202508_天山固网_to
流量分析,dvorak键盘解码, 大小写转二进制, BIN2QRCODE
Tags:流量分析,dvorak键盘解码,大小写转二进制,BIN2QRCODE
0x00. 题目
【天山固网——2025网络安全技能竞赛】children of stream
I don't know how the characters in my traffic have been restored
Flag完整格式一般为:DASCTF{******},只需要提交{}内的内容。
附件路径:https://pan.baidu.com/s/1GyH7kitkMYywGC9YJeQLJA?pwd=Zmxh#list/path=/CTF附件
附件名称:202508_天山固网_to.zip
0x01. WP
1. 一图片流量中发现hint信息
留存备用,I've heard of Dvorak
2. 一http响应包中发现乱码字符
xwsoawzfknojzwejkrmsewynkoichlsgxiduinsklf
yPZUIQGHEadEGfohHeISleDsLvqleMaryIMUPMEAIc
aOzezoevMpeIZmUABHDDQNAFwhgqynYtbAntvgbhNq
dReTZSEuOjxCVRNGDvfzDZQmTTDZPfQwwYkEIEToDu
cFrJVUCvBndOJRMFXppxMSVmYQSINrLrzUyIKPBuMv
vJfLLPIgUnhjaFaiDafXIZnWlspnBSwmbSqKNGEjJt
lEfHPSMrKmpoZlolmYamKOJARccoxlMonFrNAXUuOs
tTrknqbzUnuTZAnzYlQxAJKUXhEHbxkgxOdbzcvbPe
fLKJSSGZVsiXyIoqKgBgPBuZhXuqZpEtsJDENSSUKh
zkyintuqwjfHOYCSiFSCbfMvTjYBlhDfgzfwryxfxf
mgorlmjgqwiYEKEOcHVGzcCdKfXTwiFyyxakvffvmb
pypIOXBuYdmRHfKYkqfkJEWrcqdwCaGDTETtdTYLBc
qaOYZtXKgnqLqTvbGWFfNABIULxdzJrNFWfjqglGLa
kpifniZqGmtGcwkwTbInapWDUSndLmYCEaRwbIZQjf
zcRsskImaaktyaAEQCYwEMgfsmqowSXguEcjFUYacy
cuXfchFnhrmppjNPDIPrZMtrkjfjaGZblQmhPVIxbu
wPZJICEiALOANFwaIEgsFIMMceQFWCNOMfJvzpjtYw
dOGMXoZPwERhAronbdWtURHrKuvhzOrhqExMCncXTp
uEadoMPxWdqiqKQQydQgHIcDQSxsisEQQtBArnfWaq
yZdNMVOQiLEqkIIEsWNgNGWknoAXlrSzymkMEiloNo
jpxBPJKXTKYWuIjvvDvNqzwPShhhFYRUQcSQlRQaOf
acjTBNFPQFZMsZrjzMjZcbhIHnmmCGYNMvEHtKMvHj
aJXVLJrWbxufHmcoDjPXitiddVvrxBjtgOwjvWPqwc
tpUvbIGZJnyxhYyxwYlxMLtfMRfvgjjebtaKNmvzhq
fBfXVdAcmHHLJIKJaEHkuyJBHlOCkhUOKiDtBDMXKf
niUOLbjbYgtDYqDQadcIhqsmoiszAgTkhzRHTgrtfu
jFqyrqOtlrlBxKfoqzOlPDigEKIVowuVNtwowQTzNe
wDpqogPjgpiInPbeycJfLKnpYSQRffcQAgbiqVHaHx
zKsSVYWXDOCyxpIAPQyAXClurmQIPVRaawZlXysWwh
aVibdxPPcwlVJzpvslGfLWnshkROmZsNVDwiYVCyOz
cPdMGJHtWYDqWhhcCknGusYXZJqmVXVKRPSAsqvpKt
kdbjynqdekdZseNYrEqYLFePAJDYYwHinccQndztIh
mfsqtjkdxcsDaaUJuGfFCPiUEYOBUsKpfggIjyvuJp
tJKWKWSHHokapfecpGfuyisXziSDkZPxhOoHMukVnk
rLfpalbeTxacxFRHRpHZftGjtMXTOKYsrckHBBCCPo
sXcHKNJkOgxURfidXZthchdBoTJTqbFYRJVIZemdXm
oTbCRVEoQyhZYSQCaVrsNLpEWlckAsoXVvOPuNDGsv
yTfMQCVxBiyTvvNRMibBGFDDNltjJOChlNpjALBoos
lKoUHLBdFveKvzFPBwvLTVQHDypjNOGxrJdaDIBdnh
rSobpwjtYkmwwawtRrHrFPMgzfobhntphVbFcAJmvn
nHHKBFFGMzywuXjwZDgtqnPQRWJPQBVlhqPdJFTJcc
bpvrwdbuhrgrgackekaotpwbeclbnlamzzuhrqmwjg
3. 大小写转二进制
上述内容为42*42的表格分布,猜测可能与二维码相关,尝试识别大小写转二进制
01_Case2Bin.py
s='''
... ...'''
for cc in s.split("\n"):
tmpB=''
for c in cc:
if c.islower():
tmpB=tmpB+'0'
else:
tmpB=tmpB+'1'
print(tmpB)
4. BIN2QRCODE
02_BIN2QRCODE.py
from PIL import Image
from zlib import *
MAX = 42 # 数字的长度为一个整数的平方(如36^2=1296)
pic = Image.new("RGB",(MAX,MAX))
str ="""000000000000000000000000000000000000000000011111111001100010110010100001000111111110010000001001101111111111000000100100000010010111101001111110001110111110100101111010010111101001111110001110111110100101111010010111101000010010011101000011000101111010010111101000100001001111100000100101111010010000001001110010101111101100000100000010011111111001010010101101010010100111111110000000000001111101110010101100100000000000000000000001111101110010101100100000000000000111101001101100001110000010111110011110001110110001010011101111110001011100000110000000101001000010100011110010111010011100001000100000001111101100000001100100111000001000100000001111101100000001100100111000011111101111110011001111001111111010000010011110110110100000101110100001000101100110010001101000011100101101110000111011000100010111110110011101101110001100100001100010000111111111010001010001100011111011011010000111111111010001010001100011111011011010011111010000100010110000010001000100011000001001111000010001001100110000000001100000010110100111111101100011101100111010111110001110001001101100010000000010100011100000010000100001010000101100111100011000011010010000100001010000101100111100011000011010010111111110001111011100001111100010100100010000110001100000101100001101011100111010010111101110100010010011110011111111000010000000000001001101011101111110100001000010000000000001001101011101111110100001000010011111111000000001000001001101100101100100010000001000011110110010011111100001111110010111101001100011000001011100111111100010010111101001111101001101100010011011011100010111101001001110011111100011100100111000010111101001001110011111100011100100111000010000001000000010101110000000000101011000011111111000010011000011111111100010111100000000000000000000000000000000000000000000"""
i=0
for y in range(0,MAX):
for x in range(0,MAX):
if(str[i] == '1'):
pic.putpixel([x,y],(0,0,0))
else:pic.putpixel([x,y],(255,255,255))
i = i+1
pic.show()
pic.save("flag.png")
# ssdsahjkhsdfhhkjjhksdfjhds
5. 结合步骤1的提示,进行dvorak解码
03_dvorak_decode.py
dic={r"'":"q", r",":"w", r".":"e", "p":"4", "y":"t", "f":"y", "g":"u", "c":"i", "r":"o", "l":"p", r"/":r"[",r"/":r"[", r"=":r"]", r'"':'Q', r"<":"W", r">":"E", "P":"R",
"Y":"T", "F":"Y", "G":"U", "C":"I", "R":"O", "L":"P", r"?":r"{", r"+":r"}", "a":"a", "A":"A", "o":"s", "O":"S", "e":"d", "E":"D", "u":"f", "U":"F",
"i":"g", "I":"G", "d":"h", "D":"H", "h":"j", "H":"J", "t":"k", "T":"K", "n":"l", "N":"L", "s":";", "S":":", r"-":r"'", r'_':r'"', r";":"z", r":":"Z", "q":"x",
"Q":"X", "j":"c", "J":"C", "k":"v", "K":"V", "x":"b", "X":"B", "b":"n", "B":"N", "m":"m", "M":"M", "w":r",","w":r",", "W":r"<", "v":r".", "V":r">",
"z":r"/", "Z":r"?", r'!':"!", r"@":r"@", r"#":r"#", r"$":r"$", r"%":r"%", r"^":r"^", r"&":r"&", r"*":r"*", r"(":r"(", r")":r")", r"[":r"-", r"]":r"=", r"{":r"_",
r"}":r"+"}
def encode(s):
return ''.join(dic.get(c, c) for c in s)
def decode(s):
result=''
for i in s:
result+=" ".join([key for key, value in dic.items() if value == i])
return result
print("Sample:")
s=r'ypau_kjg;"g;"ypau+'
print("s:",s)
print("decoded s:",decode(s))
s="password"
print("s:",s)
print("encoded s:",encode(s))
print("*"*32)
s=r'ssdsahjkhsdfhhkjjhksdfjhds'
print("s:",s)
print("decoded s:",decode(s))
# s: ssdsahjkhsdfhhkjjhksdfjhds
# decoded s: ooeoadhtdoeuddthhdtoeuhdeo
6. 找到一压缩包流量
导出后使用步骤5中解码字符串解压,得到flag
flag为DASCTF{jhughudshhjg_qiwjains_jsmka}
浙公网安备 33010602011771号