fhacker(极客大挑战原题,但是有sss自创神秘题目)
rsa
一把梭
共模攻击
我是废物,AI写的脚本
from Crypto.Util.number import long_to_bytes
n = 19742875423645690846073637620470497648804310111201409901059297083827103813674034450200432098143959078292346910591785265323563248781526393718834491458926162514713269984791730816121181307827624489725923763353393879316510062227511469438742429290073999388690825732236465647396755899136346150862848924231619666069528077790933176798057396704758072769660663756346237040909579775389576227450505746914753205890194457812893098491264392293949768193694560954874603451253079446652049592976605414438411872223250039782381259212718733455588477129910357095186014496957765297934289263536712574572533650393220492870445376144568199077767
e1 = 911
e2 = 967
c1 = 18676091924461946809127036439355116782539894105245796626898495935702348484076501694838877829307466429933623102626122909782775514926293363853121828819237500456062111805212209491398720528499589486241208820804465599279152640624618194425740368495072591471531868392274503936869225072123214869399971636428177516761675388589238329574042518038702529606188240859751459632643230538522947412931990009143731829484941397093509641320264169403755707495153433568106934850283614529793695266717330769019091782929139589939928210818515744604847453929432990185347112319971445630830477574679898503825626294542336195240055995445217249602983
c2 = 4229417863231092939788858229435938841085459330992709019823280977891432565586698228613770964563920779991584732527715378842621171338649745186081520176123907689669636473919678398014317024138622949923292787095400632018991311254591786179660603414693984024161009444842277220189315861986306573182865656366278782315864366857374874763243428496061153290565891942968876789905670073321426112497113145141539289020571684634406829272902118484670099097148727072718299512735637087933649345419433312872607209633402427461708181971718804026293074540519907755129917132236240606834816534369171888633588190859475764799895410284484045429152
def extended_gcd(a, b):
# 迭代实现扩展欧几里得算法
old_r, r = a, b
old_s, s = 1, 0
old_t, t = 0, 1
while r != 0:
quotient = old_r // r
old_r, r = r, old_r - quotient * r
old_s, s = s, old_s - quotient * s
old_t, t = t, old_t - quotient * t
return old_r, old_s, old_t
def modinv(a, mod):
g, x, y = extended_gcd(a, mod)
if g != 1:
raise ValueError("Modular inverse does not exist")
else:
return x % mod
def mod_pow(a, exp, mod):
if exp == 0:
return 1
if exp < 0:
a_inv = modinv(a, mod)
return pow(a_inv, -exp, mod)
else:
return pow(a, exp, mod)
g, s, t = extended_gcd(e1, e2)
term1 = mod_pow(c1, s, n)
term2 = mod_pow(c2, t, n)
m = (term1 * term2) % n
flag = long_to_bytes(m)
print("flag:", flag)
签到题
略
凯撒加密
前缀是SYC,随波逐流解一下就好
dp
梭
Truth of Word
第一段是字体改成白色了
第二段,注意到docm是带有宏的格式,查看宏即可
第三段把后缀改为zip,解压在\word\media中有图片
ez_pcap_1
smb流中有传输flag.txt.txt,导出后查看即可
ncoCRT
我是废物,ai写的代码
from sympy.ntheory.modular import crt
from Crypto.Util.number import long_to_bytes
p = [
1921232050179818686537976490035,
2050175089402111328155892746480,
1960810970476421389691930930824,
1797713136323968089432024221276,
2326915607951286191807212748022
]
c = [
1259284928311091851012441581576,
1501691203352712190922548476321,
1660842626322200346728249202857,
657314037433265072289232145909,
2056630082529583499248887436721
]
m, _ = crt(p, c)
flag_bytes = long_to_bytes(m)
# 直接去除所有末尾的 \x01(无需截取长度)
flag = flag_bytes.rstrip(b'\x01')
print(f"FLAG: {flag.decode()}")
乌龟
mmsstv扫描得到Be4uti7ulSun5e7,
将其用所密钥使用deepsound 用silenteye不行提取得Secrect.txt . 查询得知是logo语言,使用logo 语言运行,并辨认字迹得flag
ez_jpg
不难发现是b64,cyberchef解码后一眼看到 9dff 拖到最后发现 8dff 不难注意到这是逆序的jpg文件头尾,reverse之后cyberchef魔术棒转化为jpg,导出
修改图片高度可看到错位的flag,注意到图片每行错开,尝试修改图片宽度,几经尝试宽度630即可对正或者直接放ps里手动修一下
ecc
我是废物,ai写的代码
from sage.all import *
# 已知参数
p = 93202687891394085633786409619308940289806301885603002539703165565954917915237
a = 93822086754590882682502837744000915992590989006575416134628106376590825652793
b = 80546187587527518012258369984400999843218609481640396827119274116524742672463
k = 58946963503925758614502522844777257459612909354227999110879446485128547020161
# 定义椭圆曲线
E = EllipticCurve(GF(p), [a, b])
# 解析c1和c2的坐标
c1 = E(40485287784577105052142632380297282223290388901294496494726004092953216846111,
81688798450940847410572480357702533480504451191937977779652402489509511335169)
c2 = E(51588540344302003527882762117190244240363885481651104291377049503085003152858,
77333747801859674540077067783932976850711668089918703995609977466893496793359)
# 计算m点
temp = k * c2
m = c1 - temp
m_x, m_y = m.xy()
# 调试输出椭圆曲线计算结果
print("temp =", temp)
print("m =", m)
print("m_x =", m_x, "| m_y =", m_y)
# 已知的cipher值
cipher_left = 34210996654599605871773958201517275601830496965429751344560373676881990711573
cipher_right = 62166121351090454316858010748966403510891793374784456622783974987056684617905
# 计算模逆元(关键修正)
inv_m_x = inverse_mod(int(m_x), p)
inv_m_y = inverse_mod(int(m_y), p)
# 正确解密公式
flag_left_num = (cipher_left * inv_m_x) % p
flag_right_num = (cipher_right * inv_m_y) % p
# 显式转换为Python的int类型(关键步骤)
flag_left_num = int(flag_left_num)
flag_right_num = int(flag_right_num)
# 转换为bytes并拼接
flag_left = int.to_bytes(
flag_left_num,
(flag_left_num.bit_length() + 7) // 8,
'big'
)
flag_right = int.to_bytes(
flag_right_num,
(flag_right_num.bit_length() + 7) // 8,
'big'
)
flag = (flag_left + flag_right).decode()
print("flag =", flag)
舔狗的觉醒
字典爆破出密码88888888,观察文本文档,发现每个字节颠倒的50 4b 03 03以及尾部的50 4b 05 06.猜测每个字节的两位十六进制数都反转了.由于我是废物,所以ai写的脚本
def swap_hex_chars(hex_string):
# Remove spaces and newlines from the hex string
hex_string = hex_string.replace(" ", "").replace("\n", "")
# Ensure the length of hex string is even
if len(hex_string) % 2 != 0:
raise ValueError("The length of the hex string must be even.")
# Swap each pair of hex characters
swapped_hex_list = []
for i in range(0, len(hex_string), 2):
byte = hex_string[i:i+2]
swapped_byte = byte[1] + byte[0]
swapped_hex_list.append(swapped_byte)
# Join the list into a single string with spaces
swapped_hex_string = ' '.join(swapped_hex_list)
return swapped_hex_string
def read_and_swap_file(input_file_path, output_file_path):
try:
with open(input_file_path, 'r') as infile, open(output_file_path, 'w') as outfile:
for line_number, line in enumerate(infile, start=1):
cleaned_line = line.strip().replace(" ", "")
# Check if the length of cleaned line is even
if len(cleaned_line) % 2 != 0:
raise ValueError(f"The length of the cleaned hex string on line {line_number} must be even.")
swapped_line = swap_hex_chars(line)
outfile.write(swapped_line + '\n')
print(f"Line {line_number}: Original: {line.strip()} -> Swapped: {swapped_line}")
except FileNotFoundError:
print(f"Error: The file {input_file_path} was not found.")
except ValueError as ve:
print(f"ValueError: {ve}")
except Exception as e:
print(f"An unexpected error occurred: {e}")
# Example usage
if __name__ == "__main__":
input_file_path = "input.txt"
output_file_path = "output.txt"
read_and_swap_file(input_file_path, output_file_path)
输出文件改后缀为zip解压使用pdf编辑器移走图片即可.
cimbar
经查询得到编码表,为方便记录,记16进制数在边上
对照给出的图记录
5359437b416e30746833725f416d407a316e395f51525f436f34657d
cyberchef FromHex一下就得到flag
nc
我是 fw,代码ai写的
import hashlib
import itertools
import string
# 已知部分
proof_suffix = " " # 替换为实际的 proof[4:] 部分
_hexdigest = " " # 替换为实际的 _hexdigest
# 字符集
charset = string.ascii_letters + string.digits
# 生成所有可能的4字符组合
for xxxx in itertools.product(charset, repeat=4):
xxxx_str = ''.join(xxxx)
# 拼接并计算哈希值
test_str = xxxx_str + proof_suffix
test_hash = hashlib.sha256(test_str.encode()).hexdigest()
# 验证哈希值
if test_hash == _hexdigest:
print(f"Found match: {xxxx_str}")
break
else:
print("No match found")
给出答案后依次输入1,2,3......得到flag的每一位
Secret of Starven
导出smb
然后被图片耽误了很久
字典爆破压缩包即可.
100%的⚪
进入游戏之后对着源代码盯帧,发现
拿去b64解一下就有了
X0R
我是fw,代码ai写的
from Crypto.Util.number import long_to_bytes
from pwn import xor
# 已知参数
e2 = 10706859949950921239354880312196039515724907
f1 = 4585958212176920650644941909171976689111990
f2 = 3062959364761961602614252587049328627114908
# 计算enc
enc = e2 ^ f1 ^ f2
flag_xor_key = long_to_bytes(enc)
# 假设flag以 "XOR{" 开头(常见CTF flag格式)
possible_prefix = b'SYC{'
key_candidate = bytes([possible_prefix[i] ^ flag_xor_key[i] for i in range(4)])
# 使用候选key解密
flag_candidate = xor(flag_xor_key, key_candidate)
print("Decrypted flag:", flag_candidate)
雪
010查看压缩包末尾有附加字符串,b64解码为压缩包密码.根据图片名称提示想到这是盲水印,提取
根据txt名字及题目名字提示,文本是snow隐写,密钥是盲水印内容,
史上最没节操的游戏
碰到啥就上网搜就行,给的提示就是长宽拉伸一下得到bv号下载原音频对齐一下波形,相位反转一下用sstv扫
然后去雪剑博客.发现每次进入头图和文字都不同,跟图图片内"运气好的小朋友能找到",于是疯狂刷新
或者疯狂盯帧源码
另外一段名字改变那里,多换几次名字观察发现是维吉尼亚,或者发动惊人的注意力发现每四位的字母偏移量重复,在结合网盘密码不区分大小写的特点发现字母位移量代表字母表的那一位字母.
然后翻雪剑qq空间第一条右下角.
歌单那里就是每首歌第一个字母.
友谊地久天长
不难发现附件有一个.crypto文件和一个损坏的图片.010以文本形式打开邮件,发现传输的是一个名叫44F2E635@A840FA51.57E5BE6700000000.png的图片.我们把图片的内容复制下来(复制到下一个类似------=_NextPart_67BEE557_17FF9180_31CF37E4的标识符那里)用b64解码后保存为png.
发现无法打开.010查看文件头发现异常,特征码应该是%PNG,但是现在第一个字节错误,纠正为89.运行模板后发现中间的chunk很奇怪,没有名字
仔细查看发现IDAT都变成了AT
也就是49444145的前两个字节被置空了.将所有idat块修复,扫码得到的就是.crypto的密码.
.crypto是由软件 Encrypto 加密后的后缀名,我们下载此软件,使用其解码那个文件得到 mp3.邮件里说flag不在歌里,考虑提取歌曲的封面.binwalk发现有一个png文件,考虑是封面
在010搜索%PNG和IEND以定位图片头尾,手动导出.
使用stegsolve发现蓝色通道最低位出现神秘内容
导出,结合提示可知这是光栅,使用Photoshop操作
浙公网安备 33010602011771号