It’s Maruf Murtuza here, back again with another write-up.
There is an interesting story behind solving this challenge.
I had a fever last night. So in this morning, I was just simply scrolling through YouTube while lying on my bed and my eye got stuck in a walkthrough video of Flare-on CTF 2020. So, I played the video and found it interesting. So, I wanted to solve that challenge by myself and went to the website of Flare.
I went there to look for the challenges of 2020. But I found that there was a CTF that was ongoing and only 2 hours were left. Though I had a fever I couldn’t resist registering for the CTF.
After registering, the first challenge I got there is Flaredle, a web app reversing challenge.
Here we can see we got a link for the challenge and the source code of the challenge website.
I wanted to see that whether I can solve the challenge without seeing the source code first. So, I headed to the challenge URL.
The URL took me to the website that you can see below.
Here, I had 6 rows for 6 words and each of the word contains 21 letters.
So, I thought of fuzzing this with some random 21 letter words from google.
And after inputting some random words from google, I got an error message and a hint.
The hint was:
Try reverse engineering the code to discover the correct "word"!
But, I got something interesting. There were three types of color for different alphabets in different positions.
As the color Green is symbol of Positive Result, I assumed that the letters marked as green are present in our targeted word and they were in the correct position. And the yellow ones are present in our targeted word but were misplaced. And rest of the letters are absent in our targeted word.
As the website gave us the hint to reverse engineer the code to discover the correct word, I downloaded the provided zip file of the source code.
In that zip file, I got four file. They were:
- index.html – Contains the primary interface of the challenge.
- script.js – Main script for the webapp.
- style.css – Style sheet for the webapp
- words.js – Contains an array which is used for correct and incorrect guess in the webapp.
So, I opened the script.js as it is the main file for the game logic.
In that file, it was importing the word.js file as WORDS at first.
In the fifth line, we see a variable named CORRECT_GUESS which contains the value 57.
And in the ninth line, it was declared that, rightGuessString = WORDS[CORRECT_GUESS].
So, I opened the word.js file and headed to the 58th word of the array as it was mentioned in the string as CORRECT_GUESS = 57. [Here, 57 is the array index]
We get the word flareonisallaboutcats in the 58th number word of the wordlist.
And when I inputted that word in the webapp, here is what I got:
And now you know what was the correct word that we had to guess.