Challenge 1 - Flaredle
Description
Welcome to Flare-On 9!
You probably won’t win. Maybe you’re like us and spent the year playing Wordle. We made our own version that is too hard to beat without cheating.
Play it live at: http://flare-on.com/flaredle/
Download (password: flare) - 01_flaredle.7z
Contents
Solution
Intro
The first challenge of any Flare-On is usually pretty straight forward, just need to review source code and find the win condition.
In this challenge, we’re given the following files and a link to a website (website may be offline by the time this is posted):
- index.html
- script.js
- style.css
- words.js
- https://flare-on.com/flaredle/
Initial Analysis
Visiting the website, it looks like Flare’s take on Wordle.
Reviewing the source code
Opening script.js, we see that the correct guess is set in the first few lines.
import { WORDS } from "./words.js";
const NUMBER_OF_GUESSES = 6;
const WORD_LENGTH = 21;
const CORRECT_GUESS = 57;
let guessesRemaining = NUMBER_OF_GUESSES;
let currentGuess = [];
let nextLetter = 0;
let rightGuessString = WORDS[CORRECT_GUESS];
We can confirm this is actually the case further down, where our guess, guessString is checked against rightGuessString.
if (guessString === rightGuessString) {
let flag = rightGuessString + '@flare-on.com';
toastr.options.timeOut = 0;
toastr.options.onclick = function() {alert(flag);}
toastr.success('You guessed right! The flag is ' + flag);
guessesRemaining = 0
return
} else {
guessesRemaining -= 1;
currentGuess = [];
nextLetter = 0;
if (guessesRemaining === 0) {
toastr.error("You've run out of guesses! Game over!")
toastr.info('Try reverse engineering the code to discover the correct "word"!');
}
}
If the two are equal, @flare-on.com is appended to rightGuessString and we are given the flag.
We can open words.js and see that flareonisallaboutcats is at index 57. (Screenshot shows line 58 because line count starts at 1)
Flag
Entering flareonisallaboutcats as our answer confirms this is the flag.
Flag: flareonisallaboutcats@flare-on.com