DEFCON4 (reverse, 100p, 29 solves)

description

DEFCON is the website controlling the security level of the room. The 5 different levels allows to warn the population of the risk of a potential nuclear war. Levels ranges from 5 (peacetime) to 1 (maximum alert). Try level 4.

solution

DEFCON website is pretty graphic website with lots of data, bet relevant part is "DEFCON LEVEL CONSOLE", where clicking on each level shows a popup with title "UNAUTHORIZED ACTION", text "The server requires a password for this action." and a single input field (password).

Using Chrome Developer Tools, inspecting button, following "Event Listeners" and searching defcon-4 in JavaScript files, shows how password is validated. 

<div id="console">
	<button id="defcon-1">1</button>
	<button id="defcon-2">2</button>
	<button id="defcon-3">3</button>
	<button id="defcon-4">4</button>
	<button id="defcon-5">5</button>
</div>
async function validate() {
  if (modalLevel === "defcon-1") {
    return check1($("#modal-password").val());
  } else if (modalLevel === "defcon-2") {
    return await check2($("#modal-password").val());
  } else if (modalLevel === "defcon-3") {
    return check3($("#modal-password").val());
  } else if (modalLevel === "defcon-4") {
    return check4($("#modal-password").val());
  } else if (modalLevel === "defcon-5") {
    return check5($("#modal-password").val());
  } else {
    return false;
  }
}

Looking further at the level 4 validation in http://defcon.challs.malice.fr/static/js/scripts.js, reveals that it is simple character translation (replacing one character with another). 

function check4(pwd) {
  var input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
  var output = "NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm";
  var index = x => input.indexOf(x);
  var translate = x => (index(x) > -1 ? output[index(x)] : x);
  return (
    pwd
      .split("")
      .map(translate)
      .join("") === "ebgEBGeBgEbgEBGEBgEBGEBGEBGebgeBgEbGebg"
  );
}

Simple call to tr reveals the flag. 

$ echo ebgEBGeBgEbgEBGEBgEBGEBGEBGebgeBgEbGebg | tr 'NOPQRSTUVWXYZABCDEFGHIJKLMnopqrstuvwxyzabcdefghijklm' 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
rotROTrOtRotROTROtROTROTROTrotrOtRoTrot

Which give a clue, that it is rot13, so a rot13 should also work. 

$ echo ebgEBGeBgEbgEBGEBgEBGEBGEBGebgeBgEbGebg | rot13
rotROTrOtRotROTROtROTROTROTrotrOtRoTrot

Flag is rotROTrOtRotROTROtROTROTROTrotrOtRoTrot.