2023强网拟态

2023强网拟态

MIMIC

Tbox can

参考 https://zhuanlan.zhihu.com/p/26394774 https://blog.csdn.net/weixin_45403142/article/details/120075619

拿到一组can协议的数据包

根据网上相关文章搜索,大概了解到control_field给出指示后接的是data_field,里面是数据段

img

根据包的特征,一次data有8个字节

先尝试将8个字节加在一起转16进制,得到@DDHHLL@@DDHHLL@@DDHHLL@@DDHHLL@@DDHHLL@@DDHHLL@@DDHHLL@@DDHHLL,但是错误的,单独将每一位转得到flag(脚本写的比较丑陋)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import csv
csv_reader = csv.reader(open("can_data.csv"))

data = 'data_field'
data_list = []
for row in csv_reader:
    if data in row:
        data_list.append(row[6])
#print(data_list)

# 错误的尝试,将每一部分的data加起来再16进制转字符
# passwd_list = []
# for i in range(0,len(data_list)-8,8):
#     passwd_list.append(int(data_list[i],16)+int(data_list[i+1],16)+int(data_list[i+2],16)+int(data_list[i+3],16)+int(data_list[i+4],16)+int(data_list[i+5],16)+int(data_list[i+6],16)+int(data_list[i+7],16))
# print(passwd_list)

# 每一个data数据16进制转字符
passwd_list = []
for i in range(0,len(data_list)):
    passwd_list.append(int(data_list[i],16))
#print(passwd_list)

passwd = ''
for x in passwd_list:
    if 32<x<125:
        passwd += chr(x)
print(passwd)
#??FSSID:HIGDDEN_HOHTPOT8$$\`PPASS:L0QGIC_ANAR1YSIS_CSAN_FOR_TFUN??????FSSID:HIGDDEN_HOHTPOT8$$\`PPASS:L0QGIC_ANAR1YSIS_CSAN_FOR_TFUN????

稍微修改一下得到PASS:L0GIC_ANA1YSIS_CAN_FOR_FUN

1
flag{L0GIC_ANA1YSIS_CAN_FOR_FUN}

MISC

Welcome

1
ZmxhZ3tNaW1pY195eWRzJkcwZF9Kb0JfQ1RGZXJ+fQ==

base64:flag{Mimic_yyds&G0d_JoB_CTFer~}

国际象棋与二维码

拿到一张经过处理的类似二维码的图

题目提示:你见过国际象棋的棋盘吗

联想到与国际象棋棋盘格式的图片异或

国际棋盘格式

1
2
3
4
5
6
1 0 1 0 1 0
0 1 0 1 0 1
1 0 1 0 1 0
0 1 0 1 0 1
1 0 1 0 1 0
0 1 0 1 0 1

这里有一个比较坑的点,给的题目格子数为49×49,但是像素是500×500的,直接用PIL库比较难处理

测试了很久得到以下脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from PIL import Image
import cv2
att_image = Image.open('attach.png')
#生成背景图
image = Image.new(mode='RGBA', size=(500, 500))
#image.save('1.png')

white_image = Image.new(mode='RGB',size=(10,10) ,color='white')
black_image = Image.new(mode='RGB',size=(10,10) ,color='black')

#生成500*500的国际棋盘图
for x in range(0,49):
    for y in range(0,49):
        if (x % 2 == 0 and y % 2 == 0) or (x % 2 == 1 and y % 2 == 1): #白色 奇数行奇数列 和 偶数行偶数列
            image.paste(white_image,(int(x*(500/49)),int(y*(500/49))))
            image.save('1.png')
        elif (x % 2 == 0 and y % 2 == 1) or (x % 2 == 1 and y % 2 == 0): #黑色 偶数行奇数列 和 奇数行偶数列
            image.paste(black_image,(int(x*(500/49)),int(y*(500/49))))
            image.save('1.png')

#异或
img1 = cv2.imread('1.png')
img2 = cv2.imread('attach.png')
xor_img = cv2.bitwise_xor(img1,img2)
cv2.imshow('img',xor_img)
cv2.imwrite('flag.png',xor_img)
img

再看看别人队的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#1
from PIL import Image

n = 49
img = Image.open('attach.png')
width, height = img.size

# 0 -> black
matrix = []
for i in range(49):
  tmp = []
  for j in range(49):
    h = int(i/49*width+5)
    w = int(j/49*height+5)
    tmp += [int(img.getpixel((w, h))[0]/255)]
  matrix += [tmp]

matrix2 = matrix.copy()
for i in range(49):
  for j in range(49):
    matrix2[i][j] ^= (i+j) % 2

img2 = Image.new('RGB', (490, 490))
for i in range(49):
  for j in range(49):
    px = (matrix2[i][j]*255,) * 3
    for p in range(10):
      for q in range(10):
        img2.putpixel((10*i+p, 10*j+q), px)
img2.save('qr.png')

#2
from PIL import Image
s=Image.open('attach.png')
size=500
p=Image.new('L',(49,49))
for yy in range(49):
    for xx in range(49):
        a=0
        b=0
        if s.getpixel((round(500/49*xx+5),round(500/49*yy+5)))[2]>128 :
            a=1
        if (xx+yy)%2==1:
            b=1
        p.putpixel((xx,yy),(a^b)*255)
p.save('out.png')

CRYPTO

一眼看出

p、q都相当于直接给了

1
2
3
4
5
6
7
8
9
10
11
12
13
14
import gmpy2
from Crypto.Util.number import *
n = 121027298948349995679677982412648544403333177260975245569073983061538581058440163574922807151182889153495253964764966037308461724272151584478723275142858008261257709817963330011376266261119767294949088397671360123321149414700981035517299807126625758046100840667081332434968770862731073693976604061597575813313
r = getPrime(6)
e = 65537
a = 11001240791308496565411773845509754352597481464288272699325231395472137144610774645372812149675141360600469640492874223541765389441131365669731006263464699
c = 42256117129723577554705402387775886393426604555611637074394963219097781224776058009003521565944180241032100329456702310737369381890041336312084091995865560402681403775751012856436207938771611177592600423563671217656908392901713661029126149486651409531213711103407037959788587839729511719756709763927616470267
p = gmpy2.next_prime(a - r)
q = gmpy2.next_prime(gmpy2.next_prime(a) + r)

phi_n = (p-1)*(q-1)
d = gmpy2.invert(e,phi_n)
m = pow(c,d,n)
print(long_to_bytes(m))
ctf misc crypto
#misc #wp #crypto
2023强网拟态
http://example.com/2023/11/17/2023强网拟态/
作者
dddkia
发布于
2023年11月17日
许可协议