> Check out my super safe website! Enter the password to get the flag

> Author: Andrew

We're given a simple website with an input. Here's the interesting parts of
`main.js`:  
```js  
const fetchWASMCode = () => {  
return new Promise((res, rej) => {  
const req = new XMLHttpRequest();

req.onload = function () {  
res(req.response);  
}  
req.onerror = (err) => {  
console.warn('If you\\\'re seeing this logged, something broke');  
rej(err)  
}  
req.open("GET", "./code.wasm");  
req.responseType = "arraybuffer";  
req.send();  
});  
};  
```

```js  
const input = document.querySelector('input#password');  
const response = document.querySelector('p#response-text');

document.querySelector('button').addEventListener('click', () => {  
if (wasm) {  
const memory = new Uint8Array(wasm.instance.exports.memory.buffer);  
memory.set(new TextEncoder().encode(input.value + "\x00"));

const resultAddr = wasm.instance.exports.checkPassword(0);

const end = memory.indexOf(0, resultAddr);

response.innerText = "Response: " + new
TextDecoder().decode(memory.subarray(resultAddr, end));  
} else {  
response.innerText = "Please try again in a few seconds";  
}  
}, 1);  
```

In the second chunk you can see that `wasm.instance.exports.checkPassword` is
called. In the first chunk you can see that it comes from `("GET",
"./code.wasm")`. I hexdump'd the `wasm`, and found the flag in plaintext (it
would also be found in `strings`...).

For completeness: When the user enters `WASMP4S5W0RD`, an element will be
added below with `Response: bcactf{w4sm-m4g1c-xRz5}`

Flag: `bcactf{w4sm-m4g1c-xRz5}`

Original writeup (https://eb-h.github.io/bcactf-2021/#wasm-protected-site-1).