资安学习路上-picoCTF 解题(Web)2

4. Some Assembly Required 1

按右键，检视网页原始码

点击js档看到下面，虽然知道是js档，但有点乱

用(线上Javascript工具，执行看看

接着为了再去混淆度，把常出现的两个参数findMiddlePosition跟navigatePop丢进去，看他的结果，并已编译後的值带入

结果如下

(async() => {
  const findMiddlePosition = _0x4e0e;
  let leftBranch = await fetch(./JIFxzHyW8W);
  let rightBranch = await WebAssembly[instantiate](await leftBranch[arrayBuffer]());
  let module = rightBranch[instance];
  exports = module["exports"];
})();
/**
 * @return {undefined}
 */
function onButtonPress() {
  const navigatePop = _0x4e0e;
  let params = document["getElementById"](input)[value];
  for (let i = 0; i < params["length"]; i++) {
    exports[copy_char](params[charCodeAt](i), i);
  }
  exports["copy_char"](0, params["length"]);
  if (exports[check_flag]() == 1) {
    document[getElementById](result)[innerHTML] = Correct!;
  } else {
    document[getElementById](result)[innerHTML] = Incorrect!;
  }
}

知道是从JIFxzHyW8W下载wasm档，是用copy_char存每个flag，再用check_flag来确认是否正确，用wget指令下载wasm档，在用kali内建wasm2wat将wasm档转成wat档(WebAssembly 文字格式)

用Cat指令得到flag