可恶,太菜了
访问/api/record/,得到api_test.php
查看源代码,在index.js发现base64的flag
替换码表
N-ZA-Mn-za-m0-9+/=
base32
DASCTF{722433fc22f2e79959da2208d84cbb40}
打开音频文件,很明显是一串摩尔斯密码,转换为 MP3,拖入 Audacity 查看波形图
1000 01 00001 00011 1000 1010 0 0010 1010 00111 11111 00001
BA43BCEFC204
with open ('1.m4a' , 'rb' ) as rb:
content = rb.read().hex()
a = content [::-2 ]
b = ' ' + content [::-1 ]
b = b[::2 ].replace(' ' , '' )
c = ''
for i in range (len (a)):
c += b[i]
c += a[i]
with open ('1.txt' , 'w' ) as w:
w.write(c)
导入010,运行zip模板删除多余内容,用key解压
看 wp 知道这是 rot47+atbash
DASCTF{5e0f98a95f79829b7a484a54066cb08f}
010打开,结尾存在base64,magic爆破加密
data:
键盘流量
mik maeshiy:FindTTheoRealgKeygandlMakeeIt!dmimashi FindTheRealKeyandMakeIt!
normalKeys = {"04" :"a" , "05" :"b" , "06" :"c" , "07" :"d" , "08" :"e" , "09" :"f" , "0a" :"g" , "0b" :"h" , "0c" :"i" , "0d" :"j" , "0e" :"k" , "0f" :"l" , "10" :"m" , "11" :"n" , "12" :"o" , "13" :"p" , "14" :"q" , "15" :"r" , "16" :"s" , "17" :"t" , "18" :"u" , "19" :"v" , "1a" :"w" , "1b" :"x" , "1c" :"y" , "1d" :"z" ,"1e" :"1" , "1f" :"2" , "20" :"3" , "21" :"4" , "22" :"5" , "23" :"6" ,"24" :"7" ,"25" :"8" ,"26" :"9" ,"27" :"0" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"-" ,"2e" :"=" ,"2f" :"[" ,"30" :"]" ,"31" :"\\" ,"32" :"<NON>" ,"33" :";" ,"34" :"'" ,"35" :"<GA>" ,"36" :"," ,"37" :"." ,"38" :"/" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
shiftKeys = {"04" :"A" , "05" :"B" , "06" :"C" , "07" :"D" , "08" :"E" , "09" :"F" , "0a" :"G" , "0b" :"H" , "0c" :"I" , "0d" :"J" , "0e" :"K" , "0f" :"L" , "10" :"M" , "11" :"N" , "12" :"O" , "13" :"P" , "14" :"Q" , "15" :"R" , "16" :"S" , "17" :"T" , "18" :"U" , "19" :"V" , "1a" :"W" , "1b" :"X" , "1c" :"Y" , "1d" :"Z" ,"1e" :"!" , "1f" :"@" , "20" :"#" , "21" :"$" , "22" :"%" , "23" :"^" ,"24" :"&" ,"25" :"*" ,"26" :"(" ,"27" :")" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"_" ,"2e" :"+" ,"2f" :"{" ,"30" :"}" ,"31" :"|" ,"32" :"<NON>" ,"33" :"\"" ,"34" :":" ,"35" :"<GA>" ,"36" :"<" ,"37" :">" ,"38" :"?" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
keys = open ('key.txt' )
output = ""
for line in keys:
k = line[1 ]
n = line[4 :6 ]
if k == '0' :
print (normalKeys[n], end ='' )
elif k == '2' :
print (shiftKeys[n], end ='' )
normalKeys = {"04" :"a" , "05" :"b" , "06" :"c" , "07" :"d" , "08" :"e" , "09" :"f" , "0a" :"g" , "0b" :"h" , "0c" :"i" , "0d" :"j" , "0e" :"k" , "0f" :"l" , "10" :"m" , "11" :"n" , "12" :"o" , "13" :"p" , "14" :"q" , "15" :"r" , "16" :"s" , "17" :"t" , "18" :"u" , "19" :"v" , "1a" :"w" , "1b" :"x" , "1c" :"y" , "1d" :"z" ,"1e" :"1" , "1f" :"2" , "20" :"3" , "21" :"4" , "22" :"5" , "23" :"6" ,"24" :"7" ,"25" :"8" ,"26" :"9" ,"27" :"0" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"-" ,"2e" :"=" ,"2f" :"[" ,"30" :"]" ,"31" :"\\" ,"32" :"<NON>" ,"33" :";" ,"34" :"'" ,"35" :"<GA>" ,"36" :"," ,"37" :"." ,"38" :"/" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
shiftKeys = {"04" :"A" , "05" :"B" , "06" :"C" , "07" :"D" , "08" :"E" , "09" :"F" , "0a" :"G" , "0b" :"H" , "0c" :"I" , "0d" :"J" , "0e" :"K" , "0f" :"L" , "10" :"M" , "11" :"N" , "12" :"O" , "13" :"P" , "14" :"Q" , "15" :"R" , "16" :"S" , "17" :"T" , "18" :"U" , "19" :"V" , "1a" :"W" , "1b" :"X" , "1c" :"Y" , "1d" :"Z" ,"1e" :"!" , "1f" :"@" , "20" :"#" , "21" :"$" , "22" :"%" , "23" :"^" ,"24" :"&" ,"25" :"*" ,"26" :"(" ,"27" :")" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"_" ,"2e" :"+" ,"2f" :"{" ,"30" :"}" ,"31" :"|" ,"32" :"<NON>" ,"33" :"\"" ,"34" :":" ,"35" :"<GA>" ,"36" :"<" ,"37" :">" ,"38" :"?" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
keys = open ('key.txt' )
output = ""
for line in keys:
k = line[1 ]
n = line[4 :6 ]
if n == '2a' :
print (output [-1 ], end ='' )
if k == '0' :
output += normalKeys[n]
elif k == '2' :
output += shiftKeys[n]
key: Toggled
emoji-aes 解码
https://aghorler.github.io/emoji-aes/#
手动解码
U2FsdGVkX1+psEGiQ9Bl3PbdKi4mYKSHJfRIoCoRo/bepbG8tJvD+pzC53ApwRR3ekX4K0X6tZ9F2z6PxNVOOw==
AES解密
DASCTF{ad15eecd2978bc5c70597d14985412c4}
下载附件,010打开,发现结尾处存在 kp 怀疑是倒置的zip文件
a = ...
b = []
a = a.split()
for i in range (len (a)):
b.append(a[len (a) - i - 1 ])
with open ('a.txt' , 'w' ) as w:
w.write('' .join(b))
导入至010editor,保存为test.zip,解压得到 flag.png
给了一个棋盘,是典型的ADFGVX 密码所用到的棋盘,但是txt中只有11,14,21,22,51,53这六种情况,甚至没有6的出现,所以应该不是直接对应ADFGVX密码,而是对应了波利比奥斯方阵
a b c d e
b = "11,22,11,53,53,14,11,22,22,51,22,22,51,14,51,11,14,11,51,53,14,22,11,14,51,22,14,51,11,11,14,14,14,14,21,53,11,21,11,21,14,22,14,51,53,53,14,22,22,14,22,22,14,53,14,14,21,14,14,53,51,22,53,11,14,22,51,14,21,53,51,51,11,11,14,14,53,14,53,53,11,14,14,51,22,22,22,53,22,53,53,53,53,22,53,53,22,22,53,22,14,51,51,51,22,22,22,11,22,11,11,11,11,22,11,11,22,22,11,22,14,14,14,11,22,11,22,22,22,11,22,22,11,22,11,22,11,11,11,51,11,11,11,53,22,53,22,22,22,53,22,22,53,22,53,22,53,53,53,51"
s = b.split(',' )
print(s)
ans = ""
bns = ""
print(int(s[0 ][1 ]))
for i in range(len(s)):
if s[i] == '11' :
ans = ans + 'A'
if s[i] == '14' :
ans = ans + 'D'
if s[i] == '22' :
ans = ans + 'G'
if s[i] == '21' :
ans = ans + 'F'
if s[i] == '51' :
ans = ans + 'V'
if s[i] == '53' :
ans = ans + 'X'
print(ans)
图片LSB隐写,得到base32的keyword
得到ADFGVX密码的密文,解密
DASCTF{d859c41c530afc1c1ad94abd92f4baf8}
key square:ph0qg64mea1yl2nofdxkr3cvs5zw7bj9uti8
"
