そこに見えているのは残像です。 https://aokakes.work/MaidakeCTF2020/zanzou/
Hint
そのままだと見にくいので整形してあげると分かりやすいかもしれません。
URLにアクセスすると、以下のようなサイトだった。
残像
site.png
いかにもrot13のような文字列が表示されているが、これはロード毎に変化する。
QemgbliFLN{Fnhshrhmplk_fhpsqdhrii_fkhf_jw_xnlqmkup_kp_f_ijdvmjfhi}
VflmjolHNI{Kkfkjmghofj_gdjlihenoj_fkkn_kv_xglilfqk_sp_h_mrbruhknm}
SglncuiHQP{Higslnhooeq_hjjqlkcsng_ijgh_ex_qgtjqirh_rr_i_ljbmnhkpg}
UflfjumGSH{Gjdshklipdj_jfgpjmimgj_ijjh_er_uhrjjioo_sm_h_epdrnmgoi}
UdsebqfIQK{Kfdsfjomnel_hlplkigjfn_gfel_hu_rnrmqjsi_sp_f_kjgsoojhj}
rotでは戻せそうにない。
ソースを見てみると、以下のmain.jsが動いているようだ。
function rot(str, num) {const _0x57c5=['map','join','split','call','charCodeAt','fromCharCode'];(function(_0x2715ea,_0x57c505){const _0x5c66c7=function(_0x36a3ac){while(--_0x36a3ac){_0x2715ea['push'](_0x2715ea['shift']());}};_0x5c66c7(++_0x57c505);}(_0x57c5,0x74));const _0x5c66=function(_0x2715ea,_0x57c505){_0x2715ea=_0x2715ea-0x0;let _0x5c66c7=_0x57c5[_0x2715ea];return _0x5c66c7;};const _0x2feb07=_0x5c66;let i=[];i=str[_0x2feb07('0x0')]('');return i[_0x2feb07('0x4')][_0x2feb07('0x1')](i,function(_0x36a3ac){const _0x25d8c5=_0x2feb07;x=_0x36a3ac[_0x25d8c5('0x2')](0x0);if(0x41<=x&&x<0x4e||0x61<=x&&x<0x6e)return String[_0x25d8c5('0x3')](x+num);else{if(0x4e<=x&&x<=0x5a||0x6e<=x&&x<=0x7a)return String[_0x25d8c5('0x3')](x-num);}return String[_0x25d8c5('0x3')](x);})[_0x2feb07('0x5')]('');return i;}
const _0x32f5=['forEach','floor','fromCharCode'];(function(_0x8b6703,_0x32f579){const _0x55c0f1=function(_0x213f5c){while(--_0x213f5c){_0x8b6703['push'](_0x8b6703['shift']());}};_0x55c0f1(++_0x32f579);}(_0x32f5,0x16c));const _0x55c0=function(_0x8b6703,_0x32f579){_0x8b6703=_0x8b6703-0x0;let _0x55c0f1=_0x32f5[_0x8b6703];return _0x55c0f1;};const _0x3d349f=_0x55c0,rgrigrjar=[0x4d,0x61,0x69,0x64,0x61,0x6b,0x65,0x43,0x54,0x46,0x7b,0x44,0x65,0x63,0x69,0x70,0x68,0x65,0x72,0x69,0x6e,0x67,0x5f,0x6f,0x62,0x66,0x75,0x73,0x63,0x61,0x74,0x65,0x64,0x5f,0x63,0x6f,0x64,0x65,0x5f,0x62,0x79,0x5f,0x79,0x6f,0x75,0x72,0x73,0x65,0x6c,0x66,0x5f,0x69,0x73,0x5f,0x61,0x5f,0x63,0x68,0x61,0x6c,0x6c,0x65,0x6e,0x67,0x65,0x7d];let frgtrghgdtha='';rgrigrjar[_0x3d349f('0x2')](_0x213f5c=>{const _0x305999=_0x3d349f,_0x222ace=Math[_0x305999('0x0')](Math['random']()*0xa)+0x1;frgtrghgdtha+=rot(String[_0x305999('0x1')](_0x213f5c),_0x222ace);});
$('#flag').text(frgtrghgdtha);Online JavaScript beautifierで難読化を解除する(main2.js)。
中身を見ると、いかにも怪しいhexがある。
rgrigrjar = [0x4d, 0x61, 0x69, 0x64, 0x61, 0x6b, 0x65, 0x43, 0x54, 0x46, 0x7b, 0x44, 0x65, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x6f, 0x62, 0x66, 0x75, 0x73, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x62, 0x79, 0x5f, 0x79, 0x6f, 0x75, 0x72, 0x73, 0x65, 0x6c, 0x66, 0x5f, 0x69, 0x73, 0x5f, 0x61, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x7d];以下のように復元する。
$ node
> const rgrigrjar = [0x4d, 0x61, 0x69, 0x64, 0x61, 0x6b, 0x65, 0x43, 0x54, 0x46, 0x7b, 0x44, 0x65, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x6f, 0x62, 0x66, 0x75, 0x73, 0x63, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x62, 0x79, 0x5f, 0x79, 0x6f, 0x75, 0x72, 0x73, 0x65, 0x6c, 0x66, 0x5f, 0x69, 0x73, 0x5f, 0x61, 0x5f, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x7d];
undefined
> rgrigrjar.map(x => String.fromCharCode(x)).join('');
'MaidakeCTF{Deciphering_obfuscated_code_by_yourself_is_a_challenge}'flagが出てきた。