Context: This is one of the questions I made for CodeSus which was an event organized by CCS TIET for freshers. Since none of the participants were able to solve it, heres the writeup.
Question
Link obtained a spiritual stone (file) from Ruto, princess of the Zoras. He needs to play the Ocarina of Time to save Princess Zelda. Unfortunately, to play the ocarina he needs the password which is hidden in the file. Can you help him get that password ? https://www3.zippyshare.com/v/tIZUkwu1/file.html
Solution
- We need to find out what kind of file it is.
So we use the
file
command in unix (linux/bsd/macos) to find out its type. Woedows also probably has an equivalent tofile
.
The output is ocarinaoftime: WebAssembly (wasm) binary module version 0x1 (MVP)
- The thing about webassembly is that it can be compiled from any language. So we run the unix
strings
command. This finds and gives us the readable ASCII strings in an otherwise unreadable binary. We get a shitton of text but ignore all of it except the first few lines which include
go.buildid
Go build ID: "HNWkqS3VNBJms9Jb52Jw/i1auA6KRphLOrOuET_P4/s8bBXJ7b29jMyJrwS7Gq/CG_FVPXBuLKnBFwzqzF7"
Now we know that the webassembly was compiled using the Go programming language.
- All thats left is running the wasm (webassembly) binary in a browser. So look this up and you get an article in go’s official wiki. https://github.com/golang/go/wiki/WebAssembly They have complete instructions on how to proceed.
They provide a javascript file (wasm_exec.js
) that binds to a wasm file and some example html.
- Rename
ocarinaoftime
toquestion.wasm
and use the example html provided in go’s wiki
|
|
- Then serve the html using any web server (apache httpd/nginx/caddy)
We’ll use python’s inbuilt http server using python -m http.server 6969
And when we go to http://localhost:6969
> inspect element > console,
we get inocarinasheikiszeldaindisguise
which is your answer.
TL;DR Read steps 1 and 2 and then duck/google (whatever) “how to run go webassembly”.
Last modified on 2020-12-13