How to crack the AES JavaScript cryto algorithm?

The fear of every surveillance society: citizens protecting their own privacy with strong cryptography

How to crack the AES JavaScript cryto algorithm?

Post by ghostheadx2 on Mon May 18, 2015 11:33 pm
([msg=88105]see How to crack the AES JavaScript cryto algorithm?[/msg])

So, I need to decrypt the key on this hacking challenge from a hacking game called picoCTF. I downloaded the HTML source code, which included some JS in a <script></script> tag. I managed to find the AES encryption algorithm and some other helpful results through Google:

So, I tried adding on an imitation of the guy's code in the forum post to my attempt at getting the key:

Code: Select all
            var key; // Global variable.
            // Since the key is generated when the page
            // is loaded, no one will be able to steal it
            // by looking at the source! This must be secure!
            function generateKey() {
                var i = 1;
                var x = 37;
                var n = 5493;
                while (i <= 25) {
                    x = (x * i) % n;
                key = "flag_" + Math.abs(x);
            // Encode the message using the 'key'
            function encode() {                                                       
                var input = $("#inputmessage").val();
                var output = CryptoJS.AES.encrypt(input, key);

         var plainTextArray = CryptoJS.AES.decrypt(
            ciphertext: CryptoJS.enc.Base64.parse(crypttext),
            salt: ""
         {iv: CryptoJS.enc.Base64.parse(iv)}
         function hex2a(hex){
         var str = '';
         for (var i = 0; i < hex.length; i += 2)
            str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
         return str;

What am I doing wrong?

-- Mon May 18, 2015 11:40 pm --

I made it work. Lol. Nvrmind.
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)

Return to Crypto

Who is online

Users browsing this forum: No registered users and 0 guests