The challenge is a flag-checking-service written in web assembly. The flag must be in format hxp{…}. Our goal is to guess the correct flag. I hosted the challenge on my local setup; used Nginx and made sure .wasm files are served with the correct mime-type.

xmas_future by benediktwerner Most people just give you a present for christmas, hxp gives you a glorious future. If you’re confused, simply extract the flag from this 山葵 and you shall understand. :) xmas_future-265eb0be46555aad.tar.xz (15.5 KiB)

reverse wasm

The challenge is a flag-checking-service in web assembly. The flag must be in format hxp{…}. Our goal is to guess the correct flag. I hosted the challenge on my local setup; used Nginx and made sure .wasm files are served with the correct mime-type.

server {

listen 4301 default_server;

listen [::]:4301 default_server; location = /hxp2019_bg.wasm {

types { } default_type "application/wasm";

add_header x-robots-tag "noindex, follow";

}

}

This will allow us to instantiate streaming and use Chrome’s debugger with stack variables, call stack, memory and all the information at our disposal.

I have hosted the challenge here. You can try along if you’d like.

Check in JS

The correct flag is compared against our input in javascript (hxp2019.js). The check function passes our input to wasm and calls a method in wasm namespace. While exploring wasm methods, I found a couple of to be interesting, like this one wasm-0002e886-4:

Wasm Check

We can set up a breakpoint and start executing. With a test flag “hxp{checkthis}”: