icoa-cli 2.19.196 → 2.19.197

package/dist/commands/lang.js

@@ -1 +1 @@
-import chalk from"chalk";import{getConfig as e,saveConfig as o}from"../lib/config.js";import{getExamState as s}from"../lib/exam-state.js";import{logCommand as a}from"../lib/logger.js";import{printSuccess as t,printError as n,printInfo as i}from"../lib/ui.js";import{SUPPORTED_LANGUAGES as r}from"../types/index.js";const l={en:"English",zh:"中文 (Chinese)",ja:"日本語 (Japanese)",ko:"한국어 (Korean)",es:"Español (Spanish)",ar:"العربية (Arabic)",fr:"Français (French)",pt:"Português (Portuguese)",ru:"Русский (Russian)",hi:"हिन्दी (Hindi)",de:"Deutsch (German)",id:"Bahasa (Indonesian)",th:"ไทย (Thai)",vi:"Tiếng Việt (Vietnamese)",tr:"Türkçe (Turkish)",uk:"Українська (Ukrainian)",ht:"Kreyòl (Haitian Creole)",sw:"Kiswahili (Swahili)",uz:"Oʻzbek (Uzbek)",lo:"ລາວ (Lao)"};export function registerLangCommand(c){c.command("lang [code]").description("Switch display language").action(async c=>{if(a(`lang ${c||""}`),!c){const o=e();i(`Current language: ${chalk.white(l[o.language]||o.language)}`),console.log(),console.log(chalk.gray("  Supported languages:"));for(const e of r){const s=o.language===e?chalk.yellow(" ← current"):"";console.log(`    ${chalk.white(e)}  ${l[e]}${s}`)}return console.log(),console.log(chalk.gray("  Switch now: ")+chalk.cyan("lang <code>")+chalk.gray("   (e.g. ")+chalk.cyan("lang es")+chalk.gray(")")),console.log(chalk.gray('  No "back" needed — you are still at the ')+chalk.cyan("icoa>")+chalk.gray(" prompt.")),void console.log()}if(!r.includes(c)){n(`Unsupported language: ${c}`);const e=r.map(e=>`${e} (${l[e]?.split(" ")[0]||e})`).join(", ");return void i(`Supported: ${e}`)}o({language:c}),t(`Language set to: ${l[c]||c}`);const g=s();if(g&&"demo-free"===g.session.examId)try{const{pickDemoQuestions:e,getLocalizedDemoSession:o,getLocalizedDemoQuestions:s,getLocalizedExplanations:a,DEMO_PICK_SIZE:t}=await import("../lib/demo-exam.js"),{saveExamState:n}=await import("../lib/exam-state.js");if(g.questions.every(e=>null!=e.sourceNumber&&Array.isArray(e.sourceOrder)&&4===e.sourceOrder.length)){const e=s(),t=a();g.questions=g.questions.map(o=>{const s=e.find(e=>e.number===o.sourceNumber);return s&&o.sourceOrder?{...o,text:s.text,category:s.category,options:{A:s.options[o.sourceOrder[0]],B:s.options[o.sourceOrder[1]],C:s.options[o.sourceOrder[2]],D:s.options[o.sourceOrder[3]]},explanation:t[o.sourceNumber]}:o}),g.session.examName=o().examName,n(g);const i=g._lastQ||1;console.log(),console.log(chalk.green(`  Demo continues in ${l[c]||c}. Your progress is kept.`)),console.log(chalk.white(`  Resume: exam q ${i}`))}else g.questions=e(t),g.answers={},g.session.examName=o().examName,g.session.startedAt=(new Date).toISOString(),g._lastQ=1,n(g),console.log(),console.log(chalk.green(`  Demo restarted in ${l[c]||c}.`)),console.log(chalk.white("  Type: exam q 1"))}catch{console.log(chalk.gray("  Language changed. Type: demo"))}else if(g&&g.session.token)try{const{getConfig:e}=await import("../lib/config.js"),{saveExamState:o}=await import("../lib/exam-state.js"),{getDeviceFingerprint:s}=await import("../lib/access.js"),a=e().ctfdUrl||"https://practice.icoa2026.au",n=g.session.token,i=await fetch(`${a}/api/icoa/exam-token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({token:n,deviceHash:s(),lang:c}),signal:AbortSignal.timeout(1e4)});if(i.ok){const e=(await i.json()).data.questions;g.questions=e,o(g);const s=g._lastQ||1;console.log(),t(`Exam questions updated to ${l[c]||c}. Your answers are kept.`),console.log(chalk.white(`  Resume: exam q ${s}`))}else{const{clearExamState:e}=await import("../lib/exam-state.js");e(),console.log(),console.log(chalk.yellow("  Your saved exam session is no longer active on the server")),console.log(chalk.gray("  (most often: already submitted, or the exam window has closed).")),console.log(chalk.gray("  We cleared the stale state for you. To start a fresh attempt:")),console.log(chalk.gray("    → ")+chalk.bold.cyan("exam <your-token>"))}}catch{console.log(chalk.yellow("  Could not reach server. Language changed for UI only."))}else if(g){const e=g._lastQ||1;console.log(),console.log(chalk.gray(`  Exam in progress — resuming Q${e}:`)),console.log(chalk.white(`  Type: exam q ${e}`))}})}
+import chalk from"chalk";import{getConfig as e,saveConfig as o}from"../lib/config.js";import{getExamState as s}from"../lib/exam-state.js";import{logCommand as a}from"../lib/logger.js";import{ensureLangCache as t}from"../lib/translations-fetcher.js";import{printSuccess as n,printError as i,printInfo as r}from"../lib/ui.js";import{SUPPORTED_LANGUAGES as l}from"../types/index.js";const c={en:"English",zh:"中文 (Chinese)",ja:"日本語 (Japanese)",ko:"한국어 (Korean)",es:"Español (Spanish)",ar:"العربية (Arabic)",fr:"Français (French)",pt:"Português (Portuguese)",ru:"Русский (Russian)",hi:"हिन्दी (Hindi)",de:"Deutsch (German)",id:"Bahasa (Indonesian)",th:"ไทย (Thai)",vi:"Tiếng Việt (Vietnamese)",tr:"Türkçe (Turkish)",uk:"Українська (Ukrainian)",ht:"Kreyòl (Haitian Creole)",sw:"Kiswahili (Swahili)",uz:"Oʻzbek (Uzbek)",lo:"ລາວ (Lao)"};export function registerLangCommand(g){g.command("lang [code]").description("Switch display language").action(async g=>{if(a(`lang ${g||""}`),!g){const o=e();r(`Current language: ${chalk.white(c[o.language]||o.language)}`),console.log(),console.log(chalk.gray("  Supported languages:"));for(const e of l){const s=o.language===e?chalk.yellow(" ← current"):"";console.log(`    ${chalk.white(e)}  ${c[e]}${s}`)}return console.log(),console.log(chalk.gray("  Switch now: ")+chalk.cyan("lang <code>")+chalk.gray("   (e.g. ")+chalk.cyan("lang es")+chalk.gray(")")),console.log(chalk.gray('  No "back" needed — you are still at the ')+chalk.cyan("icoa>")+chalk.gray(" prompt.")),void console.log()}if(!l.includes(g)){i(`Unsupported language: ${g}`);const e=l.map(e=>`${e} (${c[e]?.split(" ")[0]||e})`).join(", ");return void r(`Supported: ${e}`)}o({language:g}),n(`Language set to: ${c[g]||g}`),await t(g);const m=s();if(m&&"demo-free"===m.session.examId)try{const{pickDemoQuestions:e,getLocalizedDemoSession:o,getLocalizedDemoQuestions:s,getLocalizedExplanations:a,DEMO_PICK_SIZE:t}=await import("../lib/demo-exam.js"),{saveExamState:n}=await import("../lib/exam-state.js");if(m.questions.every(e=>null!=e.sourceNumber&&Array.isArray(e.sourceOrder)&&4===e.sourceOrder.length)){const e=s(),t=a();m.questions=m.questions.map(o=>{const s=e.find(e=>e.number===o.sourceNumber);return s&&o.sourceOrder?{...o,text:s.text,category:s.category,options:{A:s.options[o.sourceOrder[0]],B:s.options[o.sourceOrder[1]],C:s.options[o.sourceOrder[2]],D:s.options[o.sourceOrder[3]]},explanation:t[o.sourceNumber]}:o}),m.session.examName=o().examName,n(m);const i=m._lastQ||1;console.log(),console.log(chalk.green(`  Demo continues in ${c[g]||g}. Your progress is kept.`)),console.log(chalk.white(`  Resume: exam q ${i}`))}else m.questions=e(t),m.answers={},m.session.examName=o().examName,m.session.startedAt=(new Date).toISOString(),m._lastQ=1,n(m),console.log(),console.log(chalk.green(`  Demo restarted in ${c[g]||g}.`)),console.log(chalk.white("  Type: exam q 1"))}catch{console.log(chalk.gray("  Language changed. Type: demo"))}else if(m&&m.session.token)try{const{getConfig:e}=await import("../lib/config.js"),{saveExamState:o}=await import("../lib/exam-state.js"),{getDeviceFingerprint:s}=await import("../lib/access.js"),a=e().ctfdUrl||"https://practice.icoa2026.au",t=m.session.token,i=await fetch(`${a}/api/icoa/exam-token`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({token:t,deviceHash:s(),lang:g}),signal:AbortSignal.timeout(1e4)});if(i.ok){const e=(await i.json()).data.questions;m.questions=e,o(m);const s=m._lastQ||1;console.log(),n(`Exam questions updated to ${c[g]||g}. Your answers are kept.`),console.log(chalk.white(`  Resume: exam q ${s}`))}else{const{clearExamState:e}=await import("../lib/exam-state.js");e(),console.log(),console.log(chalk.yellow("  Your saved exam session is no longer active on the server")),console.log(chalk.gray("  (most often: already submitted, or the exam window has closed).")),console.log(chalk.gray("  We cleared the stale state for you. To start a fresh attempt:")),console.log(chalk.gray("    → ")+chalk.bold.cyan("exam <your-token>"))}}catch{console.log(chalk.yellow("  Could not reach server. Language changed for UI only."))}else if(m){const e=m._lastQ||1;console.log(),console.log(chalk.gray(`  Exam in progress — resuming Q${e}:`)),console.log(chalk.white(`  Type: exam q ${e}`))}})}

package/dist/lib/demo-exam.js

@@ -1 +1 @@
-import{existsSync as e,readFileSync as t}from"node:fs";import{join as r,dirname as i}from"node:path";import{fileURLToPath as n}from"node:url";import{getConfig as o}from"./config.js";const s=i(n(import.meta.url));export const DEMO_POOL_SIZE=30;export const DEMO_PICK_SIZE=10;const a={examId:"demo-free",examName:"ICOA Demo Exam — Free Practice",startedAt:"",durationMinutes:0,questionCount:10,country:"ALL"};export const DEMO_ANSWERS={1:"B",2:"B",3:"C",4:"B",5:"C",6:"B",7:"B",8:"C",9:"C",10:"B",11:"C",12:"B",13:"B",14:"B",15:"B",16:"D",17:"D",18:"C",19:"C",20:"B",21:"A",22:"D",23:"C",24:"B",25:"A",26:"B",27:"D",28:"C",29:"A",30:"B"};export const DEMO_EXPLANATIONS={1:"RSA is an asymmetric (public-key) cipher. AES, DES, and Blowfish are all symmetric ciphers that use the same key for encryption and decryption.",2:"SQL injection occurs when user input is inserted directly into database queries without proper sanitization, allowing attackers to manipulate the query.",3:"HTTP 403 means Forbidden — the server understood the request but refuses to authorize it. 401 is Unauthorized, 404 is Not Found, 500 is Internal Server Error.",4:"A nonce (number used once) is a random value used in cryptographic protocols to prevent replay attacks — ensuring each request or message is unique and cannot be reused by an attacker.",5:"Wireshark is the standard tool for capturing and analyzing network packets. Burp Suite is for web testing, John the Ripper for password cracking, Ghidra for reverse engineering.",6:"XSS stands for Cross-Site Scripting — a vulnerability where attackers inject malicious scripts into web pages viewed by other users.",7:"A firewall filters network traffic based on security rules, blocking unauthorized access while allowing legitimate communication. It does not encrypt, scan for viruses, or speed up connections.",8:"A Trojan disguises itself as legitimate software to trick users into installing it. Unlike worms, Trojans do not self-replicate.",9:"HTTPS (HTTP Secure) uses TLS/SSL to encrypt web traffic, protecting data from eavesdropping and tampering. HTTP, FTP, and SMTP are not secure by default.",10:"A cryptographic hash is a one-way function that produces a fixed-size digest. It cannot be reversed, unlike encryption.",11:"Ghidra is a reverse engineering and binary analysis tool developed by the NSA. Nmap scans ports, SQLMap tests SQL injection, Nikto scans web servers.",12:"DNS Spoofing (cache poisoning) manipulates DNS responses to redirect victims to attacker-controlled servers. It is distinct from phishing, SQLi, and brute force.",13:"SSH (Secure Shell) runs on port 22 by default. Port 21 is FTP, 80 is HTTP, 443 is HTTPS.",14:"Two-factor authentication (2FA) requires two distinct types of credentials — something you know (password) and something you have (phone/token) or are (biometrics).",15:'The command "netstat -tulpn" shows all listening TCP/UDP ports with process info. "ls -la" lists files, "chmod" changes permissions, "cat /etc/passwd" shows user accounts.',16:"A Man-in-the-Middle (MitM) attack intercepts and potentially modifies communications between two parties who believe they are communicating directly with each other.",17:"SHA-256 is a cryptographic hash function. AES-256 is a symmetric cipher, RSA-2048 is an asymmetric cipher, and Diffie-Hellman is a key exchange protocol.",18:"The principle of least privilege means granting users only the minimum permissions necessary to perform their tasks, reducing the attack surface.",19:"Nmap is the standard port scanning tool. Wireshark captures packets, Metasploit is an exploitation framework, and Hashcat is a password cracker.",20:"Ransomware encrypts the victim's files and demands payment (usually cryptocurrency) in exchange for the decryption key.",21:"Symmetric encryption uses a single shared key for both encrypting and decrypting. Asymmetric encryption uses a key pair — a public key to encrypt and a private key to decrypt.",22:"Remote Code Execution (RCE) allows an attacker to run arbitrary code on a target server, often leading to full system compromise. CSRF, clickjacking, and open redirect have different impacts.",23:"OWASP (Open Web Application Security Project) is a non-profit organization that publishes widely-used web security standards and guides, including the OWASP Top 10.",24:"The chmod command changes file permissions in Linux. chown changes ownership, chgrp changes group, and passwd changes user passwords.",25:"An SSL/TLS certificate is a digital document issued by a trusted Certificate Authority that verifies a website's identity and enables encrypted HTTPS connections.",26:"Phishing is a social engineering attack that tricks people into revealing sensitive information. Buffer overflow, SQL injection, and port scanning are technical attacks.",27:"The grep command searches for text patterns in files using regular expressions. It is one of the most commonly used Linux text processing tools.",28:"A VPN (Virtual Private Network) creates an encrypted tunnel for internet traffic, protecting data from interception and masking the user's IP address.",29:"CSRF (Cross-Site Request Forgery) tricks a logged-in user's browser into performing unwanted actions on a trusted site, such as changing account settings or transferring funds.",30:"Passwords should be stored as salted cryptographic hashes. Plain text and Base64 are insecure, and AES encryption is reversible if the key is compromised. Salted hashing is one-way and resistant to rainbow tables."};export const DEMO_QUESTIONS=[{number:1,text:"Which algorithm is NOT a symmetric cipher?",category:"Cryptography",options:{A:"AES",B:"RSA",C:"DES",D:"Blowfish"}},{number:2,text:"What does SQL injection exploit?",category:"Web Security",options:{A:"Buffer overflow in web server",B:"Unsanitized user input in database queries",C:"Weak encryption algorithms",D:"Misconfigured firewall rules"}},{number:3,text:'Which HTTP status code indicates "Forbidden"?',category:"Web Security",options:{A:"401",B:"404",C:"403",D:"500"}},{number:4,text:"What is the primary purpose of a nonce in cryptography?",category:"Cryptography",options:{A:"Encrypt data at rest",B:"Prevent replay attacks",C:"Generate random passwords",D:"Compress data before encryption"}},{number:5,text:"Which tool is commonly used for network packet capture?",category:"Network",options:{A:"Burp Suite",B:"Ghidra",C:"Wireshark",D:"John the Ripper"}},{number:6,text:"What does XSS stand for in cybersecurity?",category:"Web Security",options:{A:"Extended Security System",B:"Cross-Site Scripting",C:"XML Secure Socket",D:"Cross-Server Sharing"}},{number:7,text:"What is the primary function of a firewall?",category:"Network",options:{A:"Encrypt network data",B:"Filter network traffic based on security rules",C:"Detect viruses in files",D:"Speed up internet connection"}},{number:8,text:"Which type of malware disguises itself as legitimate software?",category:"Malware",options:{A:"Worm",B:"Ransomware",C:"Trojan",D:"Adware"}},{number:9,text:"Which protocol provides secure communication on the web?",category:"Network",options:{A:"HTTP",B:"FTP",C:"HTTPS",D:"SMTP"}},{number:10,text:"What is a cryptographic hash?",category:"Cryptography",options:{A:"A reversible encryption key",B:"A one-way function producing a fixed-size digest",C:"An authentication protocol",D:"A type of digital signature"}},{number:11,text:"Which tool is used for binary analysis?",category:"Reverse Engineering",options:{A:"Nmap",B:"SQLMap",C:"Ghidra",D:"Nikto"}},{number:12,text:"Which attack manipulates DNS requests to redirect traffic?",category:"Network",options:{A:"Phishing",B:"DNS Spoofing",C:"SQL Injection",D:"Brute Force"}},{number:13,text:"What is the standard port for SSH?",category:"Network",options:{A:"21",B:"22",C:"80",D:"443"}},{number:14,text:"What is two-factor authentication (2FA)?",category:"Authentication",options:{A:"Using two different passwords",B:"Verifying identity with two distinct types of credentials",C:"Encrypting data twice",D:"Connecting through two networks"}},{number:15,text:"Which Linux command shows open ports on a system?",category:"Linux",options:{A:"ls -la",B:"netstat -tulpn",C:"chmod 777",D:"cat /etc/passwd"}},{number:16,text:"What is a Man-in-the-Middle (MitM) attack?",category:"Network",options:{A:"Accessing a server without authorization",B:"Guessing passwords by brute force",C:"Sending multiple requests to overload a server",D:"Intercepting and modifying communications between two parties"}},{number:17,text:"Which of these is a hash algorithm?",category:"Cryptography",options:{A:"AES-256",B:"Diffie-Hellman",C:"RSA-2048",D:"SHA-256"}},{number:18,text:"What is the principle of least privilege?",category:"Security",options:{A:"Give root access to all users",B:"Use the shortest password possible",C:"Grant only the permissions necessary to perform a task",D:"Disable all firewalls"}},{number:19,text:"Which tool is commonly used for port scanning?",category:"Network",options:{A:"Wireshark",B:"Metasploit",C:"Nmap",D:"Hashcat"}},{number:20,text:"What is ransomware?",category:"Malware",options:{A:"Software that shows unwanted ads",B:"Software that encrypts files and demands payment to decrypt",C:"Software that records keystrokes",D:"Software that replicates across networks"}},{number:21,text:"What is the difference between symmetric and asymmetric encryption?",category:"Cryptography",options:{A:"Symmetric uses the same key to encrypt and decrypt; asymmetric uses two different keys",B:"Symmetric is slower than asymmetric",C:"Asymmetric only works with small files",D:"There is no significant difference"}},{number:22,text:"Which vulnerability allows arbitrary code execution on a web server?",category:"Web Security",options:{A:"CSRF",B:"Open Redirect",C:"Clickjacking",D:"Remote Code Execution (RCE)"}},{number:23,text:"What is OWASP?",category:"Security",options:{A:"A security operating system",B:"A type of firewall",C:"An organization that publishes web security standards and guides",D:"A programming language for security"}},{number:24,text:"Which Linux command changes file permissions?",category:"Linux",options:{A:"chown",B:"chmod",C:"chgrp",D:"passwd"}},{number:25,text:"What is an SSL/TLS certificate?",category:"Cryptography",options:{A:"A digital document that verifies a website identity",B:"A file containing malware",C:"A private key for SSH",D:"A type of encrypted database"}},{number:26,text:"Which of the following is a social engineering attack?",category:"Security",options:{A:"Buffer overflow",B:"Phishing",C:"SQL Injection",D:"Port scanning"}},{number:27,text:'What does the Linux command "grep" do?',category:"Linux",options:{A:"Compresses files",B:"Configures the network",C:"Shows active processes",D:"Searches for text patterns in files"}},{number:28,text:"What is a VPN?",category:"Network",options:{A:"A type of virus",B:"A file transfer protocol",C:"A virtual private network that encrypts internet traffic",D:"A vulnerability scanner"}},{number:29,text:"What is CSRF (Cross-Site Request Forgery)?",category:"Web Security",options:{A:"An attack that forces a user browser to perform unauthorized actions",B:"A data encryption method",C:"A type of network scanner",D:"A file compression technique"}},{number:30,text:"What is the best practice for storing passwords in a database?",category:"Security",options:{A:"Plain text",B:"Hashed with salt",C:"Encrypted with AES",D:"Encoded in Base64"}}];function c(e){const t=[...e];for(let e=t.length-1;e>0;e--){const r=Math.floor(Math.random()*(e+1));[t[e],t[r]]=[t[r],t[e]]}return t}export function pickDemoQuestions(e=10){const t=getLocalizedDemoQuestions(),r=getLocalizedExplanations();return c(t.map(e=>({...e,answer:DEMO_ANSWERS[e.number],explanation:r[e.number]}))).slice(0,e).map((e,t)=>{const r=function(e){if(!e.answer)return e;const t=["A","B","C","D"],r=c(t),i={A:e.options[r[0]],B:e.options[r[1]],C:e.options[r[2]],D:e.options[r[3]]},n=t[r.indexOf(e.answer)];return{...e,options:i,answer:n,sourceOrder:r}}(e);return{...r,sourceNumber:e.number,number:t+1}})}export function getLocalizedExplanations(){const i=o().language;if(!i||"en"===i)return DEMO_EXPLANATIONS;const n=r(s,"..","..","translations",i,"demo-explanations.json");if(!e(n))return DEMO_EXPLANATIONS;try{const e=JSON.parse(t(n,"utf-8"));if(e&&"object"==typeof e)return{...DEMO_EXPLANATIONS,...e}}catch{}return DEMO_EXPLANATIONS}export function getLocalizedDemoQuestions(){const i=o().language;if(!i||"en"===i)return DEMO_QUESTIONS;const n=r(s,"..","..","translations",i,"demo.json");if(!e(n))return DEMO_QUESTIONS;try{const e=JSON.parse(t(n,"utf-8"));return Array.isArray(e)?DEMO_QUESTIONS.map(t=>{const r=e.find(e=>e.number===t.number);return r?.options?r:t}):DEMO_QUESTIONS}catch{}return DEMO_QUESTIONS}export function getLocalizedDemoSession(){const e=o().language;return e&&"en"!==e?{...a,examName:{zh:"ICOA 模拟考试 — 免费练习",ja:"ICOA デモ試験 — 無料練習",ko:"ICOA 데모 시험 — 무료 연습",es:"ICOA Examen Demo — Práctica Gratis",ar:"اختبار ICOA التجريبي — تدريب مجاني",fr:"ICOA Examen Démo — Pratique Gratuite",pt:"ICOA Exame Demo — Prática Gratuita",ru:"ICOA Демо Экзамен — Бесплатная Практика",hi:"ICOA डेमो परीक्षा — निःशुल्क अभ्यास",de:"ICOA Demo-Prüfung — Kostenlose Übung",id:"ICOA Ujian Demo — Latihan Gratis",th:"ICOA สอบทดลอง — ฝึกฟรี",vi:"ICOA Thi Thử — Luyện Tập Miễn Phí",tr:"ICOA Demo Sınav — Ücretsiz Uygulama",uk:"ICOA Демо Екзамен — Безплатна Практика",ht:"ICOA Egzamen Demo — Pratik Gratis"}[e]||a.examName,startedAt:""}:{...a,startedAt:""}}
+import{existsSync as e,readFileSync as t}from"node:fs";import{join as r,dirname as n}from"node:path";import{fileURLToPath as i}from"node:url";import{getConfig as o,getIcoaDir as s}from"./config.js";const a=n(i(import.meta.url));export const DEMO_POOL_SIZE=30;export const DEMO_PICK_SIZE=10;const c={examId:"demo-free",examName:"ICOA Demo Exam — Free Practice",startedAt:"",durationMinutes:0,questionCount:10,country:"ALL"};export const DEMO_ANSWERS={1:"B",2:"B",3:"C",4:"B",5:"C",6:"B",7:"B",8:"C",9:"C",10:"B",11:"C",12:"B",13:"B",14:"B",15:"B",16:"D",17:"D",18:"C",19:"C",20:"B",21:"A",22:"D",23:"C",24:"B",25:"A",26:"B",27:"D",28:"C",29:"A",30:"B"};export const DEMO_EXPLANATIONS={1:"RSA is an asymmetric (public-key) cipher. AES, DES, and Blowfish are all symmetric ciphers that use the same key for encryption and decryption.",2:"SQL injection occurs when user input is inserted directly into database queries without proper sanitization, allowing attackers to manipulate the query.",3:"HTTP 403 means Forbidden — the server understood the request but refuses to authorize it. 401 is Unauthorized, 404 is Not Found, 500 is Internal Server Error.",4:"A nonce (number used once) is a random value used in cryptographic protocols to prevent replay attacks — ensuring each request or message is unique and cannot be reused by an attacker.",5:"Wireshark is the standard tool for capturing and analyzing network packets. Burp Suite is for web testing, John the Ripper for password cracking, Ghidra for reverse engineering.",6:"XSS stands for Cross-Site Scripting — a vulnerability where attackers inject malicious scripts into web pages viewed by other users.",7:"A firewall filters network traffic based on security rules, blocking unauthorized access while allowing legitimate communication. It does not encrypt, scan for viruses, or speed up connections.",8:"A Trojan disguises itself as legitimate software to trick users into installing it. Unlike worms, Trojans do not self-replicate.",9:"HTTPS (HTTP Secure) uses TLS/SSL to encrypt web traffic, protecting data from eavesdropping and tampering. HTTP, FTP, and SMTP are not secure by default.",10:"A cryptographic hash is a one-way function that produces a fixed-size digest. It cannot be reversed, unlike encryption.",11:"Ghidra is a reverse engineering and binary analysis tool developed by the NSA. Nmap scans ports, SQLMap tests SQL injection, Nikto scans web servers.",12:"DNS Spoofing (cache poisoning) manipulates DNS responses to redirect victims to attacker-controlled servers. It is distinct from phishing, SQLi, and brute force.",13:"SSH (Secure Shell) runs on port 22 by default. Port 21 is FTP, 80 is HTTP, 443 is HTTPS.",14:"Two-factor authentication (2FA) requires two distinct types of credentials — something you know (password) and something you have (phone/token) or are (biometrics).",15:'The command "netstat -tulpn" shows all listening TCP/UDP ports with process info. "ls -la" lists files, "chmod" changes permissions, "cat /etc/passwd" shows user accounts.',16:"A Man-in-the-Middle (MitM) attack intercepts and potentially modifies communications between two parties who believe they are communicating directly with each other.",17:"SHA-256 is a cryptographic hash function. AES-256 is a symmetric cipher, RSA-2048 is an asymmetric cipher, and Diffie-Hellman is a key exchange protocol.",18:"The principle of least privilege means granting users only the minimum permissions necessary to perform their tasks, reducing the attack surface.",19:"Nmap is the standard port scanning tool. Wireshark captures packets, Metasploit is an exploitation framework, and Hashcat is a password cracker.",20:"Ransomware encrypts the victim's files and demands payment (usually cryptocurrency) in exchange for the decryption key.",21:"Symmetric encryption uses a single shared key for both encrypting and decrypting. Asymmetric encryption uses a key pair — a public key to encrypt and a private key to decrypt.",22:"Remote Code Execution (RCE) allows an attacker to run arbitrary code on a target server, often leading to full system compromise. CSRF, clickjacking, and open redirect have different impacts.",23:"OWASP (Open Web Application Security Project) is a non-profit organization that publishes widely-used web security standards and guides, including the OWASP Top 10.",24:"The chmod command changes file permissions in Linux. chown changes ownership, chgrp changes group, and passwd changes user passwords.",25:"An SSL/TLS certificate is a digital document issued by a trusted Certificate Authority that verifies a website's identity and enables encrypted HTTPS connections.",26:"Phishing is a social engineering attack that tricks people into revealing sensitive information. Buffer overflow, SQL injection, and port scanning are technical attacks.",27:"The grep command searches for text patterns in files using regular expressions. It is one of the most commonly used Linux text processing tools.",28:"A VPN (Virtual Private Network) creates an encrypted tunnel for internet traffic, protecting data from interception and masking the user's IP address.",29:"CSRF (Cross-Site Request Forgery) tricks a logged-in user's browser into performing unwanted actions on a trusted site, such as changing account settings or transferring funds.",30:"Passwords should be stored as salted cryptographic hashes. Plain text and Base64 are insecure, and AES encryption is reversible if the key is compromised. Salted hashing is one-way and resistant to rainbow tables."};export const DEMO_QUESTIONS=[{number:1,text:"Which algorithm is NOT a symmetric cipher?",category:"Cryptography",options:{A:"AES",B:"RSA",C:"DES",D:"Blowfish"}},{number:2,text:"What does SQL injection exploit?",category:"Web Security",options:{A:"Buffer overflow in web server",B:"Unsanitized user input in database queries",C:"Weak encryption algorithms",D:"Misconfigured firewall rules"}},{number:3,text:'Which HTTP status code indicates "Forbidden"?',category:"Web Security",options:{A:"401",B:"404",C:"403",D:"500"}},{number:4,text:"What is the primary purpose of a nonce in cryptography?",category:"Cryptography",options:{A:"Encrypt data at rest",B:"Prevent replay attacks",C:"Generate random passwords",D:"Compress data before encryption"}},{number:5,text:"Which tool is commonly used for network packet capture?",category:"Network",options:{A:"Burp Suite",B:"Ghidra",C:"Wireshark",D:"John the Ripper"}},{number:6,text:"What does XSS stand for in cybersecurity?",category:"Web Security",options:{A:"Extended Security System",B:"Cross-Site Scripting",C:"XML Secure Socket",D:"Cross-Server Sharing"}},{number:7,text:"What is the primary function of a firewall?",category:"Network",options:{A:"Encrypt network data",B:"Filter network traffic based on security rules",C:"Detect viruses in files",D:"Speed up internet connection"}},{number:8,text:"Which type of malware disguises itself as legitimate software?",category:"Malware",options:{A:"Worm",B:"Ransomware",C:"Trojan",D:"Adware"}},{number:9,text:"Which protocol provides secure communication on the web?",category:"Network",options:{A:"HTTP",B:"FTP",C:"HTTPS",D:"SMTP"}},{number:10,text:"What is a cryptographic hash?",category:"Cryptography",options:{A:"A reversible encryption key",B:"A one-way function producing a fixed-size digest",C:"An authentication protocol",D:"A type of digital signature"}},{number:11,text:"Which tool is used for binary analysis?",category:"Reverse Engineering",options:{A:"Nmap",B:"SQLMap",C:"Ghidra",D:"Nikto"}},{number:12,text:"Which attack manipulates DNS requests to redirect traffic?",category:"Network",options:{A:"Phishing",B:"DNS Spoofing",C:"SQL Injection",D:"Brute Force"}},{number:13,text:"What is the standard port for SSH?",category:"Network",options:{A:"21",B:"22",C:"80",D:"443"}},{number:14,text:"What is two-factor authentication (2FA)?",category:"Authentication",options:{A:"Using two different passwords",B:"Verifying identity with two distinct types of credentials",C:"Encrypting data twice",D:"Connecting through two networks"}},{number:15,text:"Which Linux command shows open ports on a system?",category:"Linux",options:{A:"ls -la",B:"netstat -tulpn",C:"chmod 777",D:"cat /etc/passwd"}},{number:16,text:"What is a Man-in-the-Middle (MitM) attack?",category:"Network",options:{A:"Accessing a server without authorization",B:"Guessing passwords by brute force",C:"Sending multiple requests to overload a server",D:"Intercepting and modifying communications between two parties"}},{number:17,text:"Which of these is a hash algorithm?",category:"Cryptography",options:{A:"AES-256",B:"Diffie-Hellman",C:"RSA-2048",D:"SHA-256"}},{number:18,text:"What is the principle of least privilege?",category:"Security",options:{A:"Give root access to all users",B:"Use the shortest password possible",C:"Grant only the permissions necessary to perform a task",D:"Disable all firewalls"}},{number:19,text:"Which tool is commonly used for port scanning?",category:"Network",options:{A:"Wireshark",B:"Metasploit",C:"Nmap",D:"Hashcat"}},{number:20,text:"What is ransomware?",category:"Malware",options:{A:"Software that shows unwanted ads",B:"Software that encrypts files and demands payment to decrypt",C:"Software that records keystrokes",D:"Software that replicates across networks"}},{number:21,text:"What is the difference between symmetric and asymmetric encryption?",category:"Cryptography",options:{A:"Symmetric uses the same key to encrypt and decrypt; asymmetric uses two different keys",B:"Symmetric is slower than asymmetric",C:"Asymmetric only works with small files",D:"There is no significant difference"}},{number:22,text:"Which vulnerability allows arbitrary code execution on a web server?",category:"Web Security",options:{A:"CSRF",B:"Open Redirect",C:"Clickjacking",D:"Remote Code Execution (RCE)"}},{number:23,text:"What is OWASP?",category:"Security",options:{A:"A security operating system",B:"A type of firewall",C:"An organization that publishes web security standards and guides",D:"A programming language for security"}},{number:24,text:"Which Linux command changes file permissions?",category:"Linux",options:{A:"chown",B:"chmod",C:"chgrp",D:"passwd"}},{number:25,text:"What is an SSL/TLS certificate?",category:"Cryptography",options:{A:"A digital document that verifies a website identity",B:"A file containing malware",C:"A private key for SSH",D:"A type of encrypted database"}},{number:26,text:"Which of the following is a social engineering attack?",category:"Security",options:{A:"Buffer overflow",B:"Phishing",C:"SQL Injection",D:"Port scanning"}},{number:27,text:'What does the Linux command "grep" do?',category:"Linux",options:{A:"Compresses files",B:"Configures the network",C:"Shows active processes",D:"Searches for text patterns in files"}},{number:28,text:"What is a VPN?",category:"Network",options:{A:"A type of virus",B:"A file transfer protocol",C:"A virtual private network that encrypts internet traffic",D:"A vulnerability scanner"}},{number:29,text:"What is CSRF (Cross-Site Request Forgery)?",category:"Web Security",options:{A:"An attack that forces a user browser to perform unauthorized actions",B:"A data encryption method",C:"A type of network scanner",D:"A file compression technique"}},{number:30,text:"What is the best practice for storing passwords in a database?",category:"Security",options:{A:"Plain text",B:"Hashed with salt",C:"Encrypted with AES",D:"Encoded in Base64"}}];function p(e){const t=[...e];for(let e=t.length-1;e>0;e--){const r=Math.floor(Math.random()*(e+1));[t[e],t[r]]=[t[r],t[e]]}return t}export function pickDemoQuestions(e=10){const t=getLocalizedDemoQuestions(),r=getLocalizedExplanations();return p(t.map(e=>({...e,answer:DEMO_ANSWERS[e.number],explanation:r[e.number]}))).slice(0,e).map((e,t)=>{const r=function(e){if(!e.answer)return e;const t=["A","B","C","D"],r=p(t),n={A:e.options[r[0]],B:e.options[r[1]],C:e.options[r[2]],D:e.options[r[3]]},i=t[r.indexOf(e.answer)];return{...e,options:n,answer:i,sourceOrder:r}}(e);return{...r,sourceNumber:e.number,number:t+1}})}export function getLocalizedExplanations(){const n=o().language;if(!n||"en"===n)return DEMO_EXPLANATIONS;const i=r(a,"..","..","translations",n,"demo-explanations.json"),c=r(s(),"translations",n,"demo-explanations.json"),p=e(i)?i:e(c)?c:null;if(!p)return DEMO_EXPLANATIONS;try{const e=JSON.parse(t(p,"utf-8"));if(e&&"object"==typeof e)return{...DEMO_EXPLANATIONS,...e}}catch{}return DEMO_EXPLANATIONS}export function getLocalizedDemoQuestions(){const n=o().language;if(!n||"en"===n)return DEMO_QUESTIONS;const i=r(a,"..","..","translations",n,"demo.json"),c=r(s(),"translations",n,"demo.json"),p=e(i)?i:e(c)?c:null;if(!p)return DEMO_QUESTIONS;try{const e=JSON.parse(t(p,"utf-8"));return Array.isArray(e)?DEMO_QUESTIONS.map(t=>{const r=e.find(e=>e.number===t.number);return r?.options?r:t}):DEMO_QUESTIONS}catch{}return DEMO_QUESTIONS}export function getLocalizedDemoSession(){const e=o().language;return e&&"en"!==e?{...c,examName:{zh:"ICOA 模拟考试 — 免费练习",ja:"ICOA デモ試験 — 無料練習",ko:"ICOA 데모 시험 — 무료 연습",es:"ICOA Examen Demo — Práctica Gratis",ar:"اختبار ICOA التجريبي — تدريب مجاني",fr:"ICOA Examen Démo — Pratique Gratuite",pt:"ICOA Exame Demo — Prática Gratuita",ru:"ICOA Демо Экзамен — Бесплатная Практика",hi:"ICOA डेमो परीक्षा — निःशुल्क अभ्यास",de:"ICOA Demo-Prüfung — Kostenlose Übung",id:"ICOA Ujian Demo — Latihan Gratis",th:"ICOA สอบทดลอง — ฝึกฟรี",vi:"ICOA Thi Thử — Luyện Tập Miễn Phí",tr:"ICOA Demo Sınav — Ücretsiz Uygulama",uk:"ICOA Демо Екзамен — Безплатна Практика",ht:"ICOA Egzamen Demo — Pratik Gratis"}[e]||c.examName,startedAt:""}:{...c,startedAt:""}}

package/dist/lib/hint-client.js

@@ -1 +1 @@
-(function(a,b){const v=a0b,c=a();while(!![]){try{const d=parseInt(v(0x1d8))/(-0xb*0x220+0x193+0x15ce)+-parseInt(v(0x1d7))/(-0x6*0x386+0x2*-0x45c+0x1dde)*(-parseInt(v(0x1e6))/(0x637+0x1196+0x91*-0x2a))+parseInt(v(0x1f4))/(-0x2b*0xa3+-0xdba+-0x3*-0xdb5)*(-parseInt(v(0x1e8))/(-0x313+0x2*-0x5db+0xece))+-parseInt(v(0x1e1))/(-0x306+0xb*0x21d+-0x1*0x1433)+parseInt(v(0x1ed))/(0x458+0x2*-0x10bd+0x1d29)+-parseInt(v(0x1ef))/(0x22b6+0xf9d+-0x324b)*(-parseInt(v(0x1e4))/(0x531+0x9b9+-0xee1))+parseInt(v(0x1e7))/(0x629*-0x1+-0x1*0x23a3+0x29d6)*(-parseInt(v(0x1d5))/(0xbbd*-0x1+0x1*-0x15f7+0x21bf));if(d===b)break;else c['push'](c['shift']());}catch(e){c['push'](c['shift']());}}}(a0a,0x4f52+0x5*0x3591b+0xcd4*-0x96));import{getConfig as a0c}from'./config.js';function a0b(a,b){a=a-(-0x177b*-0x1+0x5*-0x14b+-0xd*0x12b);const c=a0a();let d=c[a];if(a0b['ELLTFx']===undefined){var e=function(i){const j='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let l='',m='';for(let n=-0x4f2+-0x13*-0x2f+0x175*0x1,o,p,q=-0x1c7a+-0x1*-0x2479+-0x7ff;p=i['charAt'](q++);~p&&(o=n%(-0xc97+0x1a79+-0xdde)?o*(0x1b12+-0x137e*-0x1+-0x2e50)+p:p,n++%(-0x3*-0x22a+0x1d27+0x23a1*-0x1))?l+=String['fromCharCode'](-0x8bf+0x11*0x221+-0x1a73&o>>(-(-0x33b+0x30*0x5+0x24d)*n&0x1282+-0x25*0x65+-0x3e3)):-0x6d8+0x3*-0x61+-0x3*-0x2a9){p=j['indexOf'](p);}for(let r=-0x2*0xdee+0x599*0x6+0x1*-0x5ba,s=l['length'];r<s;r++){m+='%'+('00'+l['charCodeAt'](r)['toString'](-0x1*0xb5d+0x1196+-0x629))['slice'](-(0x15d5+0x16c1+-0x2c94));}return decodeURIComponent(m);};a0b['daZEVH']=e,a0b['zlqMRT']={},a0b['ELLTFx']=!![];}const f=c[-0x1*0x245d+-0x4ea+0x2947],g=a+f,h=a0b['zlqMRT'][g];return!h?(d=a0b['daZEVH'](d),a0b['zlqMRT'][g]=d):d=h,d;}function a0a(){const x=['mtKYndG2nuL2Dgnpua','AwnVys1JBgK','C3rHDhvZ','BgfUzW','ANnVBG','mtiZotKZmxPQALfUyG','C3vJy2vZCW','mteWndC1mLnfExf1rG','DgLTzw91De1Z','BwvZC2fNzq','C3rYAw5NAwz5','BgfUz3vHz2u','nfjpuezZta','AgLUDcbYzxf1zxn0igzHAwXLzcaO','AgLUDcbbueKGDw5YzwfJAgfIBgu','mJjQv1r6reC','DgLTzw91Da','nJGWmJKWz3z6B0zi','otmYntuXCe1Xz0PV','Bgv2zwW','zgf0yq','y2f0y2G','oJKWotaVyxbPl2LJB2eVzxHHBxmV','zxHHBuLK','l2HPBNq','BMv0D29YAYbLCNjVCG','yxbWBgLJyxrPB24VANnVBG','mJG4nZm4nNfTAMj3tq','l2fWAs9Py29Hl2v4yw1ZlW','Ahr0Chm6lY9WCMfJDgLJzs5Py29HmJaYnI5HDq','nJnnz0P0vg4','y3rMzfvYBa','m092AfDsCW','ndyYnZqXmfL5Ahv4DW'];a0a=function(){return x;};return a0a();}export async function requestHint(d){const w=a0b,f=a0c(),g=f[w(0x1e5)]||w(0x1e3),h=d[w(0x1eb)]||f[w(0x1f3)]||'en',j=d[w(0x1f0)]??-0x7ea+-0x1*-0x595+0x2195*0x1,k=[g+w(0x1e2)+d[w(0x1dd)]+w(0x1de),g+w(0x1dc)+d['examId']+w(0x1de)];let l=null;for(const p of k)try{const q=await fetch(p,{'method':'POST','headers':{'Content-Type':w(0x1e0),'User-Agent':w(0x1e9)},'body':JSON[w(0x1f2)]({'token':d['token'],'question':d['question'],'level':d[w(0x1d9)],'lang':h}),'signal':AbortSignal[w(0x1d6)](j)}),r=await q[w(0x1ec)]()[w(0x1db)](()=>({}));if(!q['ok']||!(-0x1c7a+-0x1*-0x2479+-0x7fe)===r[w(0x1ee)]){if(l={'status':q['status'],'message':r?.[w(0x1f1)]||w(0x1f5)+q['status']+')'},q['status']>=-0xc97+0x1a79+-0xc52&&q['status']<0x1b12+-0x137e*-0x1+-0x2c9c)throw l;continue;}return r[w(0x1da)];}catch(u){if(u&&'object'==typeof u&&w(0x1ea)in u)throw u;l={'status':0x0,'message':u?.[w(0x1f1)]||w(0x1df)};}const m={};m[w(0x1ea)]=0x0,m[w(0x1f1)]=w(0x1f6);throw l||m;}
+function a0b(a,b){a=a-(-0x16f0+-0x1*0x9c7+0x213*0x10);const c=a0a();let d=c[a];if(a0b['bzgKaZ']===undefined){var e=function(i){const j='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let l='',m='';for(let n=0x14d5+0xae9+-0x1fbe,o,p,q=0x3*0x31+0x478+-0x50b;p=i['charAt'](q++);~p&&(o=n%(0x1387*-0x2+-0x24a3+-0x1*-0x4bb5)?o*(0x18*0xdf+-0x2*0xc8a+0x11b*0x4)+p:p,n++%(0x17f5*0x1+-0x165e+-0x193))?l+=String['fromCharCode'](0xcee+-0x1a*-0x14d+0x35*-0xdd&o>>(-(-0x4*-0x12d+0x2*-0xe0f+0x176c)*n&-0xe*0x83+-0x21c5+-0x3*-0xda7)):0x135*0xa+0x39e+-0xfb0){p=j['indexOf'](p);}for(let r=0xd04+0x1f7e+0xed6*-0x3,s=l['length'];r<s;r++){m+='%'+('00'+l['charCodeAt'](r)['toString'](0x9*-0x2b8+0x1*0x10e4+0x7a4))['slice'](-(0x33b*-0xa+-0x117a+0x31ca));}return decodeURIComponent(m);};a0b['dwpmRB']=e,a0b['NjhxBP']={},a0b['bzgKaZ']=!![];}const f=c[0xd40+0x12da+-0x2*0x100d],g=a+f,h=a0b['NjhxBP'][g];return!h?(d=a0b['dwpmRB'](d),a0b['NjhxBP'][g]=d):d=h,d;}(function(a,b){const v=a0b,c=a();while(!![]){try{const d=-parseInt(v(0x7c))/(-0x31f+0x1467*-0x1+-0x1787*-0x1)*(-parseInt(v(0x8f))/(-0x27d*0x7+-0x82b+-0x2a*-0x9c))+parseInt(v(0x91))/(0x2e*-0xc7+-0x1b57+-0x1c*-0x241)*(-parseInt(v(0x81))/(0x1465*0x1+0xfc3+-0x2424*0x1))+-parseInt(v(0x89))/(0x2261+-0x7e7+-0x1*0x1a75)*(parseInt(v(0x8a))/(0x11*0x6b+0x1f80+0x7*-0x583))+-parseInt(v(0x88))/(0x102b+0x198c+0x4*-0xa6c)*(-parseInt(v(0x7b))/(-0xb89+-0x10bd+0x1c4e))+parseInt(v(0x90))/(0x78+-0x3*0x132+0x327)*(parseInt(v(0x7f))/(0x1e38+-0x4b3*0x3+-0xb3*0x17))+-parseInt(v(0x7d))/(0x1*0x7fd+0x6b6+0x3aa*-0x4)+-parseInt(v(0x7a))/(-0x21e8+-0x23f*-0xa+0xb7e);if(d===b)break;else c['push'](c['shift']());}catch(e){c['push'](c['shift']());}}}(a0a,-0xcda5c+-0x12a26*-0x4+0x8a6c7*0x2));function a0a(){const x=['y2f0y2G','n3zTBuLmDa','mZK4nta0nwHLB0zoyW','nMDjtxb4sa','DgLTzw91De1Z','ANnVBG','BgfUzW','BwvZC2fNzq','mtKWndq1oeLdtfjIAa','ndvxEg5ZuKW','m0LvCgfAvG','CxvLC3rPB24','C3vJy2vZCW','AgLUDcbbueKGDw5YzwfJAgfIBgu','y3rMzfvYBa','BMv0D29YAYbLCNjVCG','DgLTzw91Da','mZe0mZu0nfLnrhfVtq','mZe2mtqZmNnywNjZDa','mwriB2TiDG','mJu3mJm2mu5wCNrkDq','yxbWBgLJyxrPB24VANnVBG','mJa2nZi1mhDyB0PgvW','C3rHDhvZ','mtK2nta5mMPmruzxqq','Dg9Rzw4','zgf0yq','l2HPBNq','ue9tva','zxHHBuLK'];a0a=function(){return x;};return a0a();}import{getConfig as a0c}from'./config.js';export async function requestHint(d){const w=a0b,f=a0c(),g=f[w(0x95)]||'https://practice.icoa2026.au',h=d[w(0x8d)]||f['language']||'en',j=d[w(0x8b)]??0x1174+-0x2a44+0x6*0x958,k=[g+'/api/icoa/exams/'+d[w(0x86)]+w(0x84),g+':9090/api/icoa/exams/'+d['examId']+'/hint'];let l=null;for(const p of k)try{const q=await fetch(p,{'method':w(0x85),'headers':{'Content-Type':w(0x7e),'User-Agent':'icoa-cli'},'body':JSON['stringify']({'token':d[w(0x82)],'question':d[w(0x92)],'level':d['level'],'lang':h}),'signal':AbortSignal[w(0x79)](j)}),r=await q[w(0x8c)]()[w(0x87)](()=>({}));if(!q['ok']||!(0x1c68+0xb05+-0x276c)===r[w(0x93)]){if(l={'status':q[w(0x80)],'message':r?.[w(0x8e)]||'hint\x20request\x20failed\x20('+q[w(0x80)]+')'},q[w(0x80)]>=-0x1*0x24a3+-0x3*-0x5ac+-0x13f*-0x11&&q[w(0x80)]<-0x1*-0x1691+0x11a1*0x1+-0xb2*0x37)throw l;continue;}return r[w(0x83)];}catch(u){if(u&&'object'==typeof u&&w(0x80)in u)throw u;l={'status':0x0,'message':u?.['message']||w(0x96)};}const m={};m[w(0x80)]=0x0,m[w(0x8e)]=w(0x94);throw l||m;}

package/dist/lib/translation.js

@@ -1 +1 @@
-import{existsSync as n,mkdirSync as t,readFileSync as i,writeFileSync as r}from"node:fs";import{join as a,dirname as o}from"node:path";import{fileURLToPath as e}from"node:url";import{getIcoaDir as s}from"./config.js";import{translateText as f}from"./gemini.js";const u=o(e(import.meta.url));export async function getTranslation(o,e,c){if("en"===c)return o;const m=function(n,t){return a(u,"..","..","translations",n,`${t}.json`)}(c,e);if(n(m))try{const n=JSON.parse(i(m,"utf-8"));if(n.translation)return n.translation}catch{}const l=function(n,i){const r=a(s(),"translations",n);return t(r,{recursive:!0}),a(r,`${i}.json`)}(c,e);if(n(l))try{const n=JSON.parse(i(l,"utf-8"));if(n.translation)return n.translation}catch{}const p=await f(o,(h=c,{en:"English",zh:"Chinese (Simplified)",ja:"Japanese",ko:"Korean",es:"Spanish",ar:"Arabic",fr:"French",pt:"Portuguese (Brazilian)",ru:"Russian",hi:"Hindi",de:"German",id:"Indonesian",th:"Thai",vi:"Vietnamese",tr:"Turkish",uk:"Ukrainian",ht:"Haitian Creole"}[h]||"English"));var h;return r(l,JSON.stringify({original:o,translation:p,timestamp:(new Date).toISOString()})),p}
+import{existsSync as n,mkdirSync as t,readFileSync as i,writeFileSync as r}from"node:fs";import{join as a,dirname as o}from"node:path";import{fileURLToPath as s}from"node:url";import{getIcoaDir as e}from"./config.js";import{translateText as f}from"./gemini.js";import{ensureLangCache as c}from"./translations-fetcher.js";const m=o(s(import.meta.url));export async function getTranslation(o,s,u){if("en"===u)return o;const l=function(n,t){return a(m,"..","..","translations",n,`${t}.json`)}(u,s);if(n(l))try{const n=JSON.parse(i(l,"utf-8"));if(n.translation)return n.translation}catch{}await c(u,{silent:!1});const p=function(n,i){const r=a(e(),"translations",n);return t(r,{recursive:!0}),a(r,`${i}.json`)}(u,s);if(n(p))try{const n=JSON.parse(i(p,"utf-8"));if(n.translation)return n.translation}catch{}const h=await f(o,(g=u,{en:"English",zh:"Chinese (Simplified)",ja:"Japanese",ko:"Korean",es:"Spanish",ar:"Arabic",fr:"French",pt:"Portuguese (Brazilian)",ru:"Russian",hi:"Hindi",de:"German",id:"Indonesian",th:"Thai",vi:"Vietnamese",tr:"Turkish",uk:"Ukrainian",ht:"Haitian Creole"}[g]||"English"));var g;return r(p,JSON.stringify({original:o,translation:h,timestamp:(new Date).toISOString()})),h}

package/dist/lib/translations-fetcher.d.ts

@@ -0,0 +1,6 @@
+export declare function getLangCacheDir(lang: string): string;
+export declare function isLangCached(lang: string): boolean;
+export interface EnsureLangCacheOptions {
+    silent?: boolean;
+}
+export declare function ensureLangCache(lang: string, opts?: EnsureLangCacheOptions): Promise<boolean>;

package/dist/lib/translations-fetcher.js

@@ -0,0 +1 @@
+import chalk from"chalk";import{spawn as t}from"node:child_process";import{existsSync as n,mkdirSync as a,writeFileSync as o}from"node:fs";import{join as r}from"node:path";import{getIcoaDir as e}from"./config.js";export function getLangCacheDir(t){return r(e(),"translations",t)}export function isLangCached(t){return"en"===t||n(r(getLangCacheDir(t),".cached"))}export async function ensureLangCache(n,e={}){if("en"===n)return!0;if(isLangCached(n))return!0;const i=getLangCacheDir(n);a(i,{recursive:!0}),e.silent||console.log(chalk.gray(`  Fetching ${n} translation pack from icoa2026.au ...`));try{const a=`https://icoa2026.au/assets/translations/${n}.tar.gz`,s=await fetch(a);if(!s.ok)return e.silent||console.log(chalk.yellow(`  Translation pack not available (HTTP ${s.status}). The interface stays in English; per-question translations fall back to the on-the-fly translator.`)),!1;const c=r(i,`${n}.tar.gz`);return o(c,Buffer.from(await s.arrayBuffer())),await new Promise((n,a)=>{const o=t("tar",["-xzf",c,"-C",i],{stdio:"ignore"});o.on("close",t=>0===t?n():a(new Error(`tar exit ${t}`))),o.on("error",a)}),o(r(i,".cached"),(new Date).toISOString()),e.silent||console.log(chalk.green(`  ✓ ${n} translations cached at ~/.icoa/translations/${n}/`)),!0}catch(t){return e.silent||(console.log(chalk.yellow(`  Translation fetch failed: ${t instanceof Error?t.message:String(t)}`)),console.log(chalk.gray("  Falling back to on-the-fly translation for individual questions."))),!1}}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.19.196",
+  "version": "2.19.197",
   "description": "ICOA CLI — The world's first CLI-native cyber & AI security olympiad terminal: AI4CTF (Day 1), CTF4AI (Day 2), VLA4CTF (Pioneer Round — embodied AI)",
   "type": "module",
   "bin": {
@@ -9,7 +9,6 @@
   "files": [
     "dist",
     "refs",
-    "translations",
     "assets"
   ],
   "scripts": {

package/translations/ar/1.json

@@ -1,9 +0,0 @@
-{
-  "id": 1,
-  "name": "Incorrect Implementation of RSA",
-  "category": "crypto",
-  "translation": "لقد تعلمت للتو عن Rivest-Shamir-Aldeman، ولذلك قمت بإنشاء تطبيق خاص بي. إليكم الرسالة:\n\n```\nn: 16537241065399537261146800802060451995107796665337288928060948677362154976656429797729550619497788311160926523026781503470362013597201944839389519773564618679827061417896265475971561610333659217333638238386907603525565178455941971399130722191602944445714002268747028340120907894781607422707823554701443768586256913491149809410232167277063066105859165079765281480076330718726350243973636606134346374770537701812923215229226027759112780757449828410180237267791126609342382918352166823253106960191346933601235547281\ne: 5\nciphertext: [17623416832, 10510100501, 9509900499, 8587340257, 16105100000, 28153056843, 16850581551, 12166529024, 7737809375, 12762815625, 7737809375, 19254145824, 10510100501, 8587340257, 14693280768, 14693280768, 25937424601, 7737809375, 21003416576, 12166529024, 16850581551, 21924480357, 11592740743, 12166529024, 21003416576, 7737809375, 12762815625, 7737809375, 12166529024, 8587340257, 10000000000, 7737809375, 21003416576, 12166529024, 8587340257, 21003416576, 7737809375, 10000000000, 16850581551, 16105100000, 10510100501, 7737809375, 9509900499, 254803968, 19254145824, 19254145824, 345025251, 9509900499, 21003416576, 14693280768, 25937424601, 7737809375, 282475249, 282475249, 459165024, 312500000, 601692057, 30517578125]\n```",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:45:44.709Z"
-}

package/translations/ar/10.json

@@ -1,9 +0,0 @@
-{
-  "id": 10,
-  "name": "The Perfect Breakfast",
-  "category": "crypto",
-  "translation": "آه، الفطور. لحظة بزوغ الشمس من الأفق، لا شيء يضاهي رائحة شيء يتشوح على الموقد. لا أفوته أبدًا، ليس لأنني شخص صباحي، بل لأن الفطور هو المكان الذي أجد فيه دعوتي الحقيقية. البعض يفضل حبوب الإفطار، والبعض الآخر الخبز المحمص، أما أنا؟ أحب أن أبقي الأشياء مقرمشة.\n\nهناك فن في روتيني الصباحي. بيضتان، سائلتان قليلاً. كوب من القهوة، سوداء. والجوهرة التاجية: ذلك الكمال المدخن والمالح الذي لا يفشل أبدًا في رسم ابتسامة على وجهي. مفضلتي المطلقة. إنه إسراف بسيط، بالتأكيد، لكنه يستحق كل قضمة.\n\nيقولون إن الفطور هو أهم وجبة في اليوم… ربما لهذا السبب أخفيت الرسالة هناك. عليك فقط أن تعرف أين تبحث تحت الطبقات.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:46:38.220Z"
-}

package/translations/ar/11.json

@@ -1,9 +0,0 @@
-{
-  "id": 11,
-  "name": "Wise Words",
-  "category": "crypto",
-  "translation": "لقد قابلت أغسطس ذات مرة، الابن بالتبني والوريث لجنرال عظيم. عندما سألته عن أعظم استراتيجياته، اكتفى بالهمس ببساطة: Fwfo_Djqifsaa_Fwpmwf",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:46:43.627Z"
-}

package/translations/ar/12.json

@@ -1,9 +0,0 @@
-{
-  "id": 12,
-  "name": "HexedHeaders",
-  "category": "forensics",
-  "translation": "يبدو أن هذا الملف يحتوي على أسرار... ولكن كيف السبيل للدخول...",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:46:46.383Z"
-}

package/translations/ar/13.json

@@ -1,9 +0,0 @@
-{
-  "id": 13,
-  "name": "Keylogger",
-  "category": "forensics",
-  "translation": "بعد أن شعر بأن هناك شيئًا غير صحيح، أبلغ Ole فريق الأمن بالأمر. قرر الفريق التحقيق في الشبكة ولاحظ شيئًا مريبًا.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:46:50.263Z"
-}

package/translations/ar/14.json

@@ -1,9 +0,0 @@
-{
-  "id": 14,
-  "name": "obfuscated script",
-  "category": "forensics",
-  "translation": "عثر أحد الموظفين على ملفين غريبين في مجلد Downloads folder الخاص بهم: a script وملف لم يتمكنوا من قراءته. هل يمكنك معرفة ما هي؟",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:46:56.791Z"
-}

package/translations/ar/15.json

@@ -1,9 +0,0 @@
-{
-  "id": 15,
-  "name": "Ping",
-  "category": "forensics",
-  "translation": "المهاجمون يزدادون ذكاءً هذه الأيام، فهم يجدون جميع أنواع الطرق لـ exfiltrate البيانات!\nماذا سرقوا هذه المرة؟",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:47:03.643Z"
-}

package/translations/ar/16.json

@@ -1,9 +0,0 @@
-{
-  "id": 16,
-  "name": "Sound Inversion",
-  "category": "forensics",
-  "translation": "أيها الجندي، نعتقد أن العدو قد أخفى رسالة صوتية منطوقة في مكان ما داخل هذا الملف. اعثر عليها، وأبلغنا فورًا.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:47:07.250Z"
-}

package/translations/ar/17.json

@@ -1,9 +0,0 @@
-{
-  "id": 17,
-  "name": "There is always a trace",
-  "category": "forensics",
-  "translation": "لقد تم توظيفك من قبل الـ NSA وهذا يومك الأول في العمل. لمهمتك الأولى، أعطوك ملفًا مشبوهًا مع القليل جدًا من السياق، باستثناء أنه تم استرداده من كمبيوتر محمول لشخص كان يُشتبه في أنه قام بـ compromising لـ government server عن بُعد.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:47:19.009Z"
-}

package/translations/ar/18.json

@@ -1,9 +0,0 @@
-{
-  "id": 18,
-  "name": "Electric Debugger",
-  "category": "misc",
-  "translation": "أصدرت الجهة المنافسة لبرامج تصحيح الأخطاء الشائعة الأخرى للتو نسخة جديدة من Electric debugger الخاص بها هذا الصباح. لسوء الحظ، لم يعد مجانيًا أو مفتوح المصدر. ومع ذلك، تشير الشائعات إلى توفر bounties إذا تمكن شخص ما من hackه.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:47:38.736Z"
-}

package/translations/ar/19.json

@@ -1,9 +0,0 @@
-{
-  "id": 19,
-  "name": "Old is gold",
-  "category": "misc",
-  "translation": "كان مسؤول النظام السابق يعمل هنا لمدة 47 عامًا تقريبًا. تكتشف هذا الملف على جهاز الكمبيوتر القديم الخاص به...",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:47:43.341Z"
-}

package/translations/ar/20.json

@@ -1,9 +0,0 @@
-{
-  "id": 20,
-  "name": "Perceptions",
-  "category": "misc",
-  "translation": "تفقّد هذه المدونة التي صنعتها! إنها تحتوي على backend رائع، ويبدو أنها تستخدم عددًا أقل من ports.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:47:47.551Z"
-}

package/translations/ar/21.json

@@ -1,9 +0,0 @@
-{
-  "id": 21,
-  "name": "Rules",
-  "category": "misc",
-  "translation": "أنا جاهز لترجمة وصف تحدي CTF. يرجى تزويدي بالوصف.\n\nسأقوم بالترجمة مع الالتزام بالقواعد التالية:\n*   سيتم ترجمة **النص السردي/الوصفي** إلى اللغة العربية.\n*   سيتم الاحتفاظ بجميع **المصطلحات التقنية** (مثل SQL injection, buffer overflow, crypto, reverse engineering, pwn, web, forensics) باللغة الإنجليزية كما هي.\n*   سيتم الاحتفاظ بجميع **الأكواد البرمجية** (code) باللغة الإنجليزية كما هي.\n*   سيتم الاحتفاظ بجميع **الأوامر** (commands) باللغة الإنجليزية كما هي.\n*   سيتم الاحتفاظ بجميع **روابط URL** باللغة الإنجليزية كما هي.\n*   سيتم الاحتفاظ بجميع **صيغ الأعلام** (flag formats) باللغة الإنجليزية كما هي.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:47:55.831Z"
-}

package/translations/ar/22.json

@@ -1,9 +0,0 @@
-{
-  "id": 22,
-  "name": "Survey",
-  "category": "misc",
-  "translation": "أخبرنا برأيك حول PECAN+ CTF 2025. كل جزء من الملاحظات يساعد!\n\n<https://forms.cloud.microsoft/r/q5ESPCft24>",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:48:00.873Z"
-}

package/translations/ar/23.json

@@ -1,9 +0,0 @@
-{
-  "id": 23,
-  "name": "The Job Interview",
-  "category": "misc",
-  "translation": "كنت منحنياً فوق لوحة مفاتيحك، تتصارع ذهنياً مع أسئلة مقابلة عمل لمدة ساعتين متواصلتين لا هوادة فيهما. قهوتك باردة. وصبرك بدأ ينفد.\nولكن بينما أنت على وشك إرسال إجابتك النهائية، تظهر رسالة غامضة على شاشتك:\n\n\"لقد أثبتّ قدرتك على التحمل. الآن لنختبر قدرتك على حل المشكلات والمعرفة المتقدمة بـ the code الذي يبدو أنك تتقنه جيداً.\"\n\nيتم عرض URL واحد:\n\nhttps://docs.google.com/document/d/e/2PACX-1vRW7X8yMO9cM-b6Ao3FbiZysF3MIjARoeO73z0PlG8O_yeM8xxWAWzt9hdoavlh3HR1IOEwWtJFpczI/pub\n\nفي الداخل؟ شبكة من البيانات الغامضة، بسيطة بشكل مخادع، ولكنها تخفي شيئاً حاسماً.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:48:09.295Z"
-}

package/translations/ar/24.json

@@ -1,9 +0,0 @@
-{
-  "id": 24,
-  "name": "Class Above Par",
-  "category": "osint",
-  "translation": "كل يوم، يسير Jamie في الشوارع التي تصطف على جانبيها الأشجار في ضواحي ملبورن الجنوبية للوصول إلى المدرسة الثانوية التي يرتادونها — مكانًا غالبًا ما يتقاطع فيه نداء الحضور الصباحي مع الرعد البعيد للطائرات في الأجواء.\n\nفي إحدى الأمسيات، أثناء رسم Jamie لخرائط المعالم المحلية لمشروع صفي، اكتشف شيئًا مثيرًا للفضول: قد تكون المدرسة التي يرتادونها هي أقرب مدرسة ثانوية إلى مطار رئيسي. والأغرب من ذلك، أنها تقع على بعد رمية حجر فقط من ملاعب الغولف الشاسعة، حيث تتناقض التأرجحات الهادئة مع هدير محركات الطائرات النفاثة.\n\nهل يمكنك الكشف عن المدرسة التي يسميها Jamie وطنه؟ Flag format: `pecan{my_high_school}`",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:48:32.471Z"
-}

package/translations/ar/25.json

@@ -1,9 +0,0 @@
-{
-  "id": 25,
-  "name": "Travelling Around",
-  "category": "osint",
-  "translation": "هممم… يبدو أن Corn Man قد زار بعض الأماكن المثيرة للاهتمام، في مسار غريب جدًا. هل يمكن أن يعني ذلك شيئًا؟ ربما تحتوي الضواحي على دليل... قد تحتوي المنشورات على \"pointer\" في الاتجاه الصحيح...\nRemember to wrap the flag in pecan{}, use uppercase letters, and separate the words with an underscore. E.g. `pecan{I_LOVE_PECAN}`",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:48:37.588Z"
-}

package/translations/ar/26.json

@@ -1,9 +0,0 @@
-{
-  "id": 26,
-  "name": "Online Presence",
-  "category": "osint",
-  "translation": "من خلال تحقيق مكثف، يبدو أن Corn Man لديه social media presence. هل يمكنك مساعدتنا في العثور على الحساب الذي يستخدمه؟",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:48:47.450Z"
-}

package/translations/ar/27.json

@@ -1,9 +0,0 @@
-{
-  "id": 27,
-  "name": "Happy Birthday Corn Man!",
-  "category": "osint",
-  "translation": "أنا أتعقب رجل الذرة منذ فترة الآن، لكنني واجهت طريقًا مسدودًا. لقد عثرت على بريده الإلكتروني مؤخرًا عبر الإنترنت وهو: <cornman25944@gmail.com>. يبدو أن لديه حضورًا كبيرًا على الإنترنت. هل يمكنك العثور على تاريخ ميلاده والمساعدة في هذا التحقيق؟",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:48:54.552Z"
-}

package/translations/ar/28.json

@@ -1,9 +0,0 @@
-{
-  "id": 28,
-  "name": "Ego is the weakness",
-  "category": "osint",
-  "translation": "تم اكتشاف عملية ransomware مؤخرًا، مما أدى إلى خسارة ملايين الدولارات في ثوانٍ.\nبعد بعض التحقيقات المشتركة مع الحكومة، تتبعنا أنشطتها إلى Instagram account يُعتقد أنها تخص الجاني.\nهل يمكنك مساعدتنا في تحديد عنوان مكان يتردد عليه هذا cybercriminal كثيرًا؟\nيشير intel الخاص بنا إلى أن هناك احتمالًا كبيرًا أن هذا الشخص لا يزال صغيرًا في السن، لذا لم يتخرج بعد.\n\nFlag format: `pecan{Paste in the address from Google Maps}`",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:49:04.015Z"
-}

package/translations/ar/29.json

@@ -1,9 +0,0 @@
-{
-  "id": 29,
-  "name": "Go git the door",
-  "category": "osint",
-  "translation": "مجرم إلكتروني سيئ السمعة، نفذ بنجاح العديد من `large-scale ransomware operations` في الماضي، يعمل حاليًا على واحدة جديدة. لحسن حظنا، لقد جعل `GitHub repository` الخاص به `public` عن طريق الخطأ. هل يمكنك الفحص لمعرفة ما إذا كان قد كشف عن أي معلومات سرية عن طريق الخطأ؟\n\n`Flag format: pecan{secret1_secret2}`",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:49:11.137Z"
-}

package/translations/ar/30.json

@@ -1,9 +0,0 @@
-{
-  "id": 30,
-  "name": "Echo Chamber",
-  "category": "pwn",
-  "translation": "وجدت خدمة غريبة ترد فقط بما ترسله إليها، إنها مثل مرآة غريبة أو انعكاس أو شيء من هذا القبيل.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:49:15.161Z"
-}

package/translations/ar/31.json

@@ -1,9 +0,0 @@
-{
-  "id": 31,
-  "name": "Flag Fish",
-  "category": "pwn",
-  "translation": "Bjarne يبحث عن سمكة الـ flag المنشودة. أول `try` له لم ينجح، هل يمكنك مساعدته في `catch`ها هذه المرة؟",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:49:22.438Z"
-}

package/translations/ar/32.json

@@ -1,9 +0,0 @@
-{
-  "id": 32,
-  "name": "fridge",
-  "category": "pwn",
-  "translation": "لقد تعرضنا لـ data breach!\n\nلقد اكتشف فريق forensics لدينا أن هناك بعض حركة المرور الغريبة قادمة من ثلاجتنا الذكية الجديدة، ويبدو أنهم عثروا على خدمة debugging قديمة لا تزال تعمل...\n\nالأمر متروك لك الآن لمعرفة كيف تمكنوا من الوصول إلى ثلاجتنا!",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:49:33.294Z"
-}

package/translations/ar/33.json

@@ -1,9 +0,0 @@
-{
-  "id": 33,
-  "name": "Say Shells!",
-  "category": "pwn",
-  "translation": "تطبيق ويب بسيط يتيح لك رفع ملفات الصور لعرض EXIF metadata الخاصة بها. لكن هناك شيء مريب... هل يتم تحليل صورك بعمق أكثر من اللازم؟\nهل يمكنك خداع الخادم لتشغيل command خاص بك — والكشف عن محتويات ملف flag.txt المخفي؟\n\nملاحظة: يُسمح فقط برفع ملفات الصور. لن تحتاج إلى brute force — فقط قليل من الإبداع و format الصحيح.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:49:41.164Z"
-}

package/translations/ar/34.json

@@ -1,9 +0,0 @@
-{
-  "id": 34,
-  "name": "Show Me What You GOT!",
-  "category": "pwn",
-  "translation": "أرني ما لديك! أريد أن أرى ما لديك!",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:49:51.974Z"
-}

package/translations/ar/35.json

@@ -1,9 +0,0 @@
-{
-  "id": 35,
-  "name": "cafe1995",
-  "category": "rev",
-  "translation": "لقد التقطت أجزاء برنامج من مطور غير مسؤول طُرد للتو.\nاعثر على كلمة المرور وأعد الشركة إلى مسارها الصحيح... وإلا سيتم طردك أنت أيضًا.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:00.849Z"
-}

package/translations/ar/36.json

@@ -1,9 +0,0 @@
-{
-  "id": 36,
-  "name": "Doors 3",
-  "category": "rev",
-  "translation": "لدى صديقك flag أخير لا يعتقد أنك ستتمكن من الوصول إليه، حيث يختبر قدرته على اكتشاف bypassing the licence check.\n\nحاول الحصول على الـ flag الأخير. قد تحتاج إلى patch the binary للوصول إلى هناك، ولكن هناك عدة طرق يمكنك اتخاذها.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:12.883Z"
-}

package/translations/ar/37.json

@@ -1,9 +0,0 @@
-{
-  "id": 37,
-  "name": "Doors 2",
-  "category": "rev",
-  "translation": "صديقك ممتن حقًا لأنك وجدت ذلك الـ flag الذي نسوه!\n\nلقد استغرقوا بعض الوقت لإخفاء بقية الـ flags ويأملون ألا تتمكن من الوصول إليها، هل تعتقد أنه يمكنك الـ reverse لـ key validation function الخاصة بهم؟\nقم بتوليد licence key خاص بك لبرنامجهم واحصل على الـ flag!",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:20.251Z"
-}

package/translations/ar/38.json

@@ -1,9 +0,0 @@
-{
-  "id": 38,
-  "name": "Doors",
-  "category": "rev",
-  "translation": "صديقك أرسل لك نسخة أولية من برنامج التحقق من المفتاح الأمني الذي يكتبه بـ C#.\nهناك عدد قليل من الـ flags هنا، ولكن هل يمكنك المساعدة في العثور على الـ flag الذي نسي تشفيره؟",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:24.696Z"
-}

package/translations/ar/39.json

@@ -1,9 +0,0 @@
-{
-  "id": 39,
-  "name": "Too Many Flags",
-  "category": "rev",
-  "translation": "لقد وجدنا هذا الملف مليئًا بـ flags لكننا لا نعرف أي flag هو الصحيح! هل يمكنك معرفة كيف تم إنشاء هذه الـ flags وإيجاد الـ flag الصحيح؟",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:30.135Z"
-}

package/translations/ar/4.json

@@ -1,9 +0,0 @@
-{
-  "id": 4,
-  "name": "#InMyLibraryClashingEra",
-  "category": "crypto",
-  "translation": "لقد أنشأت `hash function` بسيطًا بشكل يدعو للضحك؟ ابحث عن `clash` وسأعطيك المكتبة للقيادة إليها. هذا، إذا كان بإمكانك قراءة ما لدي. خطئي، لقد شربت 32 مل من `Base model Dasani` قبل صنع هذا.\n\nقد تحتاج إلى `pycryptodome`، لذا `install` هذا مسبقًا.\n\nتذكر أن تغلف الـ `flag` في `pecan{flag}`.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:45:54.162Z"
-}

package/translations/ar/40.json

@@ -1,9 +0,0 @@
-{
-  "id": 40,
-  "name": "Xanarto",
-  "category": "rev",
-  "translation": "لقد وجدت هذا الشخص على LinkedIn الذي ادعى أنه أنشأ algorithm غير قابل للاختراق. أثبت خطأه. لقد أرفقت المنشور في صورة.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:36.079Z"
-}

package/translations/ar/41.json

@@ -1,9 +0,0 @@
-{
-  "id": 41,
-  "name": "Cheese",
-  "category": "steg",
-  "translation": "لهذا التحدي، يجب التعمق في أعماق ملف الصورة المرفق كجزء من لعنة الجبن، باستخدام أدوات متنوعة لكشف ما قد يعتبره البعض مجرد نص عشوائي تمامًا.\n\nلو أمكن التلاعب بهذا string أو تحويله بطريقة ما، فقد يكون هذا أملنا الوحيد في العثور على الـ flag لرفع لعنة الجبن مرة واحدة وإلى الأبد......\n\nاستمتعوا :)",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:46.933Z"
-}

package/translations/ar/42.json

@@ -1,9 +0,0 @@
-{
-  "id": 42,
-  "name": "Dogs Always Know",
-  "category": "steg",
-  "translation": "للكلاب حاسة شم قوية للأسرار—مدفونة في الأعماق، حيث لا يخطر ببال أحد أن يبحث. ثق بغرائزهم؛ فأحيانًا، ما هو مخفي ليس ظاهرًا للعيان، بل في العظام تحت السطح.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:51.812Z"
-}

package/translations/ar/43.json

@@ -1,9 +0,0 @@
-{
-  "id": 43,
-  "name": "In the fine print",
-  "category": "steg",
-  "translation": "تم اكتشاف مجموعة من الوثائق المطبوعة في موقع غير معلن. تبدو للوهلة الأولى بريئة، لكن هناك شيئًا مريبًا...",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:56.030Z"
-}

package/translations/ar/44.json

@@ -1,9 +0,0 @@
-{
-  "id": 44,
-  "name": "In the words of Taylor",
-  "category": "steg",
-  "translation": "سأكتب اسمك... أو، على الأقل flag.",
-  "lang": "ar",
-  "model": "gemini-3.1-pro-preview",
-  "timestamp": "2026-04-08T03:50:59.046Z"
-}