feat: add challenges

Author: fakhrip

assets/challenges/ffiishy.zip

@@ -0,0 +1,48 @@
+<b><~~~~ Challenges ===================></b>
+
+
+Here are challenges i wrote for fun, and mostly act as an "educational tool" to ease me in explaining stuff to my audience.
+
+To input any flag you found for each challenge, you can type in the flag in the input box of that corresponding challenge and hit the "Check Flag" button.
+
+In case you need any help for solving any of these challenges, i will be very happy to help you so feel free to contact me in discord @<a class="single" href="https://discord.com/channels/@me/414072790745088010" target="_blank" rel="noopener noreferrer">f4r4w4y</a> (but please keep in mind that i also have life to do so dont expect very quick response lol).
+
+Challenge list:
+
+[ <b>1</b> ] <a class="single" href="assets/challenges/ffiishy.zip" target="_blank" rel="noopener noreferrer">FFIshy.apk</a> : Foreign Function Interface is FFIishy (or ffiilthy?)
+      <code>reverse engineering</code><code>math</code><code>ffi</code><code>jni</code><code>android</code><code>c</code><code>recursion</code>
+
+      Note: wrap the flag with "FLAG{}" (e.g. if the flag you found is test, 
+            then input as FLAG{test})
+      <input type="text" name="flag-1" id="flag-1"><button type="button" id="button-1">Check Flag</button>
+
+<script type="module" src="scripts/toast.js" defer></script>
+<script type="module" src="scripts/decrypt_flag.js" defer></script>
+<script>
+window.sodium = {
+  onload: function (sodium) {
+    const encryptedData = [
+      "uJTSL19fpzZgMcDnFftI2FVaa4b5Zk+7SYmsPIrXGMsNKjpIlu6xsLbHz/w/hMwOZQ==" // ffiishy challenge
+    ]
+
+    for (let [i, enc] of encryptedData.entries()) {
+      i += 1; // index starts from 1
+
+      document.body.querySelector(`#button-${i}`).addEventListener('click', async () => {
+        const secret = document.body.querySelector(`#flag-${i}`).value;
+        if (await window.checkFlag(enc, secret)) {
+          window.showToast('Correct!', 'info');
+        } else {
+          window.showToast('Wrong!', 'warning');
+        }
+      });
+    }
+  },
+};
+</script>
+<script
+  src="https://cdn.jsdelivr.net/npm/libsodium@0.7.15/dist/modules/libsodium.min.js"
+  async defer></script>
+<script
+  src="https://cdn.jsdelivr.net/npm/libsodium-wrappers@0.7.15/dist/modules/libsodium-wrappers.min.js"
+  async defer></script>

contents/challenges.html

@@ -58,9 +58,9 @@
 │                └──────────────────┤                                 ├──────────────────┘                │
 │                                   ╘═                               ═╛                                   │
 │                                                                                                         │
-│   <no-aboutlink>┏━━┓</no-aboutlink>                                                                                  <a class="cv-link" href="content.html?c=cv">🮹🮺 open my CV</a>   │
+│   <no-aboutlink>┏━━┓</no-aboutlink>                                                                          <a class="cv-link" href="content.html?c=cv">🮹🮺 let me see your CV</a>   │
 │   <no-aboutlink>┃ ▄▄▄▖</no-aboutlink>  <a class="about-link" href="content.html?c=about"><b>Who </b></a>                                                                                          │
-│   <no-aboutlink>┃  ██▌</no-aboutlink>  <a class="about-link" href="content.html?c=about">are </a>                                                                                          │
+│   <no-aboutlink>┃  ██▌</no-aboutlink>  <a class="about-link" href="content.html?c=about">are </a>                                                        <a class="challenge-link" href="content.html?c=challenges">🮤🮥 let me solve your challenges</a>  │
 │   <no-aboutlink>┃ ▀▀▀▀</no-aboutlink>  <a class="about-link" href="content.html?c=about">you?</a>                                                                                          │
 │   <no-aboutlink>┗━━┛</no-aboutlink>                                          =-*@@@@@@                                               │
 │                                              :+=+%*@@@@@@:                                              │

index.html

@@ -1,13 +1,13 @@
 window.renderContent = async (content) => {
   const short = await (async () => {
     const whitelist = [
-      "about", "youtube", "contact", "blog", "cv",
+      "about", "youtube", "contact", "blog", "cv", "challenges",
       "flag{congrats_you_found_a_meaningless_flag_from_a_meaningless_repository_in_github}"
     ]
     if (whitelist.includes(content)) {
       return await (await fetch(`../contents/${content}.html`)).text();
     } else {
-      if ([".", "/", "{", "}", "]", "[", ")", "("].filter(str => content.includes(str)).length > 0) {
+      if ([".", "/", "{", "}", "]", "[", ")", "("].filter(str => content?.includes(str)).length > 0) {
         return "<span style=\"width: 100%;\"><center>Hacker, please dont attack me :(</center></span>"
       } else {
         const { origin } = new URL(document.location.href);
@@ -53,6 +53,37 @@ window.renderContent = async (content) => {
     characterData: true
   });
 
+  const parser = new DOMParser();
+  const doc = parser.parseFromString(short, 'text/html');
+  const scripts = doc.querySelectorAll("script");
+
+  const newShort = doc;
+  newShort.querySelectorAll("script").forEach((script) => script.remove());
+
   // Render the content
-  contentPreTag.innerHTML = "\n" + short;
+  contentPreTag.innerHTML = `\n${newShort.body.innerHTML.trim()}`;
+
+  // Execute script tags inside the content
+  scripts.forEach((script) => {
+    const newScript = document.createElement("script");
+
+    // Copy all attributes
+    for (const attr of script.attributes) {
+      newScript.setAttribute(attr.name, attr.value);
+    }
+
+    if (script.src) {
+      // For external scripts
+      newScript.src = script.src;
+    } else {
+      // For inline scripts
+      newScript.text = script.textContent;
+    }
+
+    // Append to trigger execution
+    document.body.appendChild(newScript);
+
+    // Clean up
+    newScript.remove();
+  });
 }

scripts/content.js

@@ -0,0 +1,41 @@
+window.checkFlag = async (encryptedBase64, keyStr) => {
+  await sodium.ready;
+
+  // Derive the key using Web Crypto's SHA‑256
+  const keyBytes = sodium.from_string(keyStr);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", keyBytes);
+  const hashedKey = new Uint8Array(hashBuffer);
+
+  // Decode the base64 input into a Uint8Array
+  const decoded = sodium.from_base64(encryptedBase64, sodium.base64_variants.ORIGINAL);
+
+  // Extract nonce (first 12 bytes), tag (next 16 bytes), and ciphertext (rest)
+  const nonce = decoded.slice(0, 12);
+  const tag = decoded.slice(12, 28);
+  const ciphertext = decoded.slice(28);
+
+  // Libsodium expects the ciphertext to have the tag appended at the end.
+  // Reassemble: [ciphertext || tag]
+  const combined = new Uint8Array(ciphertext.length + tag.length);
+  combined.set(ciphertext);
+  combined.set(tag, ciphertext.length);
+
+  try {
+    // Decrypt the message.
+    // Note: We pass `null` for additional data (AD) since none was used in encryption.
+    const decrypted = sodium.crypto_aead_chacha20poly1305_ietf_decrypt(
+      null,      // no additional data
+      combined,  // ciphertext with tag appended
+      null,      // no additional data
+      nonce,     // nonce extracted from the beginning
+      hashedKey  // key derived from SHA-256(keyStr)
+    );
+
+    // Convert decrypted bytes back to a string and return it.
+    if (sodium.to_string(decrypted) === "This flag is correct!") {
+      return true;
+    }
+  } catch (error) {
+    return false;
+  }
+}

scripts/decrypt_flag.js

@@ -0,0 +1,23 @@
+from Crypto.Cipher import ChaCha20_Poly1305
+from Crypto.Random import get_random_bytes
+from base64 import b64encode
+
+import hashlib
+import sys
+
+def encrypt_file(key):
+    key = hashlib.sha256(key.encode('utf-8')).digest()
+    nonce = get_random_bytes(12)
+    plaintext = b"This flag is correct!"
+
+    cipher = ChaCha20_Poly1305.new(key=key, nonce=nonce)
+    ciphertext, tag = cipher.encrypt_and_digest(plaintext)
+
+    print(b64encode(nonce + tag + ciphertext).decode())
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("Usage: python encrypt.py <key>")
+        sys.exit(1)
+
+    encrypt_file(sys.argv[1])

scripts/encrypt_flag.py

@@ -0,0 +1,11 @@
+window.showToast = (message, type = 'info') => {
+  const toast = document.createElement('div');
+  toast.className = `toast ${type}`;
+  toast.textContent = message;
+
+  document.body.appendChild(toast);
+
+  setTimeout(() => {
+    toast.remove();
+  }, 3000);
+}

scripts/toast.js

@@ -55,13 +55,13 @@ code {
 code::before {
   color: #5e5e5e;
   padding-right: 2px;
-  content: "⟦"
+  content: "⟦";
 }
 
 code::after {
   color: #5e5e5e;
   padding-left: 2px;
-  content: "⟧"
+  content: "⟧";
 }
 
 a:link,
@@ -77,12 +77,14 @@ a.single:visited {
 }
 
 body:has(:is(a.cv-link:hover, a.cv-link:active)) .cv-link,
+body:has(:is(a.challenge-link:hover, a.challenge-link:active)) .challenge-link,
 body:has(:is(a.backhome-link:hover, a.backhome-link:active)) .backhome-link,
 body:has(:is(a.contact-link:hover, a.contact-link:active)) .contact-link,
 body:has(:is(a.blog-link:hover, a.blog-link:active)) .blog-link,
 body:has(:is(a.youtube-link:hover, a.youtube-link:active)) .youtube-link,
 body:has(:is(a.about-link:hover, a.about-link:active)) .about-link,
-a.single:hover, a.single:active {
+a.single:hover,
+a.single:active {
   color: black;
   background-color: white;
 }
@@ -93,3 +95,40 @@ body:has(:is(a.youtube-link:hover, a.youtube-link:active)) no-youtubelink,
 body:has(:is(a.about-link:hover, a.about-link:active)) no-aboutlink {
   color: yellow;
 }
+
+.toast {
+  position: fixed;
+  bottom: 30px;
+  left: 50%;
+  transform: translateX(-50%);
+  padding: 12px 24px;
+  border-radius: 4px;
+  box-shadow: 0 4px 8px rgba(0, 0, 0, 0.3);
+  opacity: 1;
+  z-index: 999;
+  margin-top: 5px;
+
+  animation: fadeOut 3s forwards;
+
+  font-weight: bold;
+  font-family: Julia, monospace;
+}
+
+.toast.info {
+  background-color: greenyellow;
+  color: black;
+}
+
+.toast.warning {
+  background-color: red;
+  color: white;
+}
+
+@keyframes fadeOut {
+  from {
+    opacity: 1;
+  }
+  to {
+    opacity: 0;
+  }
+}