CISCN2022初赛misc wp

ez_usb

usb流量题，与以前的鼠标流量和键盘流量有所区别，但大同小异

导出所有的HID数据并按照ip分类，之后脚本解码得到压缩包和密码

mappings = { "04":"a",  "05":"b",  "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", 
 "0b":"h", "0c":"i",  "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n","12":"o",  
 "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u","19":"v", "1a":"w", 
 "1b":"x", "1c":"y", "1d":"z", "1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5",  
 "23":"6", "24":"7", "25":"8", "26":"9", "27":"0"}
res = ""
with open("8.txt","r") as fr:
    r = fr.readlines()
    for v in r:
        m = v.split(":")[2]
        if m in mappings:
            res += mappings[m]
print(res)
# res = 526172211a0700cf907300000d00000000000000c4527424943500300000002a00000002b9f9b0530778b5541d33080020000000666c61672e747874b9ba013242f3afc000b092c229d6e994167c05a78708b271ffc042ae3d251e65536f9ada87c77406b67d0e6316684766a86e844dc81aa2c72c71348d10c4c3d7b00400700e
pwd = ""
with open("10.txt","r") as fr:
    r = fr.readlines()
    for v in r:
        m = v.split(":")[2]
        if m in mappings:
            pwd += mappings[m]
print(pwd)
# pwd = 35c535765e50074a

结果为flag{20de17cc-d2c1-4b61-bebd-41159ed7172d}

everlasting_night

图片alpha通道2处隐写信息

得到lsb的密码

 

输出得到一个bmp，实是时压缩包，解压后有一个png，解压密码就是png中最后的尾部多余的数据的解md5

 

采用gimp修改宽高得到

结果为flag{607f41da-e849-4c0b-8867-1b3c74536Cc4}

babydisk

时间不够很可惜，不然就上大分了

deepsound配合脚本解密

得到deepsound密码是feedback

得到一串字符

回收站里有文件存在，经分析是容器文件，导出

使用上面的密码挂载容器，挂载出来是个压缩包，打开提示是损坏的

winhex发现异常

结合文件名的意思是螺旋，百度一下看到螺旋矩阵的java实现

找一个python的脚本螺旋矩阵，python实现----幽幽山村一小生，螺旋矩阵针对的是n*n的矩形，因此要找出压缩包的n，winhex看到长度一共是7569，容易找到n为87

接下来针对这个压缩包写脚本

def function(n):
    matrix = [[0] * n for _ in range(n)]
    number = 1
    left, right, up, down = 0, n - 1, 0, n - 1
    while left < right and up < down:
        # 从左到右
        for i in range(left, right):
            matrix[up][i] = number
            number += 1
        # 从上到下
        for i in range(up, down):
            matrix[i][right] = number
            number += 1
        # 从右向左
        for i in range(right, left, -1):
            matrix[down][i] = number
            number += 1
        for i in range(down, up, -1):
            matrix[i][left] = number
            number += 1
        left += 1
        right -= 1
        up += 1
        down -= 1
    # n 为奇数的时候，正方形中间会有个单独的空格需要单独填充
    if n % 2 != 0: 
        matrix[n // 2][n // 2] = number
    return matrix
with open("spiral","rb") as fr:
    r = fr.read()
spiral = function(87)
for i in range(87):
    for j in range(87):
        #保证下标的一致性 防止溢出
        spiral[i][j] -= 1
res = []
for i in range(87):
    for v in spiral[i]:
        tmp = hex(r[v])[2:]
        if len(tmp) == 1:
            #补首位0
            tmp = "0"+tmp
        res.append(tmp)
print("".join(res))

将得到的hex利用winhex转成文件，解压后得到一张图片

先把字符都取出来，发现一共是49个字符，7的平方，那么再矩阵变换

s = "ohhhhhhf5-410f3f969bl696}6-a-1eb59ge1-4d3{f9af107"

while(True):
    arr = [s[i:i+7] for i in range(0,len(s),7)]
    spiral = function(7)
    for i in range(7):
        for j in range(7):
            spiral[i][j] -= 1
    flag = ""
    for i in range(7):
        for v in spiral[i]:
            flag += s[v]
    s = flag
    if flag.find("hhflag") != -1:
        print(s)

变一次是找不到flag的，但是我发现匹配flag后有好几个结果，挨个试试总有对的~~~~

结果为flag{701fa9fe-63f5-410b-93d4-119f96965be6}