I copied their challenge page and deobfuscated the js using webcrack, then made a dummy html which will allow me to debug easily

I found solution is getting returned from EV.niWqu function

Then i see gojs binding and find myself in a entry point of a wasm challenge :D

From there i will resume which part of code where i found in wasm and which approach i used to reverse this challenge

I created 2 wasm export for printing i32 and strings from wasm instead of "next step, next step, next step"

You can ask "you can use logpoints its much simpler!" but if you use too many logpoints most of the time ur chrome will crash so most of the time i do that (instead of console.log use a window object to save then install it or copy cuz console.log will end up with crashing as well sometimes)

It wasnt actually necessary for this project but well, i just wanted to make sure sha impl is correct

this part equals to

[M % 5]

part in python

this part loads the K array, memory is not encrypted so we can simply dump it from wasm

initial_offset = (M * self.K[M % 5]) % 36

offset = (M * self.K[(i - 1) % 5]) % difficulty

and in _find_nonce impl, nonce generation is actually happening in js export :), wasm calls that function and gets nonce value

and we can validate its sha256 (probably go's crypto/sha256)

Showcase:

small note: I don't think they check TLS, so I didn't bother with HTTP headers and TLS; curl cffi passes cf, thats all

Thank you for reading my mini blog/research, you can read the solver in vercel_solver.py!

Discord: id: notemrovsky, server: discord.gg/jsreversing

Telegram: t.me/Emrovsky