本文最后更新于 491 天前,其中的信息可能已经有所发展或是发生改变。
可恶,太菜了
访问/api/record/
,得到api_test.php
查看源代码,在index.js
发现base64
的flag
替换码表
N-ZA-Mn-za-m0-9+/=
base32
DASCTF{722433fc22f2e79959da2208d84cbb40}
打开音频文件,很明显是一串摩尔斯密码,转换为 MP3,拖入 Audacity 查看波形图
1000 01 00001 00011 1000 1010 0 0010 1010 00111 11111 00001
BA43BCEFC204
with open ('1.m4a' , 'rb' ) as rb:
content = rb.read().hex()
a = content [::-2 ]
b = ' ' + content [::-1 ]
b = b[::2 ].replace(' ' , '' )
c = ''
for i in range (len (a)):
c += b[i]
c += a[i]
with open ('1.txt' , 'w' ) as w:
w.write(c)
导入010
,运行zip
模板删除多余内容,用key
解压
看 wp 知道这是 rot47+atbash
DASCTF{5e0f98a95f79829b7a484a54066cb08f}
010
打开,结尾存在base64
,magic
爆破加密
data:
0000100000000000
00000c0000000000
00000e0000000000
00002a0000000000
0000100000000000
0000040000000000
0000080000000000
00002a0000000000
0000160000000000
00000b0000000000
00000c0000000000
00001c0000000000
00002a0000000000
00002c0000000000
0200340000000000
00002a0000000000
0200090000000000
00000c0000000000
0000110000000000
0000070000000000
0200170000000000
00002a0000000000
0200170000000000
00000b0000000000
0000080000000000
0000120000000000
00002a0000000000
0200150000000000
0000080000000000
0000040000000000
00000f0000000000
00000a0000000000
00002a0000000000
02000e0000000000
0000080000000000
00001c0000000000
00000a0000000000
00002a0000000000
0000040000000000
0000110000000000
0000070000000000
00000f0000000000
00002a0000000000
0200100000000000
0000040000000000
00000e0000000000
0000080000000000
0000080000000000
00002a0000000000
02000c0000000000
0000170000000000
02001e0000000000
0000070000000000
00002a0000000000
键盘流量
mik maeshiy:FindTTheoRealgKeygandlMakeeIt!d
mimashi FindTheRealKeyandMakeIt!
normalKeys = {"04" :"a" , "05" :"b" , "06" :"c" , "07" :"d" , "08" :"e" , "09" :"f" , "0a" :"g" , "0b" :"h" , "0c" :"i" , "0d" :"j" , "0e" :"k" , "0f" :"l" , "10" :"m" , "11" :"n" , "12" :"o" , "13" :"p" , "14" :"q" , "15" :"r" , "16" :"s" , "17" :"t" , "18" :"u" , "19" :"v" , "1a" :"w" , "1b" :"x" , "1c" :"y" , "1d" :"z" ,"1e" :"1" , "1f" :"2" , "20" :"3" , "21" :"4" , "22" :"5" , "23" :"6" ,"24" :"7" ,"25" :"8" ,"26" :"9" ,"27" :"0" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"-" ,"2e" :"=" ,"2f" :"[" ,"30" :"]" ,"31" :"\\" ,"32" :"<NON>" ,"33" :";" ,"34" :"'" ,"35" :"<GA>" ,"36" :"," ,"37" :"." ,"38" :"/" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
shiftKeys = {"04" :"A" , "05" :"B" , "06" :"C" , "07" :"D" , "08" :"E" , "09" :"F" , "0a" :"G" , "0b" :"H" , "0c" :"I" , "0d" :"J" , "0e" :"K" , "0f" :"L" , "10" :"M" , "11" :"N" , "12" :"O" , "13" :"P" , "14" :"Q" , "15" :"R" , "16" :"S" , "17" :"T" , "18" :"U" , "19" :"V" , "1a" :"W" , "1b" :"X" , "1c" :"Y" , "1d" :"Z" ,"1e" :"!" , "1f" :"@" , "20" :"#" , "21" :"$" , "22" :"%" , "23" :"^" ,"24" :"&" ,"25" :"*" ,"26" :"(" ,"27" :")" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"_" ,"2e" :"+" ,"2f" :"{" ,"30" :"}" ,"31" :"|" ,"32" :"<NON>" ,"33" :"\"" ,"34" :":" ,"35" :"<GA>" ,"36" :"<" ,"37" :">" ,"38" :"?" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
keys = open ('key.txt' )
output = ""
for line in keys:
k = line[1 ]
n = line[4 :6 ]
if k == '0' :
print (normalKeys[n], end ='' )
elif k == '2' :
print (shiftKeys[n], end ='' )
normalKeys = {"04" :"a" , "05" :"b" , "06" :"c" , "07" :"d" , "08" :"e" , "09" :"f" , "0a" :"g" , "0b" :"h" , "0c" :"i" , "0d" :"j" , "0e" :"k" , "0f" :"l" , "10" :"m" , "11" :"n" , "12" :"o" , "13" :"p" , "14" :"q" , "15" :"r" , "16" :"s" , "17" :"t" , "18" :"u" , "19" :"v" , "1a" :"w" , "1b" :"x" , "1c" :"y" , "1d" :"z" ,"1e" :"1" , "1f" :"2" , "20" :"3" , "21" :"4" , "22" :"5" , "23" :"6" ,"24" :"7" ,"25" :"8" ,"26" :"9" ,"27" :"0" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"-" ,"2e" :"=" ,"2f" :"[" ,"30" :"]" ,"31" :"\\" ,"32" :"<NON>" ,"33" :";" ,"34" :"'" ,"35" :"<GA>" ,"36" :"," ,"37" :"." ,"38" :"/" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
shiftKeys = {"04" :"A" , "05" :"B" , "06" :"C" , "07" :"D" , "08" :"E" , "09" :"F" , "0a" :"G" , "0b" :"H" , "0c" :"I" , "0d" :"J" , "0e" :"K" , "0f" :"L" , "10" :"M" , "11" :"N" , "12" :"O" , "13" :"P" , "14" :"Q" , "15" :"R" , "16" :"S" , "17" :"T" , "18" :"U" , "19" :"V" , "1a" :"W" , "1b" :"X" , "1c" :"Y" , "1d" :"Z" ,"1e" :"!" , "1f" :"@" , "20" :"#" , "21" :"$" , "22" :"%" , "23" :"^" ,"24" :"&" ,"25" :"*" ,"26" :"(" ,"27" :")" ,"28" :"<RET>" ,"29" :"<ESC>" ,"2a" :"<DEL>" , "2b" :"\t" ,"2c" :"<SPACE>" ,"2d" :"_" ,"2e" :"+" ,"2f" :"{" ,"30" :"}" ,"31" :"|" ,"32" :"<NON>" ,"33" :"\"" ,"34" :":" ,"35" :"<GA>" ,"36" :"<" ,"37" :">" ,"38" :"?" ,"39" :"<CAP>" ,"3a" :"<F1>" ,"3b" :"<F2>" , "3c" :"<F3>" ,"3d" :"<F4>" ,"3e" :"<F5>" ,"3f" :"<F6>" ,"40" :"<F7>" ,"41" :"<F8>" ,"42" :"<F9>" ,"43" :"<F10>" ,"44" :"<F11>" ,"45" :"<F12>" }
keys = open ('key.txt' )
output = ""
for line in keys:
k = line[1 ]
n = line[4 :6 ]
if n == '2a' :
print (output [-1 ], end ='' )
if k == '0' :
output += normalKeys[n]
elif k == '2' :
output += shiftKeys[n]
key: Toggled
emoji-aes
解码
https://aghorler.github.io/emoji-aes/#
手动解码
U2FsdGVkX1+psEGiQ9Bl3PbdKi4mYKSHJfRIoCoRo/bepbG8tJvD+pzC53ApwRR3ekX4K0X6tZ9F2z6PxNVOOw==
AES解密
DASCTF{ad15eecd2978bc5c70597d14985412c4}
下载附件,010打开,发现结尾处存在 kp 怀疑是倒置的zip文件
a = ...
b = []
a = a.split()
for i in range (len (a)):
b.append(a[len (a) - i - 1 ])
with open ('a.txt' , 'w' ) as w:
w.write('' .join(b))
导入至010editor,保存为test.zip,解压得到 flag.png
给了一个棋盘,是典型的ADFGVX 密码所用到的棋盘,但是txt中只有11,14,21,22,51,53这六种情况,甚至没有6的出现,所以应该不是直接对应ADFGVX密码,而是对应了波利比奥斯方阵
a b c d e
f g h i/j k
l m n o p
q r s t u
v w x y z
b = "11,22,11,53,53,14,11,22,22,51,22,22,51,14,51,11,14,11,51,53,14,22,11,14,51,22,14,51,11,11,14,14,14,14,21,53,11,21,11,21,14,22,14,51,53,53,14,22,22,14,22,22,14,53,14,14,21,14,14,53,51,22,53,11,14,22,51,14,21,53,51,51,11,11,14,14,53,14,53,53,11,14,14,51,22,22,22,53,22,53,53,53,53,22,53,53,22,22,53,22,14,51,51,51,22,22,22,11,22,11,11,11,11,22,11,11,22,22,11,22,14,14,14,11,22,11,22,22,22,11,22,22,11,22,11,22,11,11,11,51,11,11,11,53,22,53,22,22,22,53,22,22,53,22,53,22,53,53,53,51"
s = b.split(',' )
print(s)
ans = ""
bns = ""
print(int(s[0 ][1 ]))
for i in range(len(s)):
if s[i] == '11' :
ans = ans + 'A'
if s[i] == '14' :
ans = ans + 'D'
if s[i] == '22' :
ans = ans + 'G'
if s[i] == '21' :
ans = ans + 'F'
if s[i] == '51' :
ans = ans + 'V'
if s[i] == '53' :
ans = ans + 'X'
print(ans)
图片LSB隐写
,得到base32
的keyword
得到ADFGVX
密码的密文,解密
DASCTF{d859c41c530afc1c1ad94abd92f4baf8}
key square:ph0qg64mea1yl2nofdxkr3cvs5zw7bj9uti8
key words:Yusayyds
密文:AGAXXDAGGVGGVDVADAVXDGADVGDVAADDDDFXAFAFDGDVXXDGGDGGDXDDFDDXVGXADGVDFXVVAADDXDXXADDVGGGXGXXXXGXXGGXGDVVVGGGAGAAAAGAAGGAGDDDAGAGGGAGGAGAGAAAVAAAXGXGGGXGGXGXGXXXV
解密:4441534354467b64383539633431633533306166633163316164393461626439326634626166387d