本帖最后由 wmsuper 于 2018-11-15 18:04 编辑
flag是以“@52pojie.cn”结尾,分析这个ctf,找到flag。
wp:
1.先分析算法找到,算法是一个简单的xor和一个简单的方程组,密钥是 7B90076C4EE278E673,这个是压缩包密码。
相关代码:
[Python] 纯文本查看 复制代码 import binascii
key="h3ll0_w0rld"
enc_str='7B90076C4EE278E6' #7B90076C4EE278E673
str_len=len(enc_str)
key_len=len(key)
ret=''
print '{',
for i in range(str_len):
t=(ord(enc_str[i])^ord(key[i%key_len]))&0xff
t=((~t)^(ord('7')^ord('3')))&0xff
ret+=chr(t)
print '0x%02x,'%t,
print '}'
print ord('7')-ord('3')
print ord('7')+ord('3')
2.压缩包是以附加数据存储在exe后面,开头是“PK",简单提取出来保存解压之后是一个纯黑的图片。
3.这里是图片隐写,因为怕有些同学想不出来于是调低下难度,就把文件名改为查看图像隐写工具的名称”Stegsolve“,简单的搜索就能搜索到这个工具。
相关的隐写代码,LSB隐写:
[C#] 纯文本查看 复制代码 using System;
using System.Drawing;
using System.Drawing.Imaging;
namespace level9
{
public class Level9Impl
{
public Level9Impl()
{
this.picWidth = 1600;
this.picHeight = 800;
this.drawLoc = new PointF(20f, 20f);
this.fontName = "Comic Sans MS";
this.fontSize = 40;
this.bgr = 0;
this.bgg = 0;
this.bgb = 0;
this.outFilename = "Stegsolve.png";
this.password = "D0ub1e_11_G1ft@52pojie.cn";
}
private void setTextColors()
{
this.fgr = (byte)(this.bgr ^ 1);
this.fgg = this.bgg;
this.fgb = this.bgb;
this.bgBrush = new SolidBrush(Color.FromArgb(255, (int)this.bgr, (int)this.bgg, (int)this.bgb));
this.fgBrush = new SolidBrush(Color.FromArgb(255, (int)this.fgr, (int)this.fgg, (int)this.fgb));
}
public bool writePictureNow()
{
this.setTextColors();
using (Bitmap bitmap = new Bitmap(this.picWidth, this.picHeight))
{
using (Graphics graphics = Graphics.FromImage(bitmap))
{
using (Font font = new Font(this.fontName, (float)this.fontSize))
{
graphics.FillRectangle(this.bgBrush, new Rectangle(0, 0, this.picWidth, this.picHeight));
graphics.DrawString(this.password, font, this.fgBrush, this.drawLoc);
}
}
bitmap.Save(this.outFilename, ImageFormat.Png);
}
return true;
}
public int picWidth;
public int picHeight;
public string outFilename;
public string password;
public string fontName;
public int fontSize;
public PointF drawLoc;
public Brush bgBrush;
public Brush fgBrush;
public byte bgr;
public byte bgg;
public byte bgb;
public byte fgr;
public byte fgg;
public byte fgb;
}
}
4.最后查看的结果如图:
|