반응형
fly me to the moon
javascript game.
can you clear with bypass prevent cheating system?
게임을 시작하면, 양 옆 초록색 벽에 부딪히지 않도록 움직여야 한다.
벽에 닿아 죽게 되면 31337점을 얻어야 된다고 나온다.
그럼 이제 js 코드를 확인해 보자
난독화가 되어 있어서 읽을 수 없다.
위 난독화 정도는 아래 사이트를 이용해서 unPack이 가능하다.
https://www.strictly-software.com/unpack-javascript
Javascript Unpacker Tool - Strictly Software
This Javascript unpacker tool has now been upgraded to allow it to unpack multiple eval statements. So if your packed code has itself been packed a few times it will loop through until it finds the original source code. If you want to test this multiple ev
www.strictly-software.com
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
var _0x32bb = ["\x6B\x69\x6C\x6C\x50\x6C\x61\x79\x65\x72", "\x63\x68\x65\x63\x6B\x4C\x69\x66\x65", "\x67\x65\x74\x53\x63\x6F\x72\x65", "\x42\x69\x6E\x63\x53\x63\x6F\x72\x65", "\x73\x68\x72\x69\x6E\x6B\x54\x75\x6E\x6E\x65\x6C", "\x77\x69\x64\x74\x68\x54\x75\x6E\x6E\x65\x6C", "\x6F\x62\x6A\x65\x63\x74", "\x44\x6F\x20\x63\x68\x65\x61\x74\x69\x6E\x67\x2C\x20\x69\x66\x20\x79\x6F\x75\x20\x63\x61\x6E", "\x77\x61\x72\x6E", "\x6F\x66\x66\x73\x65\x74\x4C\x65\x66\x74", "\x74\x75\x6E\x6E\x65\x6C", "\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64", "\x74\x6F\x70", "", "\x70\x78", "\x63\x73\x73", "\x64\x69\x73\x70\x6C\x61\x79", "\x62\x6C\x6F\x63\x6B", "\x65\x61\x63\x68", "\x69\x6D\x67\x2E\x6C\x65\x66\x74\x5F\x77\x61\x6C\x6C", "\x69\x6D\x67\x2E\x72\x69\x67\x68\x74\x5F\x77\x61\x6C\x6C", "\x23\x68\x69\x67\x68\x5F\x73\x63\x6F\x72\x65\x73", "\x72\x65\x6D\x6F\x76\x65", "\x74\x61\x62\x6C\x65", "\x6E\x6F\x6E\x65", "\x64\x69\x76\x23\x73\x63\x6F\x72\x65\x5F\x74\x61\x62\x6C\x65", "\x63\x6C\x69\x63\x6B", "\x74\x65\x78\x74", "\x73\x70\x61\x6E\x23\x73\x63\x6F\x72\x65", "\x6C\x65\x66\x74", "\x69\x6D\x67\x23\x73\x68\x69\x70", "\x73\x6C\x6F\x77", "\x66\x61\x64\x65\x49\x6E", "\x62\x61\x63\x6B\x67\x72\x6F\x75\x6E\x64\x2D\x70\x6F\x73\x69\x74\x69\x6F\x6E", "\x35\x30\x25\x20", "\x64\x69\x76\x23\x74\x75\x6E\x6E\x65\x6C", "\x72\x61\x6E\x64\x6F\x6D", "\x66\x6C\x6F\x6F\x72", "\x75\x70\x64\x61\x74\x65\x54\x75\x6E\x6E\x65\x6C\x28\x29", "\x66\x61\x64\x65\x4F\x75\x74", "\x50\x4F\x53\x54", "\x68\x69\x67\x68\x2D\x73\x63\x6F\x72\x65\x73\x2E\x70\x68\x70", "\x74\x6F\x6B\x65\x6E\x3D", "\x26\x73\x63\x6F\x72\x65\x3D", "\x61\x6A\x61\x78", "\x68\x74\x6D\x6C", "\x70\x23\x77\x65\x6C\x63\x6F\x6D\x65", "\x75\x70\x64\x61\x74\x65\x54\x6F\x6B\x65\x6E\x28\x29", "\x74\x68\x78\x2C\x20\x43\x68\x72\x69\x73\x74\x69\x61\x6E\x20\x4D\x6F\x6E\x74\x6F\x79\x61", "\x6D\x6F\x75\x73\x65\x6F\x76\x65\x72", "\x23\x63\x68\x72\x69\x73\x74\x69\x61\x6E", "\x6D\x6F\x75\x73\x65\x6F\x75\x74", "\x72\x65\x61\x64\x79", "\x43\x68\x72\x69\x73\x74\x69\x61\x6E\x20\x4D\x6F\x6E\x74\x6F\x79\x61", "\x70\x61\x67\x65\x58", "\x6D\x6F\x75\x73\x65\x6D\x6F\x76\x65", "\x74\x6F\x6B\x65\x6E\x2E\x70\x68\x70", "\x67\x65\x74"];
function secureGame() {
var _0x8618x2 = this;
var _0x8618x3 = true;
function _0x8618x4() {
_0x8618x3 = false;
return true
};
function _0x8618x5() {
return _0x8618x3
};
this[_0x32bb[0]] = function () {
_0x8618x4();
return true
};
this[_0x32bb[1]] = function () {
return _0x8618x5()
};
var _0x8618x6 = 0;
function _0x8618x7() {
return _0x8618x6
};
function _0x8618x8() {
if (_0x8618x3) {
_0x8618x6++
};
return true
};
this[_0x32bb[2]] = function () {
return _0x8618x7()
};
this[_0x32bb[3]] = function () {
_0x8618x8();
return true
};
var _0x8618x9 = 320;
function _0x8618xa() {
_0x8618x9 -= 20;
return true
};
function _0x8618xb() {
return _0x8618x9
};
this[_0x32bb[4]] = function () {
_0x8618xa();
return true
};
this[_0x32bb[5]] = function () {
return _0x8618xb()
}
};
var bg_val = 0;
var rail_left = 0;
var rail_right = 500;
var ship_x = 234;
var pos_x = 234;
var c_s = 0;
var c_r = 0;
var c_w = 0;
var t_state = 0;
left_wall = new Array(20);
right_wall = new Array(20);
function initTunnel() {
BTunnelGame = new secureGame();
if (_0x32bb[6] == typeof console) {
console[_0x32bb[8]](_0x32bb[7])
};
rail_left = document[_0x32bb[11]](_0x32bb[10])[_0x32bb[9]];
rail_right += rail_left;
y = 0;
for (y = 0; y < 20; y++) {
left_wall[y] = 80;
right_wall[y] = 400
};
$(_0x32bb[19])[_0x32bb[18]](function (_0x8618x16) {
y = _0x8618x16 * 25;
$(this)[_0x32bb[15]](_0x32bb[12], _0x32bb[13] + y + _0x32bb[14]);
$(this)[_0x32bb[15]](_0x32bb[16], _0x32bb[17])
});
$(_0x32bb[20])[_0x32bb[18]](function (_0x8618x16) {
y = _0x8618x16 * 25;
$(this)[_0x32bb[15]](_0x32bb[12], _0x32bb[13] + y + _0x32bb[14]);
$(this)[_0x32bb[15]](_0x32bb[16], _0x32bb[17])
});
$(_0x32bb[25])[_0x32bb[26]](function () {
$(_0x32bb[23])[_0x32bb[22]](_0x32bb[21]);
$(_0x32bb[25])[_0x32bb[15]](_0x32bb[16], _0x32bb[24]);
restartTunnel();
updateTunnel()
})
};
function restartTunnel() {
BTunnelGame = new secureGame();
if (_0x32bb[6] == typeof console) {
console[_0x32bb[8]](_0x32bb[7])
};
ship_x = 234;
c_s = 0;
c_r = 0;
c_w = 0;
$(_0x32bb[28])[_0x32bb[27]](_0x32bb[13] + 0);
$(_0x32bb[30])[_0x32bb[15]](_0x32bb[29], ship_x + _0x32bb[14]);
y = 0;
for (y = 0; y < 20; y++) {
left_wall[y] = 80;
right_wall[y] = 400
};
$(_0x32bb[30])[_0x32bb[32]](_0x32bb[31]);
$(_0x32bb[19])[_0x32bb[18]](function (_0x8618x16) {
y = _0x8618x16 * 25;
$(this)[_0x32bb[15]](_0x32bb[12], _0x32bb[13] + y + _0x32bb[14]);
$(this)[_0x32bb[15]](_0x32bb[16], _0x32bb[17])
});
$(_0x32bb[20])[_0x32bb[18]](function (_0x8618x16) {
y = _0x8618x16 * 25;
$(this)[_0x32bb[15]](_0x32bb[12], _0x32bb[13] + y + _0x32bb[14]);
$(this)[_0x32bb[15]](_0x32bb[16], _0x32bb[17])
})
};
function updateTunnel() {
bg_val = bg_val + 2;
if (bg_val > 20) {
bg_val = 0
};
$(_0x32bb[35])[_0x32bb[15]](_0x32bb[33], _0x32bb[34] + bg_val + _0x32bb[14]);
if (ship_x + 32 < 500) {
if (ship_x + 46 < pos_x) {
ship_x += 4
} else {
if (ship_x + 16 < pos_x) {
ship_x += 2
}
}
};
if (ship_x > 0) {
if (ship_x - 14 > pos_x) {
ship_x -= 4
} else {
if (ship_x + 16 > pos_x) {
ship_x -= 2
}
}
};
$(_0x32bb[30])[_0x32bb[15]](_0x32bb[29], ship_x + _0x32bb[14]);
c_r++;
if (c_r > 60) {
c_r = 0;
t_state = Math[_0x32bb[37]](Math[_0x32bb[36]]() * 2)
};
if (left_wall[0] < 10) {
t_state = 1
} else {
if (right_wall[0] > 470) {
t_state = 0
}
};
y = 0;
for (y = 20; y > 0; y--) {
left_wall[y] = left_wall[y - 1];
right_wall[y] = right_wall[y - 1]
};
if (t_state == 0) {
left_wall[0] -= 3
};
if (t_state == 1) {
left_wall[0] += 3
};
right_wall[0] = left_wall[0] + BTunnelGame[_0x32bb[5]]();
$(_0x32bb[19])[_0x32bb[18]](function (_0x8618x16) {
$(this)[_0x32bb[15]](_0x32bb[29], _0x32bb[13] + left_wall[_0x8618x16] + _0x32bb[14])
});
$(_0x32bb[20])[_0x32bb[18]](function (_0x8618x16) {
$(this)[_0x32bb[15]](_0x32bb[29], _0x32bb[13] + right_wall[_0x8618x16] + _0x32bb[14])
});
if (BTunnelGame[_0x32bb[5]]() >= 120) {
c_w++;
if (c_w > 100) {
c_w = 0;
BTunnelGame[_0x32bb[4]]();
left_wall[0] += 10
}
};
c_s++;
if (c_s > 20) {
c_s = 0;
BTunnelGame.BincScore();
$(_0x32bb[28])[_0x32bb[27]](_0x32bb[13] + BTunnelGame[_0x32bb[2]]())
};
if (ship_x <= left_wall[18] + 20 || ship_x + 32 >= right_wall[18]) {
BTunnelGame[_0x32bb[0]]()
};
if (BTunnelGame[_0x32bb[1]]()) {
setTimeout(_0x32bb[38], 10)
} else {
$(_0x32bb[30])[_0x32bb[39]](_0x32bb[31]);
$(_0x32bb[19])[_0x32bb[15]](_0x32bb[16], _0x32bb[24]);
$(_0x32bb[20])[_0x32bb[15]](_0x32bb[16], _0x32bb[24]);
$[_0x32bb[44]]({
type: _0x32bb[40],
url: _0x32bb[41],
data: _0x32bb[42] + token + _0x32bb[43] + BTunnelGame[_0x32bb[2]](),
success: function (_0x8618x19) {
showHighScores(_0x8618x19)
}
})
}
};
function scoreUpdate() {
return
};
function showHighScores(_0x8618x19) {
$(_0x32bb[25])[_0x32bb[45]](_0x8618x19);
$(_0x32bb[25])[_0x32bb[15]](_0x32bb[16], _0x32bb[17])
};
$(document)[_0x32bb[52]](function () {
$(_0x32bb[46])[_0x32bb[15]](_0x32bb[16], _0x32bb[17]);
updateToken();
setInterval(_0x32bb[47], 10000);
$(_0x32bb[46])[_0x32bb[26]](function () {
$(_0x32bb[46])[_0x32bb[15]](_0x32bb[16], _0x32bb[24]);
initTunnel();
updateTunnel()
});
$(_0x32bb[50])[_0x32bb[49]](function () {
$(this)[_0x32bb[45]](_0x32bb[48])
});
$(_0x32bb[50])[_0x32bb[51]](function () {
$(this)[_0x32bb[45]](temp)
})
});
var temp = _0x32bb[53];
$(document)[_0x32bb[55]](function (_0x8618x1d) {
pos_x = _0x8618x1d[_0x32bb[54]] - rail_left
});
var token = _0x32bb[13];
function updateToken() {
$[_0x32bb[57]](_0x32bb[56], function (_0x8618x20) {
token = _0x8618x20
})
};
|
cs |
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
if (BTunnelGame[_0x32bb[1]]()) {
setTimeout(_0x32bb[38], 10)
} else {
$(_0x32bb[30])[_0x32bb[39]](_0x32bb[31]);
$(_0x32bb[19])[_0x32bb[15]](_0x32bb[16], _0x32bb[24]);
$(_0x32bb[20])[_0x32bb[15]](_0x32bb[16], _0x32bb[24]);
$[_0x32bb[44]]({
type: _0x32bb[40],
url: _0x32bb[41],
data: _0x32bb[42] + token + _0x32bb[43] + BTunnelGame[_0x32bb[2]](),
success: function (_0x8618x19) {
showHighScores(_0x8618x19)
}
})
}
|
cs |
점수와 관련된 코드를 찾았다.
언팩한 코드를 개발자 도구>콘솔 을 이용해서 재정의 한 뒤, 게임을 한 판 하고 변수의 내용을 확인해 보았다.
BtunnelGame[_0x32bb[2]]() 함수가 점수를 반환하는 함수임을 알 수 있다.
따라서 해당 함수 대신에 "31337"을 넣어서 js코드 재정의 후
게임을 하면, 점수를 전송하는 페이지에 점수가 31337로 들어가게 되고, key를 얻을 수 있게 된다.
반응형
'WAR GAME > wargame.kr' 카테고리의 다른 글
| Wargame.kr [DB is really GOOD] 풀이 (0) | 2019.12.24 |
|---|---|
| Wargame.kr [strcmp] 풀이 (0) | 2019.12.24 |
| Wargame.kr [md5 password] 풀이 (0) | 2019.08.22 |
| Wargame.kr [WTF_CODE] 풀이 (0) | 2019.08.22 |
| Wargame.kr [login filtering] 풀이 (0) | 2019.08.22 |
