攻防世界crypto_flag_in_your_hand

环境

题目下载，js逆向

RenIbyd8Fgg5hawvQm7TDQ

wp

解压得到一个.html和js文件，分析，输入一个对的token才能得到flag

function showFlag() {
  var t = document.getElementById("flagTitle");
  var f = document.getElementById("flag");
  t.innerText = !!ic ? "You got the flag below!!" : "Wrong!";
  t.className = !!ic ? "rightflag" : "wrongflag";
  f.innerText = fg;
}

看到和ic比较，在js里面，把a里面的ascii转成字符串为security-xbu

function ck(s) {
    try {
        ic
    } catch (e) {
        return;
    }
    var a = [118, 104, 102, 120, 117, 108, 119, 124, 48,123,101,120];
    if (s.length == a.length) {
        for (i = 0; i < s.length; i++) {
            if (a[i] - s.charCodeAt(i) != 3)
                return ic = false;
        }
        return ic = true;
    }
    return ic = false;
}

减去3，得到

ascii_values = [118, 104, 102, 120, 117, 108, 119, 124, 48, 123, 101, 120]
result = ''.join(chr(i - 3) for i in ascii_values)
print(result)
#security-xbu