Number_is_the_key
題目
The answers to the questions are hidden in the numbers.
檔案是空白的xlsx檔案
亂點發現有些單元格加粗了,有些沒有,一眼丁真二維碼,寫個指令碼替換一下顏色
exp:
from openpyxl import load_workbook
from openpyxl.styles import PatternFill
misc = load_workbook('attachment-1.xlsx')
misc1 = misc.active
bold_cells = []
for row in misc1.iter_rows():
for cell in row:
if cell.font.bold:
bold_cells.append(cell.coordinate)
highlight_style = PatternFill(start_color="FFFF00", end_color="FFFF00", fill_type="solid")
for cell in bold_cells:
misc1[cell].fill = highlight_style
misc.save('new.xlsx')
print('1')開啟調整行高列寬分別為1.1 0.1可得到二維碼:
掃碼即可:
ISCC{sR5FiV6XMKUe}
精裝四合一
分離,我們是破碎的;團結,我們將成為神。我們終將在二進位制的反覆與隱藏之中破解自身的密碼
我的解答:
題目給了四張圖片,010發現每張圖後面都有冗餘部分。
我們把四張圖的冗餘部分都提取出來(手動呦寶子們!別怕累) 然後用指令碼進行拼接
def read_file(filename):
with open(filename, 'rb') as file:
return file.read()
def write_file(filename, content):
with open(filename, 'wb') as file:
file.write(content)
file_names = ['left_foot_invert', 'left_hand_invert', 'right_foot_invert', 'right_hand_invert']
output_filename = 'output.txt'
# 獲取檔案內容並將其儲存在一個列表中
file_contents = [read_file(name) for name in file_names]
# 找到最長的檔案內容的長度
max_length = max(len(content) for content in file_contents)
# 初始化一個位元組串,用於儲存拼接後的內容
concatenated_content = bytearray()
# 逐個字元拼接內容
for i in range(max_length):
for content in file_contents:
if i < len(content):
concatenated_content.append(content[i])
# 寫入新檔案
write_file(output_filename, bytes(concatenated_content))開啟發現好多的FF
和FF異或一下得到壓縮包。
def xor_with_ff(byte):
return byte ^ 0xFF
def process_file(input_file, output_file):
with open(input_file, "rb") as f:
input_data = f.read()
# Apply XOR operation with 0xFF to each byte
xor_data = bytearray(xor_with_ff(byte) for byte in input_data)
with open(output_file, "wb") as f:
f.write(xor_data)
if __name__ == "__main__":
input_filename = "output.txt" # 輸入檔名
output_filename = "output_file.txt" # 輸出檔名
process_file(input_filename, output_filename)
print("Processing complete.")
改字尾解壓發現存在密碼。直接爆破即可,純數字長度4-6
解壓得到docx文件,開啟有隱藏字元(全選文字變紅色可看到)
然後右鍵選擇字型,勾選掉隱藏文字就可以複製了寶。。
16920251144570812336430166924811515273080382783829495988294341496740639931651
數字應該是n,然後分解得到p和q
p=100882503720822822072470797230485840381
q=167722355418488286110758738271573756671
修改文件字尾為壓縮包開啟,在media資料夾下發現損壞的圖片true_flag.jpeg。
這裡面的hex作為密文c就行
from Crypto.Util.number import *
import gmpy2
e = 65537
c = 0x03F7FFF0513A1A2321CFCFF0192B6146A004FBE7CDCB913582751BE706488633
p=100882503720822822072470797230485840381
q=167722355418488286110758738271573756671
n = 16920251144570812336430166924811515273080382783829495988294341496740639931651
phi = (p-1)*(q-1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))
# ISCC{zW3561769893X13}鋼鐵俠在解密
題目
我的解答:
靜默之眼解碼鋼鐵俠圖片拿到兩個c,這道題很熟悉,參考本人部落格:https://www.cnblogs.com/mumuhhh/p/17789591.html
exp:
import gmpy2
from Crypto.Util.number import *
import sympy
from sympy.abc import x, y, z
import sys
def HGCD(a, b):
if 2 * b.degree() <= a.degree() or a.degree() == 1:
return 1, 0, 0, 1
m = a.degree() // 2
a_top, a_bot = a.quo_rem(x^m)
b_top, b_bot = b.quo_rem(x^m)
R00, R01, R10, R11 = HGCD(a_top, b_top)
c = R00 * a + R01 * b
d = R10 * a + R11 * b
q, e = c.quo_rem(d)
d_top, d_bot = d.quo_rem(x^(m // 2))
e_top, e_bot = e.quo_rem(x^(m // 2))
S00, S01, S10, S11 = HGCD(d_top, e_top)
RET00 = S01 * R00 + (S00 - q * S01) * R10
RET01 = S01 * R01 + (S00 - q * S01) * R11
RET10 = S11 * R00 + (S10 - q * S11) * R10
RET11 = S11 * R01 + (S10 - q * S11) * R11
return RET00, RET01, RET10, RET11
def GCD(a, b):
print(a.degree(), b.degree())
q, r = a.quo_rem(b)
if r == 0:
return b
R00, R01, R10, R11 = HGCD(a, b)
c = R00 * a + R01 * b
d = R10 * a + R11 * b
if d == 0:
return c.monic()
q, r = c.quo_rem(d)
if r == 0:
return d
return GCD(d, r)
sys.setrecursionlimit(500000)
N = 14333611673783142269533986072221892120042043537656734360856590164188122242725003914350459078347531255332508629469837960098772139271345723909824739672964835254762978904635416440402619070985645389389404927628520300563003721921925991789638218429597072053352316704656855913499811263742752562137683270151792361591681078161140269916896950693743947015425843446590958629225545563635366985228666863861856912727775048741305004192164068930881720463095045582233773945480224557678337152700769274051268380831948998464841302024749660091030851843867128275500525355379659601067910067304244120384025022313676471378733553918638120029697
e = 52595
m1 = b'iscc'
m2 = b'good'
C1=1797881769095881389135636214995735970034906783882617765669154885865747857574524046843250978520866963454086548992016489746068123611326482489404456133370671106492609231660803797185966934180374439905518616100102007590362658245408226973820074378799634135901408811924486796772765687161019226616073724105323257163421450366148994198996091162635440891379168790069467297383888508688290637031899840486830764351064900948052433534820337159828045706197750616588171364113773157609036901458726161213979498085661064039574780633678467134133040715157608855594873274913870490985926820921668486084335556146539775656062690629306469921269
C2=11359894841773918779501892534836243606892469480640690292534721828229173402733721164804598333013363918987515669192779352725833724222045284739714333164333452709707854351542505484516091103625582761508034643807688742712408558180310601209001321554206500404095512379182964849642229363646474263994077972885609459541522030594101679885578558118202938190635741716888233111801286711707047808192722124532739207629984409436438948293306209612408984961751030234454229399169727072745606037602543416968483395236673514589833955652612083125960659970072597646145743788767357410593650420111560937497574357452081109622444000532499437833956
R.<x> = PolynomialRing(Zmod(N))
f = (x*256^4+bytes_to_long(m1))^e - C1
g = (x*256^4+bytes_to_long(m2))^e - C2
res = GCD(f,g)
m = -res.monic().coefficients()[0]
print(m)
flag = long_to_bytes(int(m))
print(flag)