# ACCESS LEVEL 1

Open crypto.js file, copy the parameter of eval() function and execute it in firebug, we will get:

[js]function simpleHash(str) {
var i, hash = 0;
for (i = 0; i < str.length; i++) { hash += (str[i].charCodeAt() * (i + 1)) } return Math.abs(hash) % 31337 } function ascii_one(foo) { foo = foo.charAt(0); var i; for (i = 0; i < 256; ++i) { var hex_i = i.toString(16); if (hex_i.length == 1) hex_i = "0" + hex_i; hex_i = "%" + hex_i; hex_i = unescape(hex_i); if (hex_i == foo) break } return i } function numerical_value(str) { var i, a = 0, b; for (i = 0; i < str.length; ++i) { b = ascii_one(str.charAt(i)); a += b * (i + 1) } return a } function encrypt(form) { var res; res = numerical_value(form.password.value); res = res * (3 + 1 + 3 + 3 + 7); res = res >>> 6;
res = res / 4;
res = res ^ 4153;
if (res != 0) {
} else {
}
return true
}
[/js]

So, to get the goodboy, we must find a number res such that:

`((((res * (3 + 1 + 3 + 3 + 7)) >>> 6) / 4) ^ 4153) == 0`

We will run the following command in firebug to get res:

`((4153 * 4) << 6) / (3 + 1 + 3 + 3 + 7);`

It returns res = 62539.294117647056, and 62540 is the value we are looking for. Because the function numberical_value() is very simple, and we can modify every unit of the return value, so we can easily get the valid input to make numberical_value() returns 62540. For example:

`AAAAAAAAABAAAAAAAAAuAAAAAAAAAAAAAAAAAAAAAAA`

Flag:

```Congrats! you passed the level! Here is the key:
23f8d1cea8d60c5816700892284809a94bd00fe7347645b96a99559749c7b7b8```

# ACCESS LEVEL 2

After installing and running the .apk file in BlueStacks, we noticed that every time we click on the button, a random image is displayed on the screen.

We can easily see that they are part of a complete QRCode image, so we try to see all of it by extracting the .apk with WinRAR and go to “resraw” folder.

This folder contains 17 images, and one of them is just a troll picture, so we have 16 image, with the same size: 97×97 pixels. 16 = 4*4, so the size of complete QRCode sshould be 388×388 (388 = 97*4). Using Photoshop, set grid size to 97×97, we can easily arrange all 16 images and get the complete QRCode:

Scan it will give us flag:

`788f5ff85d370646d4caa9af0a103b338dbe4c4bb9ccbd816b585c69de96d9da`

# ACCESS LEVEL 3

This challenge requires us to enter each character of the password, if entered correctly, a sign ‘*‘ is displayed, otherwise the program will exit immediately.

Open it in IDA, follow the string “Type to win, only what I want to read…” and we will be here:

[asm].text:00000000004010F3 call getch
.text:00000000004010F8 movsx eax, al
.text:00000000004010FB mov [rbp+var_4], eax
.text:00000000004010FE mov eax, [rbp+var_8]
.text:0000000000401101 cdqe
.text:0000000000401103 mov eax, dword ptr facebookctf_rocks[rax*4]
.text:000000000040110A cmp eax, [rbp+var_4]
[/asm]

Very simple! It reads a char from the user, compare it with another hardcoded char, if they differ, then we get badboy. var_8 is a counting variable, which will be increased here:

.text:000000000040114E
.text:000000000040114E loc_40114E:
.text:000000000040114E cmp [rbp+var_8], 9
.text:0000000000401152 jle short loc_4010F3
[/asm]

Seeing the line at 0x40114E, we know that the length of password is 9, and we can easily get it by reading the value of facebookctf_rocks:

```-> Congratulations! The key is: