Solving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018

preview_player
Показать описание
Solving a crackme implemented in JavaScript that attempts to obfuscate the algorithm through some anti-debugging.

-=[ ❤️ Support ]=-

-=[ 🐕 Social ]=-

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#CTF
  1. LiveOverflow
  2. Live Overflow
  3. liveoverflow
  4. hacking tutorial
  5. how to hack
  6. exploit tutorial
Рекомендации по теме
Solving a JavaScript 0:15:01

Solving a JavaScript crackme: JS SAFE 2.0 (web) - Google CTF 2018

JavaScript Pro Tips 0:12:37

JavaScript Pro Tips - Code This, NOT That

Reverse Engineer packed 0:14:57

Reverse Engineer packed JavaScript like a Pro - Using the 'Matching Bracket Method'

Hacker's Gave me 0:02:23

Hacker's Gave me a Game and I Found a Virus

Reverse Engineering Obfuscated 0:14:04

Reverse Engineering Obfuscated JavaScript

Reverse Engineering and 0:06:15

Reverse Engineering and Deobfuscating Javascript Files Using The Developer Tools ( CTF Challenge )

everything is open 0:13:56

everything is open source if you can reverse engineer (try it RIGHT NOW!)

How to solve 0:08:52

How to solve Pride #1 CrackMe Tutorial - Beginner Level

#1 - Solving 0:13:27

#1 - Solving a Crackme with Cutter and Z3

JavaScript that drops 0:15:33

JavaScript that drops a RAT - Reverse Engineer it like a pro

Crack the Code 0:06:59

Crack the Code using Javascript

Nested JavaScript Obfuscation 0:33:33

Nested JavaScript Obfuscation - GuidePoint Security CTF Challenge

Using z3 to 0:10:33

Using z3 to find a password and reverse obfuscated JavaScript - Fsec2017 CTF

Debugging JavaScript - 0:04:44

Debugging JavaScript - Are you doing it wrong?

How to obfuscate 0:03:35

How to obfuscate JavaScript code with Node.js

Javascript Private Variable 0:11:10

Javascript Private Variable #13

†: Some things 0:05:30

†: Some things I got wrong with JS Safe 2.0 - Google CTF 2018

PicoCTF 2017 [13] 0:07:07

PicoCTF 2017 [13] What is Web (HTML, CSS, & JS)

Text obfuscation on 0:06:59

Text obfuscation on websites using JavaScript & baffle.js

How to Code 0:22:01

How to Code a Sudoku Solver in Javascript

JavaScript Security: Hide 0:09:59

JavaScript Security: Hide your Code?

Christoph Burgmer: Hacking 0:21:00

Christoph Burgmer: Hacking a HTML renderer in plain browser-side JS [JSConf2014]

Crackme - CrackMe 0:07:22

Crackme - CrackMe PlanetHaX

Hacking JavaScript Games 0:09:15

Hacking JavaScript Games - Accessing private javascript variables at runtime via debugging

Комментарии
Автор

The confusion with the x's isn't cuz of the with statement. The parameter х (U+0445 or 1093) isn't the x from the English alphabet. It is a Cyrillic alphabet which only looks like it. And this input variable was never used in the code except for the last eval() which dynamically generated 'х==c(weird_string, h(х))' referring to our input х. THAT was the beauty of the challenge :P

adityavallabh
Автор

Thanks so much for the shoutout, Live Overflow! Hopefully we can do more together sometime soon. :)

_JohnHammond
Автор

whenever i feel like im getting the hang of coding i just watch one of these videos so i realize i know nothing again

LOEVI
Автор

I love watching these videos. I’m at a stage in life where I kind of understand what is going on, enough to comprehend the logic expressed, but not enough to be able to try this myself.

Anonymous-vhkp
Автор

this some next level thinking and reasoning i am just not ready for. and its scary that there are so many people that can do this and i can barely comprehend it.

THETHPHANTOM
Автор

When C++ programmers look at Javascript code:
*wtf*
** googles some stuff **
*wtf intensifies*

ineedzsleep
Автор

Wow, if you say you're a total noob I don't know what I am

mxxone
Автор

Btw, two "x" are in different encoding.
IDE saves the day :D

hopkinskong
Автор

This felt like one of those de-obfuscation of pop-under videos. I loved those!

benjaminbrady
Автор

I feel incredibly stupid.
This is impressive..who created this is just a genius

stefanopersechino
Автор

mean while I'm coding hello world with some hacker music in the background .

pavankumar
Автор

1:30 I don't think "JS" and "military grade" are compatible with each other

PaprikaX
Автор

You sir said you were a noob at this, then I should be an insect lol

soopyc
Автор

I just want to thank you for not taking a jab at JS. This Video was really interesting. I was torn between trying it myself first and watching your solution but I'm glad to have watched your video instead.

jankaltenecker
Автор

Same here, joined for a few hours and only solved the noob question :p The argument was not an x but a homograph of x as others also mentioned and that took me a bit to figure out. Also I didn't figure out exactly why the browser hanged but it was so annoying, yet I didn't want to spend time on that. I took the same approach for decryption but heard that there was another way based on low redundancy of the internal variables (a and b). I hope I find time and motivation to look into it soon.

alex
Автор

I don't know any programming language but love to watch this ;)

DeepakKumar-ymwr
Автор

*The with statement makes it hard for the interpreter to understand how to interpret it* (or something) lmao

KingJellyfishII
Автор

Basically to explain 'with' statement, you enter an object to it like:

with( <object> ) {
// CODE HERE
}


then, basically when you call anything, it first checks the block scope if the variable exists, then, the window. Else, it tries the properties of the object you put in. So in theory, this should work.


with (console) {
log("Hello.");
}

michaelz
Автор

Been lurking your chan for months. Started Beginners quest on this google-ctf now. Never done this before.. Thanks for hooking me up!

marsanmarsipan
Автор

I simply love this channel. Hits just my level of programming skills

userou-igze
join shbcf.ru