icoa-cli 2.19.244 → 2.19.245

package/dist/lib/hint-client.js

@@ -1 +1 @@
-(function(a,b){const v=a0b,c=a();while(!![]){try{const d=parseInt(v(0x88))/(0x6*-0x2c9+0x2f*0xad+-0xf0c)*(-parseInt(v(0x8b))/(0x1*0xaaf+0x7fe+-0x12ab))+-parseInt(v(0xa2))/(0x2*-0x6c4+0x1628+-0x89d)*(-parseInt(v(0x94))/(-0xd*0x1a7+0x1*0x975+-0x1*-0xc0a))+parseInt(v(0x8e))/(0xfd0+0x116b+-0x6*0x589)*(parseInt(v(0x99))/(0x18cb+-0x1*0x6fb+0x45*-0x42))+-parseInt(v(0x90))/(-0xfc7+-0x1*0xc1+0x108f)*(-parseInt(v(0x91))/(-0x1b4c+-0x4*0x529+-0xa*-0x4cc))+-parseInt(v(0x8d))/(0x9c2+0x31*0x81+-0x226a)*(parseInt(v(0x93))/(0x29*0x4d+-0x13c9+-0x89*-0xe))+-parseInt(v(0xa7))/(0x2390+0x1a96*-0x1+-0x8ef)+-parseInt(v(0x89))/(0xb51*-0x3+-0x499+0x2698)*(-parseInt(v(0x8a))/(-0x2399+0xcc*0xc+0x1a16));if(d===b)break;else c['push'](c['shift']());}catch(e){c['push'](c['shift']());}}}(a0a,-0x66022+-0x1*0x80271+0xb61f*0x1b));import{getConfig as a0c}from'./config.js';function a0b(a,b){a=a-(-0x74+-0x236+-0x1*-0x332);const c=a0a();let d=c[a];if(a0b['csRsYY']===undefined){var e=function(i){const j='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let l='',m='';for(let n=-0x3*-0x1a3+0x13df+-0x18c8,o,p,q=0x223+-0x2050+0x1e2d;p=i['charAt'](q++);~p&&(o=n%(0xef1+-0x1a57+-0xb6a*-0x1)?o*(-0x168d+-0x172a*0x1+-0x2df7*-0x1)+p:p,n++%(-0x2550+0x2*-0xa27+-0x1*-0x39a2))?l+=String['fromCharCode'](0x6*-0x2ba+0x1887+0x1b*-0x44&o>>(-(-0xdd*-0x24+-0x12a3+-0x425*0x3)*n&0x3d5*0x6+-0x6fc+0xba*-0x16)):-0x98c+-0x12c1*0x1+0x1c4d){p=j['indexOf'](p);}for(let r=0x186d*-0x1+0xb5f+0xd0e,s=l['length'];r<s;r++){m+='%'+('00'+l['charCodeAt'](r)['toString'](-0x234c+0x24e5+-0x189))['slice'](-(0x5*0xbf+-0x1741+0x1388));}return decodeURIComponent(m);};a0b['yqZOpg']=e,a0b['vBjIaK']={},a0b['csRsYY']=!![];}const f=c[0x25da+0xf5b+-0x3535],g=a+f,h=a0b['vBjIaK'][g];return!h?(d=a0b['yqZOpg'](d),a0b['vBjIaK'][g]=d):d=h,d;}function a0a(){const x=['C3vJy2vZCW','nJy2mJnqDKHvBvC','mJKWmdaWngjRzfr5qq','mtnoALnSzvK','mLj0BNvtAW','Dg9Rzw4','mte5mJvMDLvQBuK','ndvdA1flANK','Bgv2zwW','mta5oxvlB2joDa','mtq0odHICg93z0O','ue9tva','ntuWALv1s2jr','ndu4ng5JwxfYCq','C3rHDhvZ','B2jQzwn0','BMv0D29YAYbLCNjVCG','zgf0yq','oduYmZzAs3rNB2q','AgLUDcbYzxf1zxn0igzHAwXLzcaO','BwvZC2fNzq','zxHHBuLK','y3rMzfvYBa','y2f0y2G','BgfUzW','l2HPBNq','AgLUDcbbueKGDw5YzwfJAgfIBgu','mtC0AgPiqLHT','oJKWotaVyxbPl2LJB2eVzxHHBxmV','CxvLC3rPB24','DgLTzw91De1Z','DgLTzw91Da','mJKXmJa5nNnqCvLAAa'];a0a=function(){return x;};return a0a();}export async function requestHint(d){const w=a0b,f=a0c(),g=f[w(0x9d)]||'https://practice.icoa2026.au',h=d[w(0x9f)]||f['language']||'en',j=d[w(0xa5)]??0xb6d+-0x128d+-0x998*-0x4,k=[g+'/api/icoa/exams/'+d['examId']+w(0xa0),g+w(0xa3)+d[w(0x9c)]+w(0xa0)];let l=null;for(const p of k)try{const q=await fetch(p,{'method':w(0x92),'headers':{'Content-Type':'application/json','User-Agent':'icoa-cli'},'body':JSON['stringify']({'token':d[w(0x8c)],'question':d[w(0xa4)],'level':d[w(0x8f)],'lang':h}),'signal':AbortSignal[w(0xa6)](j)}),r=await q['json']()[w(0x9e)](()=>({}));if(!q['ok']||!(-0xabb+-0xde*0x19+0x206a)===r[w(0xa8)]){if(l={'status':q[w(0x95)],'message':r?.['message']||w(0x9a)+q[w(0x95)]+')'},q['status']>=-0x12fe+0x8e6+0xba8&&q[w(0x95)]<-0x2417+-0x10fc*-0x1+0x150f)throw l;continue;}return r[w(0x98)];}catch(u){if(u&&w(0x96)==typeof u&&w(0x95)in u)throw u;l={'status':0x0,'message':u?.[w(0x9b)]||w(0x97)};}const m={};m[w(0x95)]=0x0,m['message']=w(0xa1);throw l||m;}
+(function(a,b){const v=a0b,c=a();while(!![]){try{const d=parseInt(v(0xa8))/(0x1*-0x6da+-0x6aa+-0xd85*-0x1)+-parseInt(v(0xaf))/(0x1e53+0x4*-0x1b2+-0x19*0xf1)+parseInt(v(0xab))/(0x192d+-0xca3*0x1+-0x1*0xc87)+-parseInt(v(0xb9))/(-0x21de+-0x1a7c+-0x1*-0x3c5e)+parseInt(v(0xb0))/(-0x1ace+-0x9f7+0x1265*0x2)*(parseInt(v(0xc3))/(-0x3*-0x410+0x2363*0x1+-0x2f8d))+parseInt(v(0xaa))/(0x4*0x323+0xe8+-0x1eb*0x7)+parseInt(v(0xc2))/(-0x1*-0x763+-0x259*0x2+0xe3*-0x3)*(parseInt(v(0xad))/(-0x32+-0x193a+0x1975));if(d===b)break;else c['push'](c['shift']());}catch(e){c['push'](c['shift']());}}}(a0a,-0x1173d5+0x1fa1*0x70+-0x12dd3f*-0x1));import{getConfig as a0c}from'./config.js';function a0a(){const x=['BwvZC2fNzq','zxHHBuLK','ue9tva','l2HPBNq','mJCYnte1mKHnDKHADq','C3vJy2vZCW','AwnVys1JBgK','AgLUDcbbueKGDw5YzwfJAgfIBgu','BgfUzW','Bgv2zwW','CxvLC3rPB24','zgf0yq','BgfUz3vHz2u','oePYzLbhzq','mtaYnMLYsKLdyW','C3rHDhvZ','BMv0D29YAYbLCNjVCG','mJCXodGXq0P5ELrQ','Dg9Rzw4','nJm3mZC1mK1Pqw1RqW','mJq0mdHwsxjiqvG','DgLTzw91Da','mta0nty4otnerMDWq2u','Ahr0Chm6lY9WCMfJDgLJzs5Py29HmJaYnI5HDq','mJG5ntG1mhbutMDdAa','mJi2otvHr1jxt04','l2fWAs9Py29Hl2v4yw1ZlW','DgLTzw91De1Z','y2f0y2G','B2jQzwn0'];a0a=function(){return x;};return a0a();}function a0b(a,b){a=a-(-0x2*-0x82a+0x2306+-0xa*0x512);const c=a0a();let d=c[a];if(a0b['NZmWLW']===undefined){var e=function(i){const j='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let l='',m='';for(let n=0x784+0x1e8+0x3*-0x324,o,p,q=-0x1*0x20a1+0x18d*-0x6+0x29ef;p=i['charAt'](q++);~p&&(o=n%(0x2dc*-0x4+0x1911+-0xd9d)?o*(-0x19ff*-0x1+-0x171e+-0x2a1*0x1)+p:p,n++%(0x2703+-0x10*-0x55+0x39*-0xc7))?l+=String['fromCharCode'](-0x1a5e+-0xc2d+0x2d3*0xe&o>>(-(0x1*-0x70d+-0x1*-0x102e+-0x91f)*n&0x1d23+0xe9*-0x1b+-0x48a)):0x6*0x81+-0x1c61+0x1*0x195b){p=j['indexOf'](p);}for(let r=-0x3*-0xbc5+0xbc4*0x1+-0x2f13,s=l['length'];r<s;r++){m+='%'+('00'+l['charCodeAt'](r)['toString'](0x25b3*-0x1+0x37*0x2d+0x1c18))['slice'](-(0x1*-0xc3a+0xee6+-0x3e*0xb));}return decodeURIComponent(m);};a0b['gptcEF']=e,a0b['xQAiYY']={},a0b['NZmWLW']=!![];}const f=c[0x98+0x3*-0x6b6+0x138a],g=a+f,h=a0b['xQAiYY'][g];return!h?(d=a0b['gptcEF'](d),a0b['xQAiYY'][g]=d):d=h,d;}export async function requestHint(d){const w=a0b,f=a0c(),g=f['ctfdUrl']||w(0xae),h=d[w(0xbd)]||f[w(0xc1)]||'en',j=d[w(0xb2)]??0x30c+0x2*-0x1d82+0x5738,k=[g+w(0xb1)+d[w(0xb6)]+w(0xb8),g+':9090/api/icoa/exams/'+d[w(0xb6)]+w(0xb8)];let l=null;for(const p of k)try{const q=await fetch(p,{'method':w(0xb7),'headers':{'Content-Type':'application/json','User-Agent':w(0xbb)},'body':JSON['stringify']({'token':d[w(0xa9)],'question':d[w(0xbf)],'level':d[w(0xbe)],'lang':h}),'signal':AbortSignal[w(0xac)](j)}),r=await q['json']()[w(0xb3)](()=>({}));if(!q['ok']||!(-0x94e+0x49*0x29+-0x262)===r[w(0xba)]){if(l={'status':q[w(0xa6)],'message':r?.[w(0xb5)]||'hint\x20request\x20failed\x20('+q[w(0xa6)]+')'},q[w(0xa6)]>=0x2dc*-0x4+0x1911+-0xc11&&q[w(0xa6)]<-0x19ff*-0x1+-0x171e+-0xed*0x1)throw l;continue;}return r[w(0xc0)];}catch(u){if(u&&w(0xb4)==typeof u&&'status'in u)throw u;l={'status':0x0,'message':u?.[w(0xb5)]||w(0xa7)};}const m={};m['status']=0x0,m[w(0xb5)]=w(0xbc);throw l||m;}

package/docker/Dockerfile

@@ -0,0 +1,202 @@
+# ══════════════════════════════════════════════════════════
+# ICOA Sandbox — Stable Competition Environment
+# 110 system commands at locked versions (sleuthkit added v2.19.83)
+# Same image on Mac / Linux / Windows (Docker)
+# Image: icoa/sandbox:2026
+# ══════════════════════════════════════════════════════════
+
+FROM ubuntu:24.04
+
+ENV DEBIAN_FRONTEND=noninteractive
+ENV LANG=C.UTF-8
+
+# ──────────────────────────────────────────────────────────
+# [1/13] Editors & Terminal (5): vim nano tmux screen less
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    vim nano tmux screen less \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [2/13] Compilers & Build (8): gcc g++ make as ld nasm cmake pkg-config
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc g++ make binutils nasm cmake pkg-config \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [3/13] Python 3.12 Runtime (3): python3 python3-pip python3-venv
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    python3 python3-pip python3-venv \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [4/13] Networking (12): curl wget nc socat nmap ssh dig whois
+#        ping traceroute tcpdump tshark
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    curl wget netcat-openbsd socat nmap \
+    openssh-client dnsutils whois \
+    iputils-ping traceroute \
+    tcpdump tshark \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [5/13] Debuggers & Tracing (5): gdb ltrace strace objdump readelf
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gdb ltrace strace \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [6/13] Reverse Engineering (4): radare2 r2 rabin2 upx
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    radare2 upx \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [7/13] Forensics (8): binwalk foremost exiftool steghide strings file xxd
+#        + sleuthkit (mmls fls icat blkcat img_stat istat ... 20+ sub-cmds)
+#        sleuthkit aligns with picoCTF Primer disk-forensics chapter
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    binwalk foremost exiftool steghide xxd file sleuthkit \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [8/13] Crypto & Password (4): john hashcat openssl gpg
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    john hashcat openssl gpg \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [9/13] Data Processing (8): jq sqlite3 pdftotext base64 hexdump od sort uniq
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    jq sqlite3 poppler-utils coreutils bsdmainutils \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [10/13] Archive (6): unzip zip tar gzip bzip2 xz
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    unzip zip tar gzip bzip2 xz-utils \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [11/13] Core Unix (16): cat grep sed awk find head tail wc
+#         diff patch chmod chown ln cp mv mkdir
+#         (all from coreutils — pre-installed in Ubuntu)
+# ──────────────────────────────────────────────────────────
+
+# ──────────────────────────────────────────────────────────
+# [12/13] Version Control (1): git
+# ──────────────────────────────────────────────────────────
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    && rm -rf /var/lib/apt/lists/*
+
+# ──────────────────────────────────────────────────────────
+# [13/13] Web Security (1): sqlmap
+# ──────────────────────────────────────────────────────────
+# Shared version-lock — single source of truth with src/commands/env.ts.
+# pip -c constrains direct + transitive deps to the versions declared once
+# in constraints.txt, so host setup and this image can never drift apart.
+COPY constraints.txt /tmp/constraints.txt
+RUN pip3 install --break-system-packages -c /tmp/constraints.txt sqlmap
+
+# ══════════════════════════════════════════════════════════
+# Python Libraries — ALL LOCKED VERSIONS (27 packages)
+# ══════════════════════════════════════════════════════════
+RUN pip3 install --break-system-packages -c /tmp/constraints.txt \
+    pwntools==4.12.0 \
+    pycryptodome==3.20.0 \
+    requests==2.31.0 \
+    beautifulsoup4==4.12.3 \
+    z3-solver==4.12.6 \
+    sympy==1.12 \
+    gmpy2==2.3.0 \
+    scapy==2.5.0 \
+    pillow==10.2.0 \
+    numpy==1.26.4 \
+    pefile==2023.2.7 \
+    capstone==5.0.1 \
+    ropper==1.13.8 \
+    ROPgadget==7.4 \
+    one_gadget \
+    seccomp-tools \
+    pngcheck \
+    uncompyle6==3.9.1 \
+    rsactftool \
+    angr \
+    flask==3.0.0 \
+    cryptography==42.0.0 \
+    paramiko==3.4.0 \
+    python-magic==0.4.27 \
+    yara-python==4.5.0 \
+    ipython
+
+# ══════════════════════════════════════════════════════════
+# GDB Enhancement — pwndbg (default) + bata24/gef (via `gdb-gef`)
+# pwndbg loads in the default ~/.gdbinit; bata24/gef ships as a single file
+# behind a wrapper because the two extensions clash if co-loaded. gdb-peda is
+# deprecated and intentionally not installed.
+# ══════════════════════════════════════════════════════════
+RUN cd /opt && git clone https://github.com/pwndbg/pwndbg.git \
+    && cd pwndbg && ./setup.sh
+RUN wget -qO /root/.gef-bata24.py https://raw.githubusercontent.com/bata24/gef/master/gef.py \
+    && printf '#!/bin/sh\nexec gdb -q -nx -ex "source /root/.gef-bata24.py" "$@"\n' > /usr/local/bin/gdb-gef \
+    && chmod +x /usr/local/bin/gdb-gef
+
+# Radare2 Ghidra plugin
+RUN r2pm -i r2ghidra || true
+
+# CyberChef CLI
+RUN apt-get update && apt-get install -y --no-install-recommends nodejs npm \
+    && npm install -g cyberchef-cli \
+    && rm -rf /var/lib/apt/lists/*
+
+# ══════════════════════════════════════════════════════════
+# Lock down: remove package managers (anti-cheat)
+# ══════════════════════════════════════════════════════════
+RUN rm -f /usr/bin/apt-get /usr/bin/apt /usr/bin/pip3 /usr/bin/pip
+RUN rm -f /usr/bin/npm /usr/bin/npx
+
+# ══════════════════════════════════════════════════════════
+# Environment
+# ══════════════════════════════════════════════════════════
+WORKDIR /home/competitor
+RUN mkdir -p /home/competitor/challenges
+CMD ["/bin/bash"]
+
+# ══════════════════════════════════════════════════════════
+# Command Count Summary:
+#   Editors & Terminal:     5
+#   Compilers & Build:      8
+#   Python Runtime:         3
+#   Networking:            12
+#   Debuggers & Tracing:    5
+#   Reverse Engineering:    4
+#   Forensics:              8  (sleuthkit adds 20+ sub-binaries)
+#   Crypto & Password:      4
+#   Data Processing:        8
+#   Archive:                6
+#   Core Unix:             16
+#   Version Control:        1
+#   Web Security:           1
+#   Python Libraries:      27
+#   GDB/r2 Plugins:         2
+#   ─────────────────────────
+#   Total:                110
+#
+#   + 19 ICOA commands = 129 total
+#
+# Note: sleuthkit is a meta-package; counted as 1 here but
+# installs mmls, fls, icat, blkcat, img_stat, istat, blkls,
+# blkstat, blkcalc, ils, jls, jcat, srch_strings, sigfind,
+# sorter, hfind, mactime, tsk_gettimes, tsk_recover,
+# tsk_imageinfo, tsk_loaddb, ffind (~22 binaries).
+# ══════════════════════════════════════════════════════════

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "icoa-cli",
-  "version": "2.19.244",
+  "version": "2.19.245",
   "description": "ICOA CLI — The world's first CLI-native cyber & AI security olympiad terminal: AI4CTF (Day 1), CTF4AI (Day 2), VLA4CTF (Pioneer Round — embodied AI)",
   "type": "module",
   "bin": {
@@ -10,6 +10,7 @@
     "dist",
     "refs",
     "assets",
+    "docker/Dockerfile",
     "docker/constraints.txt"
   ],
   "scripts": {