2024 Hack The Boo: Practice
Challenge Information
| Attribute | Details |
|---|---|
| Event | 2024 Hack The Boo |
| Category | Forensics |
| Challenge | Practice (sp00ky_theme) |
Summary
This forensics challenge involves extracting and decoding hidden data from a JavaScript code sample. The encoded string uses a combination of string reversal and Base64 encoding, requiring reverse engineering to discover the hidden information.
Analysis
Initial Observations
The challenge provided JavaScript code containing an obfuscated encoded string. The string was not directly readable and required two decoding steps:
- String reversal
- Base64 decoding
The encoded string was:
952MwBHNo9lb0M2X0FzX/Eycz02MoR3X5J2XkNjb3B3eCRESSolution
Step 1: Analyze the Encoding
The string appeared to be Base64-encoded, but decoding directly didn’t produce meaningful output. This suggested additional obfuscation using string reversal.
Step 2: Implement the Decoder
A Python script was created to handle both decoding steps:
import base64
# The encoded string from the JavaScript codeencoded_string = "952MwBHNo9lb0M2X0FzX/Eycz02MoR3X5J2XkNjb3B3eCRES"
# Step 1: Reverse the stringreversed_string = encoded_string[::-1]
# Step 2: Base64 decode the reversed stringdecoded_bytes = base64.b64decode(reversed_string)decoded_string = decoded_bytes.decode('utf-8')
# Display the decoded URLdecoded_stringStep 3: Execute and Extract
Running the decoder revealed the hidden information embedded in the JavaScript code. This technique is commonly used in obfuscation to hide configuration strings, URLs, or other sensitive data.
Key Takeaways
- Multiple Encoding Layers: Attackers often combine multiple encoding techniques (reversal + Base64) to evade detection
- String Reversal: A simple but effective obfuscation method that can be combined with other techniques
- JavaScript Analysis: Carefully examining JavaScript code for obfuscated strings is essential in forensic analysis
- Automated Decoding: Writing scripts to automate decoding saves time when dealing with multiple encoded strings
- Base64 Signature: Base64-encoded data often has recognizable patterns that can help identify it
Tools Used
- Python: For automating the decoding process
- Base64 module: For decoding the reversed string
References
- Base64 Encoding/Decoding: https://en.wikipedia.org/wiki/Base64
- String Obfuscation Techniques: Common security evasion methods in malware