## How to crack the AES JavaScript cryto algorithm?

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

### How to crack the AES JavaScript cryto algorithm?

So, I need to decrypt the key on this hacking challenge from a hacking game called picoCTF. I downloaded the HTML source code, which included some JS in a <script></script> tag. I managed to find the AES encryption algorithm and some other helpful results through Google:

http://stackoverflow.com/questions/14958103/how-to-decrypt-message-with-cryptojs-aes-i-have-a-working-ruby-example

So, I tried adding on an imitation of the guy's code in the forum post to my attempt at getting the key:

Code: Select all
`            var key; // Global variable.                         // Since the key is generated when the page             // is loaded, no one will be able to steal it            // by looking at the source! This must be secure!            function generateKey() {                var i = 1;                var x = 37;                var n = 5493;                while (i <= 25) {                    x = (x * i) % n;                    i++;                }                key = "flag_" + Math.abs(x);            }                        generateKey();                        // Encode the message using the 'key'            function encode() {                                                                        var input = \$("#inputmessage").val();                var output = CryptoJS.AES.encrypt(input, key);                \$("#outputmessage").val(output);            }           var plainTextArray = CryptoJS.AES.decrypt(         {            ciphertext: CryptoJS.enc.Base64.parse(crypttext),            salt: ""         },         CryptoJS.enc.Hex.parse(key),         {iv: CryptoJS.enc.Base64.parse(iv)}         );                  function hex2a(hex){         var str = '';         for (var i = 0; i < hex.length; i += 2)            str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));         return str;         }         console.log(hex2a(plaintextArray.toString()));`

What am I doing wrong?

-- Mon May 18, 2015 11:40 pm --

I made it work. Lol. Nvrmind.