Logo
Overview

2024 HITCTF 题解

December 5, 2024
题解 技术 CTF

Bomb

解压之后还是解压。大概两百层。密码只存在某个文件里长度为 24。写个脚本筛选一下 

import zipfile
import io
for i in range(100):

    password = open("Password.txt", "rb").read()
    print(password)
    zip_file = zipfile.ZipFile(io.BytesIO(open("nextlevel.zip","rb").read()))

    for file in zip_file.filelist:
        if file.compress_size == 24:
            zip_file.extract(file, pwd=password)
            
        if file.filename.endswith(".zip"):
            print(file.file_size)
            zip_file.extract(file, pwd=password)

        if file.filename == "flag.txt":
            zip_file.extract(file, pwd=password)
            print(open("flag.txt","r").read())
            exit(0)

Special Signal

信号的实部和虚部都是+-1/sqrt(2)。可能是 QPSK 编码?

确实是,用 complex64 加载出来,然后写个脚本变成00/01/11/10即可。赛后看了 wp 才知道有个 xor key。想不到啊。 

import numpy as np

data = np.load("satelite.iq",np.complex64)
symbol_map = {
    (0, 0): 1/np.sqrt(2) + 1j/np.sqrt(2),  # e^(j * π/4)
    (0, 1): -1/np.sqrt(2) + 1j/np.sqrt(2), # e^(j * 3π/4)
    (1, 1): -1/np.sqrt(2) - 1j/np.sqrt(2), # e^(j * 5π/4)
    (1, 0): 1/np.sqrt(2) - 1j/np.sqrt(2)  # e^(j * 7π/4)
}

reverse_map = {v: k for k, v in symbol_map.items()}

def qpsk_decode(symbols):
    bits = []
    for symbol in symbols:
        closest_symbol = min(reverse_map.keys(), key=lambda x: abs(x - symbol))
        bits.extend(reverse_map[closest_symbol])
    return bits


data = qpsk_decode(data)

data = "".join(str(x) for x in data)
😅

?官方 wp 也是一坨

CAN

第一段和第二段直接 xor。 

lines = open("candump.log").readlines()

lines = [line.split(" ") for line in lines]

data = [line[2].split("#")[-1].strip() for line in lines]

tt = open("tt.zip", "wb")
for i in range(2,40):
    r1 = bytes.fromhex(data[i])
    r2 = bytes.fromhex(data[i+40])
    r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)])
    tt.write(r3[3:])
    print(r3)

注意到前八个 log 的第二位是从 0-7。第三位是 byte,第四位开始是 zip。于是可以尝试把 zip 文件写出。

赛后看 wp。知道密码是第三位的八个 byte,变成 0-1 之后转置后取出的值。

就是密码了 

lines = open("candump.log").readlines()

lines = [line.split(" ") for line in lines]

data = [line[2].split("#")[-1].strip() for line in lines]

tt = open("tt.zip", "wb")
for i in range(2,40):
    r1 = bytes.fromhex(data[i])
    r2 = bytes.fromhex(data[i+40])
    r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)])
    tt.write(r3[3:])
    
rs = [""]*8
for i in range(2,10):
    r1 = bytes.fromhex(data[i])
    r2 = bytes.fromhex(data[i+40])
    r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)])
    # tt.write(r3[3:])
    # print(r3[1:3])
    # print(bin(r3[2])[2:].zfill(8))
    for j in range(8):
        rs[j] += bin(r3[2])[2:].zfill(8)[j]
        
for i in rs:
    print(chr(int(i[::-1],2)),end="")
😅

什么脑洞题。

不会出 misc 少出点,这种让谁来想呢

comment

留言 / 评论

如果暂时没有看到评论,请点击下方按钮重新加载。