Flare-On 2022 - Flaredle

2022-11-17
2 min read
write-ups
Featured Image

Challenge Description

Welcome to Flare-On 9
You probably won’t win. Maybe you’re like us and spent the year playing Wordle. We made our own version that is too hard to beat without cheating
Play it live at: http://flare-on.com/flaredle/

Challenge Overview

Upon loading the website we are presented with some sort of Wordle game. main

Dynamic Analysis

When testing the app it seems that it only accepts words with a minimum length. not_enough

After some testing we can see that the length required is 21 characters, upon reaching the length the error message becomes “Word not in list!” no_list

So we know that it checks a list of valid 21 character words.

Static Analysis

words.js

Opening the Firefox devtools (Chrome’s work too) and checking the Debugger tab we see that 2 javascript files are being loaded, script.js and words.js

words.js contains a list of valid words. word_list

When trying a random word from the list the app now marks which letters are correct, which ones are present and which ones are not present in the correct answer. word_on_list

Armed with that knowledge we can deduce that somewhere in the source code there’s a comparison being made between our input word and the correct word.

script.js

Examining script.js we find this interesting conditional statement in the code.

...(SNIP)...

if (pressedKey === 'Enter') {
    checkGuess()
    return
  }

...(SNIP)...

Examining the function “checkGuess” we see that theres indeed a comparison being made between the variables “guessString” and “rightGuessString

...(SNIP)...

if (guessString === rightGuessString) {
    let flag = rightGuessString + '@flare-on.com';
    toastr.options.timeOut = 0;
    toastr.options.onclick = function () {
      alert(flag);
    }
    toastr.success('You guessed right! The flag is ' + flag);
    guessesRemaining = 0
    return

...(SNIP)...

Advanced Dynamic Analysis

To quickly solve this challenge we can just set a breakpoint in the comparison, input a random word from the list and examine the contents of the variable “rightGuessString” at runtime. breakpoint

Now that we know which word is the right answer we could run again the game and use the word to get the flag or we can be lazy and just use the console to change the value of the “guessString” variable as shown below. answer

Now we can resume the execution and the check will pass giving us the flag! flag

#reversing #web #javascript #static #dynamic #challenge #ctf #flare-on
Avatar

Alpharivs

Eternal Cybersecurity student with love for Malware and CTFs
Next Flare-On 2022 - Pixel Poker

See Also

Flare-On 2022 - Pixel Poker
Wannacry - Part 2
Wannacry - Part 1
HTB - Shared