dasctf夏-复盘

孱弱，打是一打一个不吱声的，赛后跟着师傅复现一下

Misc

png_master

第一部分：010分析，结尾有类似base64解密的部分提取出来解密

得到第一段内容

Congratulations on finding the first paragraph of flag, but the understanding of png is just beginning.
flag1:DASCTF{2fd9e9ff-e27

第二部分：

使用stegsolve来获得

flag2:d-5405-c5f5-

第三部分:

from PIL import Image
Image=Image.open('C:/Users/30226/Desktop/DASCTF/tempdir/MISC附件/flag.png')
Image.save('a.png')

利用010进行对比发现IDAT多了一个很长的部分

把这部分单独读取出来，加上png头，得到图片

得到a19131f86216}

最后的flag是DASCTF{2fd9e9ff-e27d-5405-c5f5-a19131f86216}

EZ_zip

跟着复现一遍吧，感觉是提示点。

zip文件损坏的问题

使用010对两个地方进行修改，再进行解压

后面就不明白了，直接引用套神的吧

![解密](../../images/DASCTF/2024夏/解密.png)import pyzipper

def crack_zip(zip_file_path):
    for i in range(256):
        password = bytes([i])
        try:
            with pyzipper.AESZipFile(zip_file_path, 'r') as zip_ref:
                zip_ref.extractall(pwd=password)
                extracted_files = zip_ref.namelist()
                if extracted_files:
                    return password, extracted_files[0]
        except:
            continue
    return None, None

def main():
    current_zip = '320.zip'
    all_passwords = ''

    while current_zip:
        print(f'Cracking {current_zip}...')
        password, next_zip = crack_zip(current_zip)
        if password:
            all_passwords += password.hex()
            current_zip = next_zip
        else:
            print(f'Failed to crack {current_zip}')
            break

    print(f'All passwords: {all_passwords}')

if __name__ == "__main__":
    main()

得到密码

1bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec611bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec6

并且得到一个AES-ECB.txt

明显观察到这个密码是重复的11bb99580c613a87c54e12480aa7ff8c798f71ad280f6ba69d4a4425225e4ec6

然后得到AES的内容是64ZpNmbv2Hg4Jj9bH8Kv6D3OBliD9hgyI3vZWfMDJs2TcEwVnBmH/zkBtPBE3g8e the key may be on your journey？

尝试用这个密码当aes的密码不对，猜测是解压顺序是从320–>1，而密码顺序是1–>320，因此需要反过来

c64e5e2225444a9da66b0f28ad718f798cffa70a48124ec5873a610c5899bb11

DASCTF{514755c6-8280-463c-8378-a29702fc88df}

Re

DosSnake

ida打开，定位到dasctf

这段部分的内容与dasctf进行xor得到flag

Crypto

complex_enc

from Crypto.Util.number import long_to_bytes

def decrypt(cipher, key):
    decrypted_bits = [0] * len(key)  # 初始化为与密钥相同长度的比特流

    # 逆序遍历密钥，逐步恢复比特流
    for i in range(len(key) - 1, -1, -1):
        if cipher >= key[i]:
            cipher -= key[i]
            decrypted_bits[i] = 1

    return decrypted_bits

def bits_to_bytes(bits):
    byte_array = bytearray()
    for i in range(0, len(bits), 8):
        byte = 0
        for bit in bits[i:i+8]:
            byte = (byte << 1) | bit
        byte_array.append(byte)
    return bytes(byte_array)

# 手动输入密文和密钥
cipher = int(input("请输入密文 (c): "))
key_input = input("请输入密钥 (key): ")
key = eval(key_input)

# 解密密文
decrypted_bits = decrypt(cipher, key)
decrypted_bytes = bits_to_bytes(decrypted_bits)

# 打印解密后的内容
print("Decrypted bytes (hex):", decrypted_bytes.hex())
try:
    flag = decrypted_bytes.decode('utf-8')
    print("Decrypted flag (decoded):", flag)
except UnicodeDecodeError:
    print("Decrypted flag contains non-UTF-8 bytes.")

背包密码