MISC

easy_zip

image.png

1
ISCTF{14be48d0-0ad5-496e-8fd7-3c4c5797a6ac}

小猫

LSB隐写
image.png
out.jpg
图片左上角坐标

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
32 32 32 33 31 32 21
32 42 42 33 21 32 21
32 41 32 21 41 21 41
23 41 22 32 32 32 12
41 41 32 12 41 11 32
32 41 31 41 41 41 23
41 31 41 22 41 12 41
13 32 12 41 11 41 31
41 23 41 42 41 32 41
42 32 12 32 31 32 32
41 42 41 32 41 32 42
43 42

# 对应社会主义核心价值观
公正 公正 公正 诚信 文明 公正 民主
公正 法治 法治 诚信 民主 公正 民主
公正 和谐 公正 民主 和谐 民主 和谐
敬业 和谐 平等 公正 公正 公正 自由
和谐 和谐 公正 自由 和谐 富强 公正
公正 和谐 文明 和谐 和谐 和谐 敬业
和谐 文明 和谐 平等 和谐 自由 和谐
爱国 公正 自由 和谐 富强 和谐 文明
和谐 敬业 和谐 法治 和谐 公正 和谐
法治 公正 自由 公正 文明 公正 公正
和谐 法治 和谐 公正 和谐 公正 法治
友善 法治

# 去空格换行
公正公正公正诚信文明公正民主公正法治法治诚信民主公正民主公正和谐公正民主和谐民主和谐敬业和谐平等公正公正公正自由和谐和谐公正自由和谐富强公正公正和谐文明和谐和谐和谐敬业和谐文明和谐平等和谐自由和谐爱国公正自由和谐富强和谐文明和谐敬业和谐法治和谐公正和谐法治公正自由公正文明公正公正和谐法治和谐公正和谐公正法治友善法治

# 社会主义核心价值观解码
flag{aca195fd3d0f2392548d029767dbf766}

小蓝鲨的秘密

image.png
修复小蓝鲨.png,获取key:15CTF2023
image.png
小蓝鲨_fix.png

1
2
3
4
5
6
flag.txt
key:15CTF2023
U2FsdGVkX1/ij5Hxtt6G8tDvbXIQcMLJ6isLpLmxqxW8mOmFIB4DgBGXSR3ceEcj

AES解码
ISCTF{2832-3910-232-3742-7320}

一心不可而用

apk 目录 /res/drawable/flag.zip

1
2
3
4
5
6
7
8
9
10
11
12
# 压缩包注释中的报错信息
File "script.py", line 2
TabError: unexpected EOF while parsing
Exited with error status 1

# 正确的报错信息
synTaxError: unexpected EOF while parsing

# 压缩包密synTaxError码
SyntaxError

flag{Err0R_is_no7_ex1ste9}

小白小黑

1
2
3
4
5
6
7
8
9
10
11
12
# 非预期: 
# 将每一个数字余2,构成一个二进制画出二维码
out = ''
lines = open('./flag.txt').readlines()
for line in lines:
    line = line.strip()

    for num in line:
        num = int(num)
        out += str(num%2)

print(out)

256_256.png

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 已经有二维码雏形,其中上面部分必然是白色边框的
# 统计了两行,发现两行总为 0,1,2,3,9 中的一个
# 尝试直接过滤,再将二进制转为二维码
# white_list = [0,1,2,3,9]

out = ''
lines = open('./flag.txt').readlines()
for line in lines:
    line = line.strip()

    for num in line:
        num = int(num)

        if num in [0,1,2,9,3]:
            out += '0'
        else:
            out += '1'

print(out)

256_256_inverse.png

1
ISCTF{99517406-0378-4ba0-a873-70f245d6ca19}

ezUSB

1
2
3
# 过滤出两种流量
# F:\WEB\Wireshark\tshark.exe -r C:\Users\HK\Desktop\usb.pcapng -T fields -Y 'usb.src == "2.4.2" && frame.cap_len == 46 && usb.irp_info == 0x01' -e btatt.value > C:\Users\HK\Desktop\usb.txt
# F:\WEB\Wireshark\tshark.exe -r C:\Users\HK\Desktop\usb.pcapng -T fields -Y 'frame.len == 64 && usb.bInterfaceClass == 0x03' -e usbhid.data > C:\Users\HK\Desktop\usb.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
normalKeys = {"04": "a", "05": "b", "06": "c", "07": "d", "08": "e", "09": "f", "0a": "g", "0b": "h", "0c": "i",
              "0d": "j", "0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o", "13": "p", "14": "q", "15": "r",
              "16": "s", "17": "t", "18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y", "1d": "z", "1e": "1",
              "1f": "2", "20": "3", "21": "4", "22": "5", "23": "6", "24": "7", "25": "8", "26": "9", "27": "0",
              "28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "-", "2e": "=", "2f": "[",
              "30": "]", "31": "\\", "32": "<NON>", "33": ";", "34": "'", "35": "<GA>", "36": ",", "37": ".", "38": "/",
              "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>",
              "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}
shiftKeys = {"04": "A", "05": "B", "06": "C", "07": "D", "08": "E", "09": "F", "0a": "G", "0b": "H", "0c": "I",
             "0d": "J", "0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O", "13": "P", "14": "Q", "15": "R",
             "16": "S", "17": "T", "18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y", "1d": "Z", "1e": "!",
             "1f": "@", "20": "#", "21": "$", "22": "%", "23": "^", "24": "&", "25": "*", "26": "(", "27": ")",
             "28": "<RET>", "29": "<ESC>", "2a": "<DEL>", "2b": "\t", "2c": "<SPACE>", "2d": "_", "2e": "+", "2f": "{",
             "30": "}", "31": "|", "32": "<NON>", "33": "\"", "34": ":", "35": "<GA>", "36": "<", "37": ">", "38": "?",
             "39": "<CAP>", "3a": "<F1>", "3b": "<F2>", "3c": "<F3>", "3d": "<F4>", "3e": "<F5>", "3f": "<F6>",
             "40": "<F7>", "41": "<F8>", "42": "<F9>", "43": "<F10>", "44": "<F11>", "45": "<F12>"}

out = ''
lines = open('./usb.txt', encoding='utf-8').readlines()
for line in lines:
    line = line.strip()

    # check = line[0:2]
    # key = line[4:6]
    
    check = line[2:4]
    key = line[6:8]

    if check == '02':
        try:
            out += normalKeys[key]
        except:
            pass
    else:
        try:
            out += shiftKeys[key]
        except:
            pass

    print(check,key)

print(out)
1
2
3
4
5
6
7
8
<CAP>aggsz{k<CAP>p_wn_<CAP>yrv
<CAP>_so<DEL><DEL>sov_je<DEL>mzus<DEL><DEL><DEL>fyffjs!!b<DEL>!}

# 转换字符
AGGSZ{Kp_wn_YRV_sov_jmfyffjs!!!}

# 对应开头 AGGSZ 对应 ISCTF 反推key:soezusb
ISCTF{So_ez_USB_and_vigenere!!!}

EZcrc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import zipfile
import itertools
import binascii
from collections import Counter


zipf = zipfile.ZipFile('./flag.zip')
zipf_len = len(zipf.namelist())
word_list = range(256) # 字符集为0x00~0xff,试过可见字符,爆不出

crc_dist = {}
crc_list = []

for i in range(zipf_len):
    file_name = f'{i}.txt'
    file_crc = zipf.getinfo(file_name).CRC
    crc_list.append(file_crc)

crc_list = Counter(crc_list).keys()
for crc in crc_list:
    byte_list = itertools.product(word_list, repeat=3)

    for byte in byte_list:
        data = bytes(byte)
        if binascii.crc32(data) == crc:
            crc_dist[str(crc)] = data

out = b''
for i in range(zipf_len):
    file_name = f'{i}.txt'
    file_crc = zipf.getinfo(file_name).CRC
    out += crc_dist[str(file_crc)]

with open('output', 'wb') as f:
    f.write(out)

# '大写的乌壹大写的资大写的喔大写的日大写的佛大写的资大写的佛大写的巫基得大写的讷啊勒大写的乌歪大写的特大写的巫壹大写的巫啊大写的乌玖大写的希大写的乌大写的希大写的日大写的资啊科伍日大写的特大写的巫科巫大写的摸大写的鹅壹欺大写的欺摸喝大写的摸大写的迂零科零大写的特讷坡日得大写的佛勒大写的希大写的日摸壹啊玻大写的迂大写的鹅歪大写的特勒大写的日大写的基大写的讷大写的鹅伍大写的乌大写的歪叁坡摸大写的乌大写的特零玖'

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import base64

dict = {
    '玻': 'B',
    '坡': 'P',
    '摸': 'M',
    '佛': 'F',
    '得': 'D',
    '特': 'T',
    '讷': 'N',
    '勒': 'L',

    '哥': 'G',
    '科': 'K',
    '喝': 'H',
    '基': 'J',
    '欺': 'Q',
    '希': 'X',

    '日': 'R',
    '资': 'Z',
    '雌': 'C',
    '思': 'S',
    '医': 'Y', 
    '巫': 'W',

    '啊': 'A',
    '喔': 'O', 
    '鹅': 'E',
    '衣': 'I',
    '乌': 'U',
    '迂': 'V',
    '歪': 'Y', 

    '零': '0',
    '壹': '1',
    '叁': '3',
    '伍': '5',
    '陆': '6',
    '玖': '9',
}
string = '大写的乌壹大写的资大写的喔大写的日大写的佛大写的资大写的佛大写的巫基得大写的讷啊勒大写的乌歪大写的特大写的巫壹大写的巫啊大写的乌玖大写的希大写的乌大写的希大写的日大写的资啊科伍日大写的特大写的巫科巫大写的摸大写的鹅壹欺大写的欺摸喝大写的摸大写的迂零科零大写的特讷坡日得大写的佛勒大写的希大写的日摸壹啊玻大写的迂大写的鹅歪大写的特勒大写的日大写的基大写的讷大写的鹅伍大写的乌大写的歪叁坡摸大写的乌大写的特零玖'
out = string.split('大写的')[1:]

output = ''
for item in out:
    output += dict[item[0]]
    for word in item[1:]:
        output += dict[word].lower()
print(base64.b64decode(base64.b64decode(output)).decode())

# ISCTF{2562eb9d-b3d2-420a-b879-aaffd6528573}