希望疫情早日結束
注:打*的是賽后出的
總WP:https://wp.n03tack.top/posts/14620/
Misc
soEasyCheckin
base32,但有問題,倒數出現了0$,0–>O,$—>S,得到一串hex,
結果hex那里又有問題,具體是出在83¥6988ee這里
根據規律,每6個位元組的第1個位元組為e,然后把¥替換成e
得到社會主義核心價值觀編碼,但是還是有個地方是錯誤的,中間有一段為:和諧斃明平
然后把他那個斃隨便改一下,我改的“富強”
解碼得到的SET{Qi2Xin1Xie2Li4-Long3Yuan0Zhan4Yi4}
根據拼音,可以知道是Yuan2
所以最終flag為:
SET{Qi2Xin1Xie2Li4-Long3Yuan2Zhan4Yi4}
打敗病毒
游戲打開之后發現在末地,打完末影龍后沒有反應,flag藏在終末之詩里,于是直接去找文本
在.minecraft/version/隴原戰“疫”.jar下
將其改為zip,找到assets/minecraft/texts/end.txt,得到11F9sACbBBBWKTiClYDtNF2yIEfThXdfIGPxF
base62解碼即可
SETCTF{Fi9ht1ng_3ItH_V1rUs}
SOS
撥號音,踩正確的來組合出flag
用手機錄音,然后m4a格式轉wav格式,之后DTMF,因為錄的總有問題,所以一共錄了三次
前面都沒出現8,這次終于出現了8,所以應該是6830AB1C75,得到flag
EasySteg
哥哥球球了別套了再套下去套神都哭了嗚嗚嗚
JK為單圖盲水印(java),用imagein也行的
然后在flag.rar的注釋里面有一串tab和space組成的密文,轉space轉0,tab轉1
然后解壓,在flag.png的末尾有另一個png,那個png明顯有flag字樣,用stegsolve反一下色即可看清
flag{156cca8e
然后還在這個圖片后面發現了明顯的oursecret的特征,結合上面的base64(-b81b-)
得到oursecret的密碼為LWI4MWIt
除了數字以外,沒有重復字符,里面還有{},結合01串,得出為哈夫曼編碼,利用紅明谷的腳本即可解碼
對應關系看腳本即可理解
import copy
import re
def dfs(c, d):
if len(c.keys()) == 1:
# g = {'j':29,'z':31,'7':25,'e':31,'l':23,'6':37,'4':32,'p':38,'h':27,'g':26,'x':28,'i':25,'u':27,'n':25,'8':36,'0':24,'o':23,'c':28,'y':24,'1':29,'b':26,'m':27,'2':28,'v':25,'d':33,'f':28,'9':33,'t':21,'w':22,'a':31,'r':24,'s':16,'k':32,'5':25,'q':23,'3':32,'{':1,'-':4,'}':1,}
# num = 0
# for k in g.keys():
# num += g[k] * len(d[k])
# print(num)
# print(c, d)
g = {}
for k in d.keys():
g[d[k]] = k
a = '1110111111000100001111000011010001101111100110100011110111100010100111110111001101111100011000111111111101011100011111100111000011010001111010011011111001110111100010000111001110011110111000111111100111011111011011101011110111110101101101101000110101011101011111111011110111101101110101111010011010110100011100100011010101111010111110110110111100011010111010111110110110111001001011011110100111010111111010111111011110111101001111010111110111101011100100111100101011011101110111111001010110100100110111110011111001101000111110111001011001110000111000011110000110111110011000011100001101100110100011100001111110011110000110110011010001110011101100001110110001001111111110010110011010001111011110110010011011111000001111100010010001001111101110110111111101101001001001011011101111101101101111001101001011011111100111110110110110110111110111010110111011110011111011011011010000110111111001111110111100111010111110011010011011110101001101110111100110110111101001101011101011111001101111011101101010111010111111001111110111010110110110101001101011111101001101000111010010111000010011001110111110111101101111101101110111010110100101101101101011010111111101111001110111111110011010110100101101111011011101100111001000001111001100100101011000000111100101011001000101100100000011001011001001000001111001100100101011000000111100101011001011111111001010001010001010010000011110011001001010110000001111001010110010001011001010001010000111100100000111100110010010101100000011110010101100101010010101100101010010000011110011001001010110000001111001010110010011001001010110000011011111001000001111001100100101011000000111100101000101000110111110010000001100101010010000011110011001001010010101100000011110010101100100010001001000011111110001010010000011110011001001010110000001111001010110010111111110010100010110001000100100000111100110010010101100000011110010100010100011011111001000000110010101001000001111001100100101011000000111100101011001001100100101011000001101111100100000111100110010010101100000011110010101100100010110010000001100101100100100000111100110010010101100000011110010100010100010100101011000001101111100100000111100110010010101100000011110010100101011001000101100100000011001011001001000001111001100100101011000000111100101011001011111111001010001010001010010000011110011001001010110000001111001010110010001000100100001111111000101001000001111001100100101011000000111100101011001000101100100000011001011001001000001111001100100101011000000111100101011001010100100000011001011111111001000001111001100100101011000000111100101011001000101100100000011001011001001000001111001100100101011000000111100101011001000100010010100100001111111000101001000001111001100100101011000000111100101011001010100100000011001011111111001000001111001100100101011000000111100101000101000101001010110000011011111001000001111001100100101011000000111100101000101000110111110010000001100000011110010000011110011001001010110000001111001010001010000001001010001010000111111011010011110011101011111011100001011010110101111010001111100110111110101111110110101010011101111101100100000101111011010111101101101110011001110001100011111001110010000010111100010111101111111101101101110000111010000101111110001100000110001110010100100000110000101110000100010110111100000101110011111110000111011010111101001101001101111101000100101111101101011111100111111001110001100001000011011111000001111100010011001110111101111111011111001000111000011101101110000111011011110011101111111011011010110100011111000100101111111011100000100000101110010111100011010110100011111101111001110101111010111011011100100110011101111100111101111100000001001001101001101111111101101011110111011110011101001101111010100110111011101011110011100000011010010111111000100110011101111101011110111110111'
m = ''
st = 0
while st < len(a):
ed = st + 1
while ed <= len(a):
if a[st:ed] in g.keys():
m += g[a[st:ed]]
break
else:
ed += 1
st = ed
print(m)
else:
k0 = list(c.keys())[0]
k1 = list(c.keys())[1]
if c[k0] > c[k1]:
k0, k1 = k1, k0
for k in list(c.keys())[2:]:
if c[k] < c[k1]:
if c[k] < c[k0]:
k0, k1 = k, k0
else:
k1 = k
for a in k0:
d[a] = '0' + d[a]
for a in k1:
d[a] = '1' + d[a]
c[k0+k1] = c[k0]+c[k1]
del c[k0]
del c[k1]
dfs(copy.deepcopy(c), copy.deepcopy(d))
c = {'n':9,'S':2,'B':3,'I':6,'U':6,'L':1,'O':3,'R':2,'F':3,'Y':1,'G':2,'H':3,'v':9,'N':2,'M':1,'Z':1,'D':6,'T':1,'h':18,'o':16,'u':17,'b':9,'s':7,'r':4,'g':8,'f':10,'a':14,'m':2,'i':20,'p':2,'e':14,'w':7,'q':2,'y':8,'P':1,'J':2,'E':2,'C':1,'V':1,'A':1,'j':4,'k':5,'x':5,'t':3,'c':6,'8':24,'9':56,'{':1,'3':217,'d':97,'4':83,'6':54,'0':25,'1':12,'2':10,'5':8,'7':10,'}':1,'l':4,'Q':1,'W':1,'z':1}
d = {}
for k in c.keys():
d[k] = ''
dfs(copy.deepcopy(c), copy.deepcopy(d))
#nSBIULORFYGHvNMIOUZSDTNhnoubuosrgfbouvasmruiohauiopewgvfbwuivpqynqwUPIFJDDBUEDUIDHBUIDCVHJIOAejikxneiwkyiohwehiooiuyhiosehfhuiaetyhovauieyrghfuotgvac89xcboiyuweagihniaweo{3d46303d39463d39383d41393d46303d39463d39323d38433d46303d39463d39383d38463d46303d39463d39333d39333d46303d39463d39303d39453d46303d39463d38453d41333d46303d3d39463d39373d42433d46303d39463d39323d38373d46303d39463d38453d41333d46303d39463d39303d39453d46303d39463d39383d41393d46303d39463d38433d39453d46303d39463d3d39383d41393d46303d39463d39323d38433d46303d39463d39373d42433d46303d39463d39383d41393d46303d39463d39333d41323d46303d39463d39383d41393d46303d39463d39373d3d42433d46303d39463d39333d41323d46303d39463d38433d39453d46303d39463d38453d41463d46303d39463d38443d3846}huilagsieufrcb78QWEGF678Rniolsdf149687189735489246avaeukighf6497ejixcnbmlolohnbasik2647893hasfhuvzxchbjkaefgyhuetyuhjadfxcvbn
{}里面的內容拿去hex,發現是Quoted Printable,但是有些地方出現了兩次==,于是將其重復的刪掉,得到
😩💌😏📓🐞🎣🗼💇🎣🐞😩🌞😩💌🗼😩📢😩🗼📢🌞🎯🍏
不是base100,所以拿去試試國外的一種,以前做la佬的ctfshow月餅杯_共嬋娟用到的
https://github.com/pavelvodrazka/ctf-writeups/tree/master/hackyeaster2018/challenges/egg17
拼接起來,得到flag
flag{156cca8e-b81b-4157-9f39-4c41f4a4facb}
*ez_misc
hint是零寬,說的是和piet很像的一種esolang,然后結合ctfshow6月賽八神的babyLSBwithHelicopter
可以知道是brainloller
然后010打開,提示解出來是后面steghide的密碼,并且CRC報錯,用爆CRC的腳本一爆就發現正確寬度為14,高為12
用bftools解,bftools.exe decode brainloller bf.png,得到的bf再去解碼得到密碼Hello Worl
但是解不出來,于是用我6月賽寫的腳本去解https://blog.csdn.net/qq_42880719/article/details/117479024
解出來是Hello Worle!,我猜是Hello World!
結合題目新上的hint,得到的密碼我試過有
Hello Worl
Hello_Worl
Hello Worle!
Hello_Worle!
Hello World!
Hello_World!
Hello World
Hello_World
可惜都不對,通過出題人的朋友問了下出題人,他朋友也表示解不出來,但是出題人是能解出來的(好像用的是本地的附件)
所以我總感覺是比賽題目附件的問題?
—17:02—:經過一個半小時的積極反饋
就bftools.exe解出來的把空格替換為下劃線Hello_Worl解steghide,得到個文本
后面是一個熊曰,然后就完事
Re
EasyRe
flag就在常量里面,,
flag{fc5e038d38a57032085441e7fe7010b0}
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/353464.html
標籤:其他