Last weekend my team and I competed in UofTCTF 2025, where we placed 9th overall. I found one of the reversing challenges really interesting, and I was proud of my solution and solve process, so I made a writeup for it.
Bloatware
For this challenge we’re given a flag checker program, chal.js
. Upon opening it I quickly saw that it was obfuscated with obfuscator.io and then minified. Here’s a small snippet of the code in question.