這次比賽又是國服簽到型選手
1.雙重圖格
題目給了兩章圖檔和一個hint的excel檔案,寫的時候一直以為是檔案外藏了什麼,發現其實是空格隐藏資料,進去之後把空格都替換掉就發現提示
得到 Insert:OFFSET28354h
意思是在28354h這個位置插入什麼
把圖檔放到010裡看一下,
有一塊識别不出來的資料,結合前面的提示,
把這一塊剪切下來放到提示的位置。(這裡我看了半天大佬的wp沒懂,問了群裡的師傅才知道,謝謝好心的師傅們)
這裡涉及到fdat的資料,這裡是apng的檔案,要用谷歌或者火狐浏覽器檢視才行(我的浏覽器不知道為什麼一直顯示不出來我就直接用了群裡師傅的圖了,太菜了)
這是DotCode 找了個線上掃描器:https://demo.dynamsoft.com/DBR/BarcodeReaderDemo.aspx
掃出來的結果為:U2FsdGVkX1/mLyhDqehTlmxmPoamVfr7h1El3iWRVvuJQodh1HvxMeQ2F8lgHfXzq70N4U/ZcjYtjLbXE8HRmw==
這就是密文了 ,接下來是key.jpg
拿到手的時候發現是反色的,先放到stegsolve裡面反色了一下發現什麼都掃不出來,剛開始還以為是哪裡出問題了,用手機也掃了一遍也不行,我還以為是我的手機問題,全家的手機都拿來試了一次,才确定是圖的問題,于是看看有沒有隐藏檔案,放到虛拟機裡binwalk一下
發現有另外一張圖,dd出來
得到這樣一張圖,先修補一下
這裡借了大佬的圖因為實在p的太糞了
再放進stegsove裡xor一下得到
就能掃出來
在解密一下就得到flag
(不知道為什麼有幾個網站解不出來,還是要靠大佬呀,太菜了。)
DASCTF{b12e6674e844486d20d24793809ae38a}
2.eeeeeeeasyusb
給了一個文本檔案,打開發現一段字
在移動光标的時候有明顯的頓挫感,是以猜測是零寬字元隐寫
得到
發現好像沒什麼意義(比賽時候就做到這裡,後來比賽結束看别的師傅的wp才知道這是英文nut(堅果)指的是堅果雲,我真的裂開,還是太菜)
前面是連結:https://www.jianguoyun.com/p/DYcbU-gQz_TZCBjh8rID
後面是密碼:jmTjTw
下載下傳下來是兩個usb流量包
百度了一下發現可以追蹤滑鼠和鍵盤的軌迹的(這麼牛嗎)
借了大佬的腳本來畫圖
先提取出流量包的内容,參考這位師傅
指令是
tshark -r part1.pcapng -T fields -e usb.capdata > usb1data.txt
#!/usr/bin/python
# coding: utf-8
import matplotlib.pyplot as plt
import numpy as np
import matplotlib as mpl
mpl.rcParams['font.family'] = 'sans-serif'
mpl.rcParams['font.sans-serif'] = 'NSimSun,Times New Roman'
x, y = np.loadtxt('res.txt', delimiter=' ', unpack=True)
plt.plot(x, y, '*', label='Data', color='black')
plt.xlabel('x')
plt.ylabel('y')
plt.title('Data')
plt.legend()
plt.show()
這個腳本跑出來坐标
#!/usr/bin/python
# coding: utf-8
import matplotlib.pyplot as plt
import numpy as np
import matplotlib as mpl
mpl.rcParams['font.family'] = 'sans-serif'
mpl.rcParams['font.sans-serif'] = 'NSimSun,Times New Roman'
x, y = np.loadtxt('res.txt', delimiter=' ', unpack=True)
plt.plot(x, y, '*', label='Data', color='black')
plt.xlabel('x')
plt.ylabel('y')
plt.title('Data')
plt.legend()
plt.show()
這裡用來畫出來,本來像把大佬們的腳本整合一下,但是老是出錯,幹脆麻煩一點分開來了
得到:
水準旋轉一下得到:166433882cd04aaa
然後就是part2
還是靠大佬的腳本
normalKeys = {"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
nums = []
keys = open('usb2data.txt')
for line in keys:
if len(line)!=17: #首先過濾掉滑鼠等其他裝置的USB流量
continue
nums.append(line[0:2]+line[4:6]) #取一、三位元組
keys.close()
output = ""
for n in nums:
if n[2:4] == "00" :
continue
if n[2:4] in normalKeys:
if n[0:2]=="02": #表示按下了shift
output += shiftKeys [n[2:4]]
else :
output += normalKeys [n[2:4]]
else:
output += '[unknown]'
print('output :n' + output)
得到:
這最後還是需要一點腦洞,根據part1又16位,part2應該也有16位,已知的9位以及35個F2,F3,以可知道5個F2,F3為一個字元,是以位培根密碼,F2是a,F3是b,最後解碼即可(原話copy,腦洞确實大)
最後得到密碼:056bd4ad29bb522b
結合一下:flag{166433882cd04aaa056bd4ad29bb522b}
3.标錯的字元
大佬們還沒有預期解,遵循7的意志就能通關!!
flag{287fe711b6c25ec4352df516e7f8cc33}
參考:http://blog.v3ged4g.top/2020/08/27/DASCTF%E5%85%AB%E6%9C%88%E8%B5%9B-misc-eeeeeeeasyusb/
http://www.fzwjscj.xyz/index.php/archives/38/#analyze-2
http://www.ga1axy.top/index.php/archives/46/