Writeup for the “HF Doom” challenge created by @MaxWhite for the Hackfest CTF 2022.
This challenge involves finding a hidden function within a WebAssembly version of the game Doom, which is based on https://silentspacemarine.com/.
The first step is to examine the game’s source code, which can be accessed through Chrome’s Inspector tool. By searching for the term “flag” within the source code, we found two interesting functions:
By calling the _flag3() function in the console, we obtain an integer value, which represents a memory address. Using Chrome’s Memory Inspector, we can search the obtained address (converted to hexadecimal) to view the return value of the function.
The returned value represents the flag.
After examining the source code of the previously discovered _flag4() function, we notice that it requires the string “🔫” as a parameter to return the flag.
However, similar to the return value, the parameter must be an address pointing to the string. By inspecting the “websockets-doom.wasm” file, we can find the required address.
We simply need to convert the address to an integer, pass it as a parameter to the _flag4() function, and use the Memory Inspector to retrieve the returned value, just like we did for the last flag.