
}
p += String.fromCharCode(tab2[17]);
pass = p;return pass;
}
String["fromCharCode"](dechiffre("\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30"));

h = window.prompt('Entrez le mot de passe / Enter password');
alert( dechiffre(h) );
  • after trying to understand it i take some steps but look at this
    1

    \x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30

    Hexadecimal !!

let’s use function in js call unescape() thats’s  computes a new string in which hexadecimal escape sequences are replaced with the characters that they represent (MDN site say this )

after use it i find some numbers :

1
2
3

unescape("\x35\x35\x2c\x35\x36\x2c\x35\x34\x2c\x37\x39\x2c\x31\x31\x35\x2c\x36\x39\x2c\x31\x31\x34\x2c\x31\x31\x36\x2c\x31\x30\x37\x2c\x34\x39\x2c\x35\x30")

'55,56,54,79,115,69,114,116,107,49,50'

some numbers :) ;

  • in my few steps to understand the code i find this method String.fromCharCode() which static method returns a string created from the specified sequence of UTF-16 code units (MDN again :) )

by use it i find the password :

1
2
3

String.fromCharCode(55,56,54,79,115,69,114,116,107,49,50)

'786OsErtk12'

Finished. Happy Hacking!

Follow me:

Root Me, web client
RootME JS - web clint Find Password
This post is licensed under CC BY 4.0 by the author.