Post

Hackfest 2022: HF Doom

Writeup for the “HF Doom” challenge created by @MaxWhite for the Hackfest CTF 2022.

03 - The Hidden Function

This challenge involves finding a hidden function within a WebAssembly version of the game Doom, which is based on https://silentspacemarine.com/.

The first step is to examine the game’s source code, which can be accessed through Chrome’s Inspector tool. By searching for the term “flag” within the source code, we found two interesting functions:

  • _flag3()
  • _flag4()

By calling the _flag3() function in the console, we obtain an integer value, which represents a memory address. Using Chrome’s Memory Inspector, we can search the obtained address (converted to hexadecimal) to view the return value of the function.

The returned value represents the flag.

04 - The Other Hidden Function

After examining the source code of the previously discovered _flag4() function, we notice that it requires the string “🔫” as a parameter to return the flag.

However, similar to the return value, the parameter must be an address pointing to the string. By inspecting the “websockets-doom.wasm” file, we can find the required address.

We simply need to convert the address to an integer, pass it as a parameter to the _flag4() function, and use the Memory Inspector to retrieve the returned value, just like we did for the last flag.

This post is licensed under CC BY 4.0 by the author.