yeah I was fooled!

They fooled us all lol. Btw since you didn't mention why the browser crashes, it's cuz the for loop in c() runs for a.length times and a regex doesn't have this property making it an infinite loop and crashing the browser due to memory limits. And by this they fooled us not once but TWICE! xD

AHHHHHHHHH. that also explains why they wrote i!=a.length and not i

This trick to use similar (or equal) looking characters is also a vuln. in Windows. (An Example here: kzbin.info/www/bejne/baTciGZjr96FhZo) Kinda wondering, why javascript (and other languages as well) allow non-ansii characters to be used outside of (string) variables.

Oh wow such a interesting challenge, thanks for the insight

sigh

I think I was the only one

he's going so fast so it's hard to understand

@@chrisauh totally, especially when you are used to watch video on youtube in *1.5time X)

lmao

He is not, just very humble...

Thanks, I guess. But it was in fact one of the easiest challenges during this CTF based on the number of solves ;)

Same lol

Maybe you just took the long way around.

mx xone me too

hey dude, dont change avatar, people cant find you ...

Lol..10,000 followers back in the day. Good job on the almost 200,000k

@@matthewlandry1352 You have seen his face? lol he looks totally different i was socked.

Totally agree with you. Just impressive

lol, so much for 3 years of CS uni

Relax. If I encounter anything even half as complex as this in a codebase I just rip it out and replace it. Fuck trying to debug horrors like this.

It's just learning a new language. Takes practice, but if there's other people that can speak it, so can you.

Nah figuring out stuff like this takes hours and lots of trial and error, it's all just edited out here and only the final conclusions are presented. Watching a guy do "does this work? nah, how about this?" for 4 hours isn't good entertainment

tm man facts 😂

I don't get it. Is it cuz js is child's play to them?

@@excalibirb9204 No it's because it's insanely dynamic. The opposite of child's play. The programmer has basically no guarantees about the state of the runtime at any specific point in the program, which can make it very hard to debug.

True asf

@@excalibirb9204 No, the joke is that javascript can be really fuckin confusing

Pavan Kumar lol this cracked me up 😂

@@spidercubed9718 title hacking bank details

"Coccolino" 👈 Best music channel on KZbin, perfect for coding/programming/hacking... Thank me later.

Lolz

Benjamin Brady agreed we need more like those

The recent breaches at some big companies were hackers cleverly injecting 15 lines of JS. Mirai I think it was called. So I'd say it's militant enough. Enough for the FBI to have them snitch and employ them.

Depends on perspective. Military grade for the person who did NOT write that garbage.

aes-js in node.js

@@peregrinusoblivione4967 It's still pretty horrific at breaching systems. For that there really is no other reliable way bessides C/C++ and Assembly language

lol

awesome, thanks!

'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine

Great question. I'm looking for a good website too.

'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine

'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine

However, there exists other "chars", which are interpreted right away and which can be used to obfuscate code, if you use them as actual non-printable "chars" (copied from the char table) instead of (what they're usually used for) as HML entities. Like the RTL mark. I use that to obfuscate source code (browser view source code, but also some IDEs), and while the code is run as it should, it does fool some RegExes used by bots (It's quite effective in anti spamming). The W3C validator, however, is not fooled, that's its only weakness. It throws an error. From Wikipedia: _"The right-to-left mark (RLM) is a non-printing character used in the computerized typesetting of bi-directional text containing mixed left-to-right scripts (such as English and Cyrillic) and right-to-left scripts (such as Persian, Arabic, Urdu, Syriac and Hebrew). "_

Back in time, using the RTL mark on email addresses was an easy way of obfuscating, because they were "reversed", when going to the email program, while still bots didn't understand it. This doesn't work anymore though, no email program will accept it today.

i is counting from 0 to the length of the cipher text 'a', right? And each character of that cipher text is addressed with a[i]. The other value (the key) that is being XORed uses b[i%b.length]. Length is 4. So b[i%4]. i modulos 4 means, the result will never be larger than 3... so 1%4 = 1 2%4 = 2 3%4 = 3 4%4 = 0 5%4 = 1 6%4 = 2 So this always references b[0], b[1], b[2], b[3], b[0], b[1], ... so it always repeats the key from the start.

This is how XOR Encryption works. If your key is smaller than your message, then the key is repeated. :) Example: xor("message", "key") ; '^' is the character for XOR Encryption in many languages. - m ^ k - e ^ e - s ^ y - s ^ k - a ^ e - g ^ y - e ^ k

Thanks for the quick reply, it helped. This was my first ever CTF and this was the first problem I attempted but was struck on it for the whole 2 days on it. Great explanation video :D

Thanks for the quick explanation, I'll be reading more about this :D

Ritoban Roy Chowdhury thanks

Ritoban Roy ... Thanks!

How? By opening the source in an IDE \ notepad ++ in the right configuration to notice that the x is different?

'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine

JoJoModding Check out ctftime.org

good idea

CTRL + U

Bist du besoffen

.

I wanna know that too

He has a video on this. Go watch his web hacking video series. also overthewire.org has very easy ctf games that teach you the basics. Code Academy is the best site out there. Learn basic HTML, then some JS, then choose between either Python or Ruby to go full into. Basic SQL helps. But the best thing you can do is learn the theory behind it all and learn how computers think.

Also be prepared to learn hundreds of Acronyms and be able to quickly memorize long strings of numbers.

U don't need anyone to play with you can simply start with the beginner CTF by Google that's a decent accessible start

Tiavor Kuroma function x() {return eval(String(x))}()

placeholder name

first part of 'bar' ;) google wikipedia to find out more :)

lol

If you want to do cybersecurity, python might not be the best language to learn tbh. Actually, if this is your first language, it would be even worse. Even though python is simple to learn, it makes you develop bad habits a lot if you don't know what you're doing. Plus, it does so much things in the background for you that you might end up not really understand how everything works deeply. C might be a little too harsh and cold for a beginner, but C++ or Java are great for that. They're both still low/mid level (not meaning they're easy or bad, but that they're closer to the computer) while being understandable and very complete. Bonus, if you know Java, or C or C++, you can learn any language pretty easily because many are just derivatives of C/C++/Java

@@notkamui9749 that's pretty amazing advice! Thank you very much.

@@rootkalinethunter382 No prob ! I hope you the best in your studies !

@@notkamui9749 thanks!

Maybe time to redo this one?

If you are a noob then there is no way you'll ever understand what's going on. You need some experience to even scratch the surface. Better try HackerRank and other similar sites for easier challenges that progressively get harder.

'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine

'll refer you to this pro for SPY/HACK related issues i can swear on my late dads grave he is legit contact via:::::WHATSAPP>>> wa.me/17472081186 remember a stitch in time saves nine

Using greek letter "look a likes" or other alphabeths as substitutes for roman letters is a well known technique for spamming purposes. Disquss had this problem for a period of time, probably because they used some reg ex operations to search for "spammy" words in english, while they wanted to allow for any language (and therefore alphabeth) to be used at the same time. Look up the UTF-8 table and see for yourself how many letters of other alphabeths are look-a-likes to roman letters. This is the hebrew letter HET: ח And this is the english n They're not the same, but they look the same. So, JS allows for non ASCII chars in function names, not sure why, but this is used to obfuscate the source code here. Digging deeper into how languages work, and recognizing, that LTR (Left to Right) is only the standard in english speaking world, you can further obfuscate the code by using *non-printable RTL mark,* which is used in for example arabic. Not sure how it works with JS, but HTML it works, I have placed a few RTL marks in my code strategically. The source code gets completely screwed up and unreadable, as it is shown reversed, but it's run and it works.

MATH

The password isn't stored anywhere in the file. It has to be reverse engineered based on the encryption key and the encryption algorithm provided, but the file is full of a lot of pitfalls that can make that very difficult.