# ▼▼▼Consolation(Web、50pts、590/1596=37.0％)▼▼▼
## ※Decrypt obfuscated javascript

This writeup is written by [**@kazkiti_ctf**](https://twitter.com/kazkiti_ctf)

```

<html>
<head>
<title>consolation</title>
</head>

<body style="padding: 20px">

$<span>0</span>

<button onclick="nofret()" style="height:150px; width:150px;">pay me some money</button>

<script src="iftenmillionfireflies.js"></script>

</body>
</html>
```

↓

Check the `nofret ()` executed when the button is pressed.

↓

```
function nofret() {
document[_0x4229('0x95', 'kY1#')](_0x4229('0x9', 'kY1#'))[_0x4229('0x32', 'yblQ')] = parseInt(document[_0x4229('0x5e', 'xtR2')](_0x4229('0x2d', 'uCq1'))['innerHTML']) + 0x19;
console[_0x4229('0x14', '70CK')](_0x4229('0x38', 'rwU*'));
console['clear']();
}
```

---

Press Chrome's F12 developer tool and put it in the `watch` and decrypt it

↓

```
_0x4229('0x95', 'kY1#') 　⇒　getElementById
_0x4229('0x9', 'kY1#')　⇒　monet
_0x4229('0x32', 'yblQ')　⇒　innerHTML
_0x4229('0x5e', 'xtR2')　⇒　getElementById
_0x4229('0x2d', 'uCq1')　⇒　monet
_0x4229('0x14', '70CK')　⇒　log
_0x4229('0x38', 'rwU*')　⇒　actf{you_would_n0t_beli3ve_your_eyes}
```

↓

```
function nofret() {
document.getElementById('monet').innerHTML = parseInt(document.getElementById('monet').innerHTML) + 0x19;
console.log(”actf{you_would_n0t_beli3ve_your_eyes}”);
console['clear']();
}
```

↓

`actf{you_would_n0t_beli3ve_your_eyes}`