If you want to try it yourself, you can download it here: jspuzzle on github
For the challenge, you were given a html page that presented you with a drag and drop form of code were specific parts of the code were blanked out and you must provide the form with the correct sequence of options from the provided bank of keywords/functions/strings. Once you were able to make the code execute and produce an alert with the value “1”, the sha1 generated from the submitted options would represent the correct flag for the challenge.
The solution for this challenge ended up being:
Which is just a round-about way of doing “alert(1)”
So lets break this down a little.
The main function part was pretty cool:
console.log() can be rewritten as
will set the “null” field of the current function context, or
this, to be the return value of the function created on the left side of the assignment.
return this, which simply returns the current context of the function.
"^[w]$" which will only match the letter “w” (^ means that we start matching from the very beginning of the string and $ means we want the string to end with what we are matching. Since we are only matching the letter [w], “w” is the only possible string that would satisfy this regex).
the code will now go to our r RegExp object and get the “exec” function (brackets in JS work similar to how they do in Python) and try to match our pattern string with “w”. Since “^[w]$” != “w”, exec will return null. Oh wait! Remember, we set this[“null”] to be a function that returns “this” right? So since exec returns null we have
which is the same as this“alert which is the same as alert(1)! Sweet :D
For the last part,
we can rewrite it as
which is the same as
and since this part is acting on the Object that we had in the previous part, we grab the function whose key is “function” (the alert function) and the parenthesis will execute this function.