09 November 2014

Javascrypt - 40

Tyrin Robotics Lab uses a special web site to encode their secret messages. Can you determine the value of the secret key?
This question is simple; basic knowledge of Javascript is required. Upon clicking the link, the site you are brought has an 'Input Message' and 'Output Message' box, along with an 'Encode' button. An example of the encryption done with the site is as follows:

Once again, 'View Source' is necessary. Right-click and press 'View Page Source' to, well, view the page's source. Immediately, at the bottom, is the Javascript for generating the key used to encode the message.

It should look something this:

       var key; // Global variable.
       // Since the key is generated when the page
       // is loaded, no one will be able to steal it
       // by looking at the source! This must be secure!
       function generateKey() {
         var i = 1;
         var x = 295;
         var n = 5493;
         while (i <= 25) {
           x = (x * i) % n;
         key = "flag_" + Math.abs(x);
       // Encode the message using the 'key'
       function encode() {
         var input = $("#inputmessage").val();
         var output = CryptoJS.AES.encrypt(input, key);

It is now clear that the key is the flag, and they're Strings starting with "flag_" and ending with the absolute value of one of the vars, x.

To find the flag, I converted the code to Java (since I am most comfortable with Java):

 public class Javascrypt {  
      public static void main(String[] args) {  
       int i = 1;  
       int x = 295;  
       int n = 5493;  
       while (i <= 25) {  
         x = (x * i) % n;  
       System.out.println("flag_" + Math.abs(x));  

I then ran it using Eclipse:

The flag is outputted as flag_3003