window.onload=function(){ /*页面加载完成之后生成博客目录*/ BlogDirectory.createBlogDirectory("cnblogs_post_body","h2","h3",20); }

ISCC 2024 练武题 misc趣题记录

Number_is_the_key

题目

The answers to the questions are hidden in the numbers.

文件是空白的xlsx文件

我的解答:

乱点发现有些单元格加粗了,有些没有,一眼丁真二维码,写个脚本替换一下颜色

exp:

from openpyxl import load_workbook
from openpyxl.styles import PatternFill
misc = load_workbook('attachment-1.xlsx')
misc1 = misc.active
bold_cells = []
for row in misc1.iter_rows():
    for cell in row:
        if cell.font.bold:
            bold_cells.append(cell.coordinate)
highlight_style = PatternFill(start_color="FFFF00", end_color="FFFF00", fill_type="solid")
for cell in bold_cells:
    misc1[cell].fill = highlight_style
misc.save('new.xlsx')
print('1')

打开调整行高列宽分别为1.1 0.1可得到二维码:

扫码即可:

ISCC{sR5FiV6XMKUe}

精装四合一

题目

分离,我们是破碎的;团结,我们将成为神。我们终将在二进制的反复与隐藏之中破解自身的密码

我的解答:

题目给了四张图片,010发现每张图后面都有冗余部分。

我们把四张图的冗余部分都提取出来(手动呦宝子们!别怕累) 然后用脚本进行拼接

def read_file(filename):
    with open(filename, 'rb') as file:
        return file.read()

def write_file(filename, content):
    with open(filename, 'wb') as file:
        file.write(content)

file_names = ['left_foot_invert', 'left_hand_invert', 'right_foot_invert', 'right_hand_invert']
output_filename = 'output.txt'

# 获取文件内容并将其存储在一个列表中
file_contents = [read_file(name) for name in file_names]

# 找到最长的文件内容的长度
max_length = max(len(content) for content in file_contents)

# 初始化一个字节串,用于存储拼接后的内容
concatenated_content = bytearray()

# 逐个字符拼接内容
for i in range(max_length):
    for content in file_contents:
        if i < len(content):
            concatenated_content.append(content[i])

# 写入新文件
write_file(output_filename, bytes(concatenated_content))

打开发现好多的FF

和FF异或一下得到压缩包。

def xor_with_ff(byte):
    return byte ^ 0xFF

def process_file(input_file, output_file):
    with open(input_file, "rb") as f:
        input_data = f.read()

    # Apply XOR operation with 0xFF to each byte
    xor_data = bytearray(xor_with_ff(byte) for byte in input_data)

    with open(output_file, "wb") as f:
        f.write(xor_data)

if __name__ == "__main__":
    input_filename = "output.txt"  # 输入文件名
    output_filename = "output_file.txt"  # 输出文件名

    process_file(input_filename, output_filename)
    print("Processing complete.")

改后缀解压发现存在密码。直接爆破即可,纯数字长度4-6

解压得到docx文档,打开有隐藏字符(全选文字变红色可看到)

然后右键选择字体,勾选掉隐藏文字就可以复制了宝。。

16920251144570812336430166924811515273080382783829495988294341496740639931651

数字应该是n,然后分解得到p和q

p=100882503720822822072470797230485840381
q=167722355418488286110758738271573756671

修改文档后缀为压缩包打开,在media文件夹下发现损坏的图片true_flag.jpeg。

这里面的hex作为密文c就行

from Crypto.Util.number import *
import gmpy2
e = 65537
c = 0x03F7FFF0513A1A2321CFCFF0192B6146A004FBE7CDCB913582751BE706488633
p=100882503720822822072470797230485840381
q=167722355418488286110758738271573756671
n = 16920251144570812336430166924811515273080382783829495988294341496740639931651
phi = (p-1)*(q-1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))
# ISCC{zW3561769893X13}

钢铁侠在解密

题目

这天钢铁侠在自己的相册旁边发现了一张字条,他觉得两个message之间指定有点东西~

我的解答:

静默之眼解码钢铁侠图片拿到两个c,这道题很熟悉,参考本人博客:https://www.cnblogs.com/mumuhhh/p/17789591.html

exp:

import gmpy2
from Crypto.Util.number import *
import sympy
from sympy.abc import x, y, z
import sys

def HGCD(a, b):
    if 2 * b.degree() <= a.degree() or a.degree() == 1:
        return 1, 0, 0, 1
    m = a.degree() // 2
    a_top, a_bot = a.quo_rem(x^m)
    b_top, b_bot = b.quo_rem(x^m)
    R00, R01, R10, R11 = HGCD(a_top, b_top)
    c = R00 * a + R01 * b
    d = R10 * a + R11 * b
    q, e = c.quo_rem(d)
    d_top, d_bot = d.quo_rem(x^(m // 2))
    e_top, e_bot = e.quo_rem(x^(m // 2))
    S00, S01, S10, S11 = HGCD(d_top, e_top)
    RET00 = S01 * R00 + (S00 - q * S01) * R10
    RET01 = S01 * R01 + (S00 - q * S01) * R11
    RET10 = S11 * R00 + (S10 - q * S11) * R10
    RET11 = S11 * R01 + (S10 - q * S11) * R11
    return RET00, RET01, RET10, RET11

def GCD(a, b):
    print(a.degree(), b.degree())
    q, r = a.quo_rem(b)
    if r == 0:
        return b
    R00, R01, R10, R11 = HGCD(a, b)
    c = R00 * a + R01 * b
    d = R10 * a + R11 * b
    if d == 0:
        return c.monic()
    q, r = c.quo_rem(d)
    if r == 0:
        return d
    return GCD(d, r)

sys.setrecursionlimit(500000)

N = 14333611673783142269533986072221892120042043537656734360856590164188122242725003914350459078347531255332508629469837960098772139271345723909824739672964835254762978904635416440402619070985645389389404927628520300563003721921925991789638218429597072053352316704656855913499811263742752562137683270151792361591681078161140269916896950693743947015425843446590958629225545563635366985228666863861856912727775048741305004192164068930881720463095045582233773945480224557678337152700769274051268380831948998464841302024749660091030851843867128275500525355379659601067910067304244120384025022313676471378733553918638120029697
e = 52595
m1 = b'iscc'
m2 = b'good'

C1=1797881769095881389135636214995735970034906783882617765669154885865747857574524046843250978520866963454086548992016489746068123611326482489404456133370671106492609231660803797185966934180374439905518616100102007590362658245408226973820074378799634135901408811924486796772765687161019226616073724105323257163421450366148994198996091162635440891379168790069467297383888508688290637031899840486830764351064900948052433534820337159828045706197750616588171364113773157609036901458726161213979498085661064039574780633678467134133040715157608855594873274913870490985926820921668486084335556146539775656062690629306469921269
C2=11359894841773918779501892534836243606892469480640690292534721828229173402733721164804598333013363918987515669192779352725833724222045284739714333164333452709707854351542505484516091103625582761508034643807688742712408558180310601209001321554206500404095512379182964849642229363646474263994077972885609459541522030594101679885578558118202938190635741716888233111801286711707047808192722124532739207629984409436438948293306209612408984961751030234454229399169727072745606037602543416968483395236673514589833955652612083125960659970072597646145743788767357410593650420111560937497574357452081109622444000532499437833956

R.<x> = PolynomialRing(Zmod(N))
f = (x*256^4+bytes_to_long(m1))^e - C1
g = (x*256^4+bytes_to_long(m2))^e - C2

res = GCD(f,g)
m = -res.monic().coefficients()[0]
print(m)
flag = long_to_bytes(int(m))
print(flag)

 

posted @ 2024-05-26 13:36  Kicky_Mu  阅读(290)  评论(0编辑  收藏  举报