The Flag Within
Solution author: https://twitter.com/1337Moldova
The obfuscated JS code doesn't seem to contain anything related to the flag.
We can see some interesting keywords, like:
String['fromCharCode']. As mentioned above, this beautifier stripped an important detail:
This way, we can see that
_0x314c('0x1') actually equals to
log. This means that the obfuscated script prints something out on the console in the browser. However, on executing the script inside VM's browser by copy-pasting it nothing was displayed. This is actually caused by the fact that the entry point into this program does not exist.
Let's try and add an entry point by calling
_0x311fb5(), the function which contains that
console.log(...) method call.
Here we go, the flag is ours: