ISCC 2024 练武题 misc趣题记录
Number_is_the_key
题目
The answers to the questions are hidden in the numbers.
文件是空白的xlsx文件
乱点发现有些单元格加粗了,有些没有,一眼丁真二维码,写个脚本替换一下颜色
exp:
from openpyxl import load_workbook
from openpyxl.styles import PatternFill
misc = load_workbook('attachment-1.xlsx')
misc1 = misc.active
bold_cells = []
for row in misc1.iter_rows():
for cell in row:
if cell.font.bold:
bold_cells.append(cell.coordinate)
highlight_style = PatternFill(start_color="FFFF00", end_color="FFFF00", fill_type="solid")
for cell in bold_cells:
misc1[cell].fill = highlight_style
misc.save('new.xlsx')
print('1')
打开调整行高列宽分别为1.1 0.1可得到二维码:
扫码即可:
ISCC{sR5FiV6XMKUe}
精装四合一
分离,我们是破碎的;团结,我们将成为神。我们终将在二进制的反复与隐藏之中破解自身的密码
我的解答:
题目给了四张图片,010发现每张图后面都有冗余部分。
我们把四张图的冗余部分都提取出来(手动呦宝子们!别怕累) 然后用脚本进行拼接
def read_file(filename):
with open(filename, 'rb') as file:
return file.read()
def write_file(filename, content):
with open(filename, 'wb') as file:
file.write(content)
file_names = ['left_foot_invert', 'left_hand_invert', 'right_foot_invert', 'right_hand_invert']
output_filename = 'output.txt'
# 获取文件内容并将其存储在一个列表中
file_contents = [read_file(name) for name in file_names]
# 找到最长的文件内容的长度
max_length = max(len(content) for content in file_contents)
# 初始化一个字节串,用于存储拼接后的内容
concatenated_content = bytearray()
# 逐个字符拼接内容
for i in range(max_length):
for content in file_contents:
if i < len(content):
concatenated_content.append(content[i])
# 写入新文件
write_file(output_filename, bytes(concatenated_content))
打开发现好多的FF
和FF异或一下得到压缩包。
def xor_with_ff(byte):
return byte ^ 0xFF
def process_file(input_file, output_file):
with open(input_file, "rb") as f:
input_data = f.read()
# Apply XOR operation with 0xFF to each byte
xor_data = bytearray(xor_with_ff(byte) for byte in input_data)
with open(output_file, "wb") as f:
f.write(xor_data)
if __name__ == "__main__":
input_filename = "output.txt" # 输入文件名
output_filename = "output_file.txt" # 输出文件名
process_file(input_filename, output_filename)
print("Processing complete.")
改后缀解压发现存在密码。直接爆破即可,纯数字长度4-6
解压得到docx文档,打开有隐藏字符(全选文字变红色可看到)
然后右键选择字体,勾选掉隐藏文字就可以复制了宝。。
16920251144570812336430166924811515273080382783829495988294341496740639931651
数字应该是n,然后分解得到p和q
p=100882503720822822072470797230485840381
q=167722355418488286110758738271573756671
修改文档后缀为压缩包打开,在media文件夹下发现损坏的图片true_flag.jpeg。
这里面的hex作为密文c就行
from Crypto.Util.number import *
import gmpy2
e = 65537
c = 0x03F7FFF0513A1A2321CFCFF0192B6146A004FBE7CDCB913582751BE706488633
p=100882503720822822072470797230485840381
q=167722355418488286110758738271573756671
n = 16920251144570812336430166924811515273080382783829495988294341496740639931651
phi = (p-1)*(q-1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))
# ISCC{zW3561769893X13}
钢铁侠在解密
题目
我的解答:
静默之眼解码钢铁侠图片拿到两个c,这道题很熟悉,参考本人博客:https://www.cnblogs.com/mumuhhh/p/17789591.html
exp:
import gmpy2
from Crypto.Util.number import *
import sympy
from sympy.abc import x, y, z
import sys
def HGCD(a, b):
if 2 * b.degree() <= a.degree() or a.degree() == 1:
return 1, 0, 0, 1
m = a.degree() // 2
a_top, a_bot = a.quo_rem(x^m)
b_top, b_bot = b.quo_rem(x^m)
R00, R01, R10, R11 = HGCD(a_top, b_top)
c = R00 * a + R01 * b
d = R10 * a + R11 * b
q, e = c.quo_rem(d)
d_top, d_bot = d.quo_rem(x^(m // 2))
e_top, e_bot = e.quo_rem(x^(m // 2))
S00, S01, S10, S11 = HGCD(d_top, e_top)
RET00 = S01 * R00 + (S00 - q * S01) * R10
RET01 = S01 * R01 + (S00 - q * S01) * R11
RET10 = S11 * R00 + (S10 - q * S11) * R10
RET11 = S11 * R01 + (S10 - q * S11) * R11
return RET00, RET01, RET10, RET11
def GCD(a, b):
print(a.degree(), b.degree())
q, r = a.quo_rem(b)
if r == 0:
return b
R00, R01, R10, R11 = HGCD(a, b)
c = R00 * a + R01 * b
d = R10 * a + R11 * b
if d == 0:
return c.monic()
q, r = c.quo_rem(d)
if r == 0:
return d
return GCD(d, r)
sys.setrecursionlimit(500000)
N = 14333611673783142269533986072221892120042043537656734360856590164188122242725003914350459078347531255332508629469837960098772139271345723909824739672964835254762978904635416440402619070985645389389404927628520300563003721921925991789638218429597072053352316704656855913499811263742752562137683270151792361591681078161140269916896950693743947015425843446590958629225545563635366985228666863861856912727775048741305004192164068930881720463095045582233773945480224557678337152700769274051268380831948998464841302024749660091030851843867128275500525355379659601067910067304244120384025022313676471378733553918638120029697
e = 52595
m1 = b'iscc'
m2 = b'good'
C1=1797881769095881389135636214995735970034906783882617765669154885865747857574524046843250978520866963454086548992016489746068123611326482489404456133370671106492609231660803797185966934180374439905518616100102007590362658245408226973820074378799634135901408811924486796772765687161019226616073724105323257163421450366148994198996091162635440891379168790069467297383888508688290637031899840486830764351064900948052433534820337159828045706197750616588171364113773157609036901458726161213979498085661064039574780633678467134133040715157608855594873274913870490985926820921668486084335556146539775656062690629306469921269
C2=11359894841773918779501892534836243606892469480640690292534721828229173402733721164804598333013363918987515669192779352725833724222045284739714333164333452709707854351542505484516091103625582761508034643807688742712408558180310601209001321554206500404095512379182964849642229363646474263994077972885609459541522030594101679885578558118202938190635741716888233111801286711707047808192722124532739207629984409436438948293306209612408984961751030234454229399169727072745606037602543416968483395236673514589833955652612083125960659970072597646145743788767357410593650420111560937497574357452081109622444000532499437833956
R.<x> = PolynomialRing(Zmod(N))
f = (x*256^4+bytes_to_long(m1))^e - C1
g = (x*256^4+bytes_to_long(m2))^e - C2
res = GCD(f,g)
m = -res.monic().coefficients()[0]
print(m)
flag = long_to_bytes(int(m))
print(flag)