一、Crypto-brainfuck
1.附件內容如下。
++++++++[>>++>++++>++++++>++++++++>++++++++++>++++++++++++>++++++++++++++>++++++++++++++++>++++++++++++++++++>++++++++++++++++++++>++++++++++++++++++++++>++++++++++++++++++++++++>++++++++++++++++++++++++++>++++++++++++++++++++++++++++>++++++++++++++++++++++++++++++<<<<<<<<<<<<<<<<-]>>>>>>>++++++.>----.<-----.>-----.>-----.<<<-.>>++..<.>.++++++.....------.<.>.<<<<<+++.>>>>+.<<<+++++++.>>>+.<<<-------.>>>-.<<<+.+++++++.--..>>>>---.-.<<<<-.+++.>>>>.<<<<-------.+.>>>>>++.
2.直接brainfuck解碼即可。(https://www.splitbrain.org/services/ook)
二、Crypto-Caesar's Secert
1.附件內容如下。
kqfl{hf3x4w'x_h1umjw_n5_a4wd_3fed}
2.凱撒解碼即可。(https://ctf.bugku.com/tool/caesar)
三、Crypto-Fence
1.附件內容如下。
fa{ereigtepanet6680}lgrodrn_h_litx#8fc3
2.柵欄解碼即可。(https://ctf.bugku.com/tool/railfence)
四、Crypto-Vigenère
1.附件內容如下。
pqcq{qc_m1kt4_njn_5slp0b_lkyacx_gcdy1ud4_g3nv5x0}
2.維吉尼亞解碼,只不過這裡缺少一個金鑰,,因為知道解碼出來的開頭肯定是flag,所以可以慢慢嘗試,經過嘗試金鑰是kfc。(https://ctf.bugku.com/tool/vigenere)
五、Crypto-babyrsa
1.附件內容如下。
from Crypto.Util.number import *
from flag import flag
def gen_prime(n):
res = 1
for i in range(15):
res *= getPrime(n)
return res
if __name__ == '__main__':
n = gen_prime(32)
e = 65537
m = bytes_to_long(flag)
c = pow(m,e,n)
print(n)
print(c)
# 17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
# 14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595
2.n分解出來有15個素因數,因為知道Φ(n)=(p-1)(q-1)=(a-1)(b-1)····(f-1)(有幾個素因數就乘幾個),故指令碼如下。
n = 17290066070594979571009663381214201320459569851358502368651245514213538229969915658064992558167323586895088933922835353804055772638980251328261
c = 14322038433761655404678393568158537849783589481463521075694802654611048898878605144663750410655734675423328256213114422929994037240752995363595
e = 65537
primes = [2217990919, 3831680819, 3654864131, 2463878387, 3939901243, 2706073949, 2970591037, 2370292207, 2338725373,
2923072267, 4278428893, 4093178561, 2794985117, 2804303069, 3207148519]
phi = 1
for i in primes:
phi *= (i - 1)
d = invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m)) # b'flag{us4_s1ge_t0_cal_phI}'
六、Crypto-Small d
1.附件內容如下。
from secret import flag
from Crypto.Util.number import *
p = getPrime(1024)
q = getPrime(1024)
d = getPrime(32)
e = inverse(d, (p-1)*(q-1))
n = p*q
m = bytes_to_long(flag)
c = pow(m,e,n)
print(c)
print(e)
print(n)
# c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
# e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
# n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433
2.嘗試去分解n,無果。由於此題e很大,d很小,屬於低解密指數攻擊,直接利用指令碼破解。
from Crypto.Util.number import *
def rational_to_contfrac(x, y):
'''
Converts a rational x/y fraction into
a list of partial quotients [a0, ..., an]
'''
a = x // y
if a * y == x:
return [a]
else:
pquotients = rational_to_contfrac(y, x - a * y)
pquotients.insert(0, a)
return pquotients
def convergents_from_contfrac(frac):
'''
computes the list of convergents
using the list of partial quotients
'''
convs = [];
for i in range(len(frac)):
convs.append(contfrac_to_rational(frac[0:i]))
return convs
def contfrac_to_rational(frac):
'''Converts a finite continued fraction [a0, ..., an]
to an x/y rational.
'''
if len(frac) == 0:
return (0, 1)
elif len(frac) == 1:
return (frac[0], 1)
else:
remainder = frac[1:len(frac)]
(num, denom) = contfrac_to_rational(remainder)
# fraction is now frac[0] + 1/(num/denom), which is
# frac[0] + denom/num.
return (frac[0] * num + denom, num)
def egcd(a, b):
'''
Extended Euclidean Algorithm
returns x, y, gcd(a,b) such that ax + by = gcd(a,b)
'''
u, u1 = 1, 0
v, v1 = 0, 1
while b:
q = a // b
u, u1 = u1, u - q * u1
v, v1 = v1, v - q * v1
a, b = b, a - q * b
return u, v, a
def gcd(a, b):
'''
2.8 times faster than egcd(a,b)[2]
'''
a, b = (b, a) if a < b else (a, b)
while b:
a, b = b, a % b
return a
def modInverse(e, n):
'''
d such that de = 1 (mod n)
e must be coprime to n
this is assumed to be true
'''
return egcd(e, n)[0] % n
def totient(p, q):
'''
Calculates the totient of pq
'''
return (p - 1) * (q - 1)
def bitlength(x):
'''
Calculates the bitlength of x
'''
assert x >= 0
n = 0
while x > 0:
n = n + 1
x = x >> 1
return n
def isqrt(n):
'''
Calculates the integer square root
for arbitrary large nonnegative integers
'''
if n < 0:
raise ValueError('square root not defined for negative numbers')
if n == 0:
return 0
a, b = divmod(bitlength(n), 2)
x = 2 ** (a + b)
while True:
y = (x + n // x) // 2
if y >= x:
return x
x = y
def is_perfect_square(n):
'''
If n is a perfect square it returns sqrt(n),
otherwise returns -1
'''
h = n & 0xF; # last hexadecimal "digit"
if h > 9:
return -1 # return immediately in 6 cases out of 16.
# Take advantage of Boolean short-circuit evaluation
if (h != 2 and h != 3 and h != 5 and h != 6 and h != 7 and h != 8):
# take square root if you must
t = isqrt(n)
if t * t == n:
return t
else:
return -1
return -1
def hack_RSA(e, n):
frac = rational_to_contfrac(e, n)
convergents = convergents_from_contfrac(frac)
for (k, d) in convergents:
# check if d is actually the key
if k != 0 and (e * d - 1) % k == 0:
phi = (e * d - 1) // k
s = n - phi + 1
# check if the equation x^2 - s*x + n = 0
# has integer roots
discr = s * s - 4 * n
if (discr >= 0):
t = is_perfect_square(discr)
if t != -1 and (s + t) % 2 == 0:
print("\nHacked!")
return d
def main():
n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433
e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
d = hack_RSA(e, n)
print("d=")
print(d) # 2357048593
if __name__ == '__main__':
main()
得到d之後,就很簡單了。
c = 6755916696778185952300108824880341673727005249517850628424982499865744864158808968764135637141068930913626093598728925195859592078242679206690525678584698906782028671968557701271591419982370839581872779561897896707128815668722609285484978303216863236997021197576337940204757331749701872808443246927772977500576853559531421931943600185923610329322219591977644573509755483679059951426686170296018798771243136530651597181988040668586240449099412301454312937065604961224359235038190145852108473520413909014198600434679037524165523422401364208450631557380207996597981309168360160658308982745545442756884931141501387954248
d = 2357048593
n = 19873634983456087520110552277450497529248494581902299327237268030756398057752510103012336452522030173329321726779935832106030157682672262548076895370443461558851584951681093787821035488952691034250115440441807557595256984719995983158595843451037546929918777883675020571945533922321514120075488490479009468943286990002735169371404973284096869826357659027627815888558391520276866122370551115223282637855894202170474955274129276356625364663165723431215981184996513023372433862053624792195361271141451880123090158644095287045862204954829998614717677163841391272754122687961264723993880239407106030370047794145123292991433
e = 8614531087131806536072176126608505396485998912193090420094510792595101158240453985055053653848556325011409922394711124558383619830290017950912353027270400567568622816245822324422993074690183971093882640779808546479195604743230137113293752897968332220989640710311998150108315298333817030634179487075421403617790823560886688860928133117536724977888683732478708628314857313700596522339509581915323452695136877802816003353853220986492007970183551041303875958750496892867954477510966708935358534322867404860267180294538231734184176727805289746004999969923736528783436876728104351783351879340959568183101515294393048651825
m = pow(c, d, n)
print(long_to_bytes(m)) # b'flag{learn_some_continued_fraction_technique#dc16885c}'
七、Crypto-babyxor
1.附件內容如下。
from secret import *
ciphertext = []
for f in flag:
ciphertext.append(f ^ key)
print(bytes(ciphertext).hex())
# e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2
2.由於此題不知道key,所以只能寫指令碼去破解了。
import binascii
s = "e9e3eee8f4f7bffdd0bebad0fcf6e2e2bcfbfdf6d0eee1ebd0eabbf5f6aeaeaeaeaeaef2"
unhex = binascii.unhexlify(s)
for j in range(255):
res = ''
for i in unhex:
res += chr(j ^ i)
print(res)
八、Crypto-babyencoding
1.附件內容如下。
part 1 of flag: ZmxhZ3tkYXp6bGluZ19lbmNvZGluZyM0ZTBhZDQ=
part 2 of flag: MYYGGYJQHBSDCZJRMQYGMMJQMMYGGN3BMZSTIMRSMZSWCNY=
part 3 of flag: =8S4U,3DR8SDY,C`S-F5F-C(S,S<R-C`Q9F8S87T`
2.第一段base64,第二段base32,第三段uuencode,依次解碼即可。
九、Crypto-Affine
1.附件內容如下。
from flag import flag, key
modulus = 256
ciphertext = []
for f in flag:
ciphertext.append((key[0]*f + key[1]) % modulus)
print(bytes(ciphertext).hex())
# dd4388ee428bdddd5865cc66aa5887ffcca966109c66edcca920667a88312064
2.Affine是一個對映密碼,y=(a*x+b)%c,所以解碼需要知道a、b、c這三個引數。由於知道答案開頭肯定是flag,故可以寫出方程式
(102*a+b)%256=221 (1)
(108*a+b)%256=67 (2)
(97*a+b)%256=136 (3)
(103*a+b)%256=238 (4)
由(1)式和(4)式可以很容易得到a=17,接著就可以解出b=23。知道了這兩個,編寫指令碼獲取flag。
s = "dd4388ee428bdddd5865cc66aa5887ffcca966109c66edcca920667a88312064"
unhex = binascii.unhexlify(s)
res = ''
strings = string.printable
for i in unhex:
for j in strings:
if int((ord(j) * 17 + 23) % 256) == i:
res += j
print(res) # flag{4ff1ne_c1pher_i5_very_3azy}
十、Crypto-babyaes
1.附件內容如下。
from Crypto.Cipher import AES
import os
from flag import flag
from Crypto.Util.number import *
def pad(data):
return data + b"".join([b'\x00' for _ in range(0, 16 - len(data))])
def main():
flag_ = pad(flag)
key = os.urandom(16) * 2
iv = os.urandom(16)
print(bytes_to_long(key) ^ bytes_to_long(iv) ^ 1)
aes = AES.new(key, AES.MODE_CBC, iv)
enc_flag = aes.encrypt(flag_)
print(enc_flag)
if __name__ == "__main__":
main()
# 3657491768215750635844958060963805125333761387746954618540958489914964573229
# b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
2.整體觀察一下,發現是CBC模式下的AES。key是32位元組(256bits),iv是16位元組(128bits),所以兩者異或的結果其實是key的低128bits與iv異或,再加上key的高128bits。即輸出結果的高128bits就是key的高128bits,從而能得到key。
xor = 3657491768215750635844958060963805125333761387746954618540958489914964573229
key = long_to_bytes(xor^1)[:16]*2
這裡需要注意的一點是,輸出的結果的高位部分在左側,低位部分在右側,一開始我就是想不通為什麼取[:16]部分。得到了key之後,取低128bits再與輸出結果的低128bits進行異或得到iv。完整指令碼如下:
rom Crypto.Util.number import *
from Crypto.Cipher import AES
xor = 3657491768215750635844958060963805125333761387746954618540958489914964573229
enc_flag = b'>]\xc1\xe5\x82/\x02\x7ft\xf1B\x8d\n\xc1\x95i'
key = long_to_bytes(xor ^ 1)[:16] * 2
iv = bytes_to_long(key[16:]) ^ bytes_to_long(long_to_bytes(xor ^ 1)[16:])
iv = long_to_bytes(iv)
aes = AES.new(key, AES.MODE_CBC, iv)
flag = aes.decrypt(enc_flag)
print(flag) # b'firsT_cry_Aes\x00\x00\x00'
十一、Misc-CyberChef's Secret
1.附件內容如下。
來簽到吧!下面這個就是flag,不過它看起來好像怪怪的:-)
M5YHEUTEKFBW6YJWKZGU44CXIEYUWMLSNJLTOZCXIJTWCZD2IZRVG4TJPBSGGWBWHFMXQTDFJNXDQTA=
2.依次經過base32、base58、base64解碼即可。
十二、Misc-機密圖片
1.附件是一張圖片。
掃碼得到。
看來密碼不在這裡。
2.嘗試LSB隱寫,得到flag。
十三、Misc-流量!鯊魚!
1.附件是一個流量包,裡面總共有3000多條流量,故一條一條看是不可能的,發現有http流量,將http物件提取出來。
選擇“檔案”->“匯出物件”->"http"
將所有檔案都匯出來。
2.看到有很多檔名為flag的,一個一個檢視,發現都是404 NOT FOUND。
再翻翻,看到最後有一個(1).ffffllllllll11111144444GGGGGG%7cbase64這樣的檔案。
開啟。檔案內容如下。
Wm14aFozdFhjbWt6TldnMGNtdGZNWE5mZFRVelpuVnNYMkkzTW1FMk1EazFNemRsTm4wSwo=
兩次base64解碼即可。
十四、Misc-空白格
1.附件內容如下,剛開啟什麼都看不到,必須全選才能看到。
2.看到有點和橫線,以為是莫斯密碼,嘗試了一下不對。再透過空白格這條線索,找到了white_space隱寫。(https://vii5ard.github.io/whitespace/)
十五、Misc-隱秘的眼睛
1.附件又是一張圖片。
2.嘗試了LSB隱寫等等都不對。但是有經驗的人根據題目名字就可以知道這是SlientEye隱寫。(工具放在附件中)
十六、Misc-壓縮包們
1.附件是一個無字尾名的檔案,透過16進位制編輯器檢視,可以得到是個zip檔案。
2.但是檔案頭不對,所以修改檔案頭為504B0304,修改字尾名為zip,解壓得到flag.zip檔案。解壓flag.zip發生錯誤。
3.16進位制編輯器開啟,發現在檔案尾有一串base64編碼。
解碼。
提示我們密碼是個6位數,利用工具爆破得到密碼為232311。
刪除最後的base64後再儲存,我發現個奇怪的問題,這個壓縮包只能用bandzip開啟,其他壓縮軟體開啟都會有問題。
十七、Web-洩漏的秘密
1.直接目錄掃描得到robots.txt和www.zip,訪問一下拿到flag。
十八、Web-Begin of Upload
1.檔案上傳漏洞,前端校驗字尾名。
2.故這題需要利用%00截斷。
成功上傳。
執行一句話木馬,拿到flag。
十九、Web-ErrorFlask
1.頁面叫我們傳入兩個引數,隨便傳一下看一下效果。
2.提示我們不是ssti,flag在原始碼中。既然他說不是ssti,我就非要試試。果然頁面報錯了。
可以看到有個/app/app.py檔案,點進去看看,直接得到flag。
二十、Web-Begin of HTTP
1.頁面如下。
哎,這種題目就是按照提示一步步做就完事了。
又要以POST方式對secret傳參,先對註釋中的編碼解碼後再傳。
又要驗證power,直接把cookie中的power欄位改為ctfer即可。
要透過NewStarCTF2023瀏覽器訪問,修改User-Agent。
要從newstarctf.com這個網址訪問過來的,新增referer欄位。
要本地使用者訪問,需要新增X-Fordwarded-For之類的欄位,把下列的欄位全部加進去,總有一個是能成功的。
X-Custom-IP-Authorization:127.0.0.1
X-Forward-For:127.0.0.1
X-Forward:127.0.0.1
X-Forward:localhost
X-Forwarded-By:127.0.0.1
X-Forwarded-By:localhost
X-Forwarded-For-Original:127.0.0.1
X-Forwarded-For-Original:localhost
X-Forwarded-Server:127.0.0.1
X-Forwarded-Server:localhost
X-Forwarded:127.0.0.1
X-Forwarded:localhost
X-Forwarded-For:127.0.0.1
X-Forwarded-For:localhost
X-Forwarded-Host:127.0.0.1
X-Forwarded-Host:localhost
X-Host:127.0.0.1
X-Host:localhost
X-HTTP-Host-Override:127.0.0.1
X-Real-IP:127.0.0.1
X-Remote-Addr:127.0.0.1
X-Remote-Addr:localhost
X-Remote-IP:127.0.0.1
Client-IP:127.0.0.1
Forwarded-For:localhost
Forwarded-For:127.0.0.1
Forwarded:localhost
Forwarded:127.0.0.1
Forwarded-For-IP:127.0.0.1
True-Client-IP:127.0.0.1
X-Client-IP:127.0.0.1
X-Originating-IP:127.0.0.1
二十一、Web-Begin of PHP
1.原始碼如下。
<?php
error_reporting(0);
highlight_file(__FILE__);
if(isset($_GET['key1']) && isset($_GET['key2'])){
echo "=Level 1=<br>";
if($_GET['key1'] !== $_GET['key2'] && md5($_GET['key1']) == md5($_GET['key2'])){
$flag1 = True;
}else{
die("nope,this is level 1");
}
}
if($flag1){
echo "=Level 2=<br>";
if(isset($_POST['key3'])){
if(md5($_POST['key3']) === sha1($_POST['key3'])){
$flag2 = True;
}
}else{
die("nope,this is level 2");
}
}
if($flag2){
echo "=Level 3=<br>";
if(isset($_GET['key4'])){
if(strcmp($_GET['key4'],file_get_contents("/flag")) == 0){
$flag3 = True;
}else{
die("nope,this is level 3");
}
}
}
if($flag3){
echo "=Level 4=<br>";
if(isset($_GET['key5'])){
if(!is_numeric($_GET['key5']) && $_GET['key5'] > 2023){
$flag4 = True;
}else{
die("nope,this is level 4");
}
}
}
if($flag4){
echo "=Level 5=<br>";
extract($_POST);
foreach($_POST as $var){
if(preg_match("/[a-zA-Z0-9]/",$var)){
die("nope,this is level 5");
}
}
if($flag5){
echo file_get_contents("/flag");
}else{
die("nope,this is level 5");
}
}
2.程式碼審計,第一個if判斷要求兩個值不等,但是兩個值的md5值要想等,利用陣列繞過;第二個if還是利用陣列繞過;第三個if是比較兩個字串,還是用陣列繞過;第四個if要求不是數字但是得大於2023,輸入2024a繞過;第五個if透過正則判斷你傳入的是否有大小寫字母和數字,故這裡需要利用異或操作繞過,傳入的值為flag5=true,需要把true用異或的形式表示。
<?php
$a="true";
for($i=0;$i<strlen($a);$i++){
echo "%".dechex(ord($a[$i])^0xff);
}
echo "^";
for($i=0;$i<strlen($a);$i++){
echo "%ff";
}
// %8b%8d%8a%9a^%ff%ff%ff%ff
二十二、Web-R!C!E!
1.原始碼如下。
<?php
highlight_file(__FILE__);
if(isset($_POST['password'])&&isset($_POST['e_v.a.l'])){
$password=md5($_POST['password']);
$code=$_POST['e_v.a.l'];
if(substr($password,0,6)==="c4d038"){
if(!preg_match("/flag|system|pass|cat|ls/i",$code)){
eval($code);
}
}
}
2.對password和e_v.a.l傳參,需要滿足password的md5值的前六位為c4d038,並且e_v.a.l的值會交給eval執行,但是不能出現flag、system等關鍵詞。
第一步:暴力破解得到應該傳給password的值。
import hashlib
def md5(s):
return hashlib.md5(s.encode(encoding='UTF-8')).hexdigest()
for i in range(1000000000):
h = md5(str(i))
if h[0:6] == "c4d038":
print(i) # 114514
break
第二步給e_v.a.l傳一個eval($_GET[1])就可以逃脫出不能使用那些關鍵字的情況了。
但是傳完參,發現頁面沒有任何反應。
哪裡錯了呢,本地搭一個環境,經過測試,發現連第一個if判斷都沒透過,關鍵在給e_v.a.l這個引數傳參。(這裡特別感謝王馬老師的解答)我們都知道這不是一個規範的變數名,所以傳參的時候直接用題目所給是有問題的。這裡參考(https://blog.csdn.net/qq_45086218/article/details/114113971)
所以此處應該是給e[v.a.l傳參就可以了。
成功執行,獲取flag。
二十三、Web-EasyLogin
1.頁面是個登入框,首先註冊一個使用者叫admin,發現已經被註冊過了。
題目既然叫easyLogin,說明這裡有可能需要爆破密碼。抓個包,發現password經過了處理。
檢視頁面原始碼,發現是md5值。
知道了密碼的轉換過程,就可以爆破了。
爆破得到密碼的md5值,解密一下密碼是000000。
2.登入進去之後,按ctrl+C和ctrl+D後進入shell,輸入pwd,成功執行。
按向上鍵,查詢命令歷史記錄。
提示我們用burpsuite,重新回到登入介面抓包,找到一個302跳轉的包,檢視響應獲得flag。
二十四、Reverse-easy_RE
1.ida開啟,main函式反編譯,可看到一部分flag,還有一部分flag需要從變數v6到v16處獲得。
ascii轉換一下得到另一部分flag。
拼接一下即可。