flotsam

problem

sample image of webpage

solution

so the goal is to move the ship to the right spot and in theory we will get the flag is my thinking

but, where is the right spot (the x?)

i didn’t know but i ran the boat into a mine and it said “you died” and reloaded the page

well, we can just look at the javascript of the webpage to do some analysis

here you can see that when wasd is pressed the ship moves, and when x is pressed then the xy position of the boat is checked.

easily, we can just brute force the checks by declaring u.check_x in the global scope.

to put u.check_x in the global scope, we can make an override in the Sources tab of browser developer tools and add the line to put stuff as attribute of the window.

then we can easily run a brute force operation on window.u_check_x to get the flag (we have to move the ship first to trigger our code though)

for (let x=0; x<100; x++) {
  for (let y=0; y<100; y++) {
    if (window.u_check_x(x, y)) { console.log(x, y) }
  }
}

yay flag

didn’t even have to reverse engineer the wasm