EmojiWAT
- Category: Misc
- 200 points
- Solved by the JCTF Team
Description
Solution
Not too often does a CTF challenge have its own promo. This was not the case of EmojiWat:
The opening URL presents a text editor, with a run button, and some "code". The code can be executed, and it indeed prints "Hello World!". The strange part is that the "code" is mostly Emoji.
The interface presented a list of a few other examples of code.
At first, we thought the Emoji were just some aliases or macros and we tried to guess what was the underlying language. For example:
- π = main
- π€ = "
- π = print
- π = {
- π = }
But it turned out to be weirder than that: some people actually created a real language called "Emojicode, an open-source, full-blown programming language consisting of emojis". Just when you thought Whitespace, Chef and Velato were the strangest programming languages...
From there, it should have been straight forward, looking for some Emojicode sample that implements a simple HTTP GET request to http://emojiwat-flag, as stated in the challenge description. So we get the sample from the official documentation for Package sockets, and just change the URL:
π¦ sockets π
π π
πΊ ππ π€emojiwat-flagπ€ 80βοΈ β‘οΈ socket
π¬ socket π π€GET / HTTP/1.1βrβnHost: emojiwat-flagβrβnβrβnπ€βοΈβοΈ
πΊ π socket 140βοΈ β‘οΈ data
π πΊ π‘ dataβοΈβοΈ
πBut it returns an error that explains in plain English:
Call can raise sπ§πΈβ but error is not handled.
Back to the Emoji documentation about errors, we learn that:
In case a method, initializer or closure may fail, it should be declared as error-prone.
Luckily, an easy solution is also described:
πΊ Not Handling Errors
As with optionals, you can use πΊ to make a call to an error-prone function and disregard the possibility of an error arising. If an error, however, is raised during execution the program will panic.
So we can easily fix our code by adding πΊ before the line using the socket (and fix the size to read):
π¦ sockets π
π π
πΊ ππ π€emojiwat-flagπ€ 80βοΈ β‘οΈ socket
πΊ π¬ socket π π€GET / HTTP/1.1βrβnHost: emojiwat-flagβrβnβrβnπ€βοΈβοΈ
πΊ π socket 250βοΈ β‘οΈ data
π πΊ π‘ dataβοΈβοΈ
πand we get the flag:
BSidesTLV2020{(^_^)YOU[o_o]DID(^.^)IT($.$)}As Tomer (one of the challenge's author) would say: πΊ is always the answer to everything.
N.B.: π¨ As described in the documentation, this solution should not be used in your Emojicode production code π
Unless you are absolutely sure that a call will never raise an error, using πΊ is a bad idea.