[GDOUCTF 2023]doublegame wp

一个游戏为贪吃蛇,另一个游戏maze

在string里面能够直接看到迷宫

点击查看代码 
000000000000000000000
0 0 0 0     0     0 0
0 0 0 00000 00000 0 0
0 0               0 0
0 000 000 0 000 0 0 0
0 0     0 0 0   0 0 0
0 0 0 00000 000 000 0
0 0 0     0   0 0    
0 000 0 0 000 0 0 0 0
0     0 0 0 0 0 0 0 0
0 00000 000 000 0 0 0
0     0       0   0 0
000 0 0 0 000 0 0 0 0
0 0 0 0 0 0 * 0 0 0 0
0 0000000 0 000 00000
@       0 0         0
0 0 0 0 0 00000000000
0 0 0 0             0
000 0 00000 0 000 000
0         0 0   0   0
000000000000000000000

但是这里面有一个坑

虽然迷宫的地图已经出来了,但是下面还有一个v14[4] = '0';

所以真实的地图应该为

点击查看代码 
000000000000000000000
0 0 0 0     0     0 0
0 0 0 00000 00000 0 0
0 0               0 0
0 000 000 0 000 0 0 0
0 0     0 0 0   0 0 0
0 0 0 00000 000 000 0
0 0 0     0   0 0    
0 000 0 0 000 0 0 0 0
0     0 0 0 0 0 0 0 0
0 00000 000 000 0 0 0
0     0       0   0 0
000 0 0 0 000 0 0 0 0
0 0 0 0 0 0 * 0 0 0 0
0 0000000 0 000 00000
@   0   0 0         0
0 0 0 0 0 00000000000
0 0 0 0             0
000 0 00000 0 000 000
0         0 0   0   0
000000000000000000000

但是对于这道题想要获取真是的迷宫还可以用CE调试,将分数修改为大于13371337,就能够直接获取

CE使用学习:https://www.cnblogs.com/LyShark/p/10799926.html

从@走到*救出小猫,然后走到出口

路径脚本

点击查看代码 
from collections import deque

# 设置二维四向迷宫, 如果题目是多个小迷宫问题, 拆分多次调用脚本获取路径即可
# 每一排后面要逗号隔开,对齐++++++++++++++++++++++++++
maze = [
    [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1],
    [1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1],
    [1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1],
    [1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1],
    [1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1],
    [1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1],
    [1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1],
    [1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0],
    [1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1],
    [1, 0, 0, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1],
    [1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1],
    [1, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1],
    [1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 1, 0, 1, 0, 1],
    [1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1, 0, 1, 0, 1],
[1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 1],
[0, 0, 0, 0, 1, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1],
[1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1],
[1, 0, 1, 0, 1, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1],
[1, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 1, 1, 0, 1, 1, 1],
[1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 1],
[1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1]]
path_len = 0x7fffffff  # 如果题目未给出终点坐标,则一定会指定路径的长度,在此处修改路径长度,否则请保留path_len的极大值
#已知步长时更改,否则不管+++++++++++++++++++++++++++++++++

# 进行BFS寻找路径
def bfs(start, end, barrier):
    directions = [(0, 1), (1, 0), (0, -1), (-1, 0)]  # 定义四个方向的移动
    for i in range(len(maze)):  # 获取起点和终点在列表中的索引
        for j in range(len(maze[i])):
            if (maze[i][j] == start):
                start = (i, j)
            if (maze[i][j] == end):
                end = (i, j)
    # 以下均是bfs算法套路
    queue = deque()
    queue.append((start, [start]))  # (当前位置, 路径)
    visited = set()
    visited.add(start)
    while queue:
        position, path = queue.popleft()
        if position == end:
            return path
        elif len(path) == path_len:
            return path
        for d in directions:
            next_position = (position[0] + d[0], position[1] + d[1])
            if 0 <= next_position[0] < len(maze) and 0 <= next_position[1] < len(maze[0]) and \
                    maze[next_position[0]][next_position[1]] != barrier and next_position not in visited:
                queue.append((next_position, path + [next_position]))
                visited.add(next_position)
    return None


# 执行BFS搜索并打印结果
if __name__ == '__main__':
    #更改起点和终点的坐标,如果知道path而坐标未知则注释掉+++++++++++++++++++++++++++++
    maze[15][0] = 'S' #如果题目给了起点终点的坐标,在这里直接给起点和终点添加特征
    maze[7][20] = 'E'#前为横坐标,后为纵坐标

    path = bfs('S', 'E', 1)  # bfs函数传入参数代表起点、终点、障碍的特征(若题目给出的数据无特征, 手动添加特征即可, 通常障碍是1也有可能是0或其它字符如'#')
    print("移动路径坐标:", path)
    print("移动路径方位:{", end='')
    for i in range(1, len(path)):
        x1, y1, x2, y2 = path[i - 1][0], path[i - 1][1], path[i][0], path[i][1]
        if (x1 > x2):  # 上
            print("w", end='')
        elif (x1 < x2):  # 下
            print("s", end='')
        elif (y1 > y2):  # 左
            print("a", end='')
        elif (y1 < y2):  # 右
            print("d", end='')
    print('}')

路径为dddssssddwwwwddssddwwwwwwddddssaassddddwwwwddwwwwddd

maze下面有score的检验

同时这个score也是打开门的key

异或

点击查看代码 
print(0x1DC4 ^ 13376013)
#13371337

即score为13371337

整个游戏逻辑为:

先玩贪吃蛇玩到13371337进入走迷宫,这个score同时也是打开门的钥匙key,再输入路径救出小猫

flag格式为

HZCTF{md5(path)+score}

NSSCTF{811173b05afff098b4e0757962127eac13371337}

posted @ 2025-03-07 19:53  zzz222666  阅读(79)  评论(0)    收藏  举报