MISC-image-0
煤矿路口西 Lv4

image[0]


一张图片的百种姿势

1:bpg

工具:bpg-0.9.8-win64

命令:bpgdec -o out.png misc3.bpg

2:IDAT块异常

2-1

IDAT未满65524就有下一个数据块了,说明有问题

delete后得到

2-2

3:IDAT长度转ASCII

4:pngdebugger校验crc32

错误的crc-code串联转ascii

CRC OK! ===》 1

CRC FAILED ===》 0

5:image爆破长宽

import struct
import zlib
for i in range(4096):
for j in range(4096):
c = bytes.fromhex('4948445200000384000000960802000000')# IHDR
ihdr = c[:4]+struct.pack('>i',i)+struct.pack('>i',j)+c[12:]
crc = 0x5255A798# CRC32
if zlib.crc32(ihdr) == crc:
print(hex(i),hex(j))
exit(0)

3-1

6:png爆破高度

# -*- coding: utf8 -*-

import os
import binascii
import struct
misc = open("misc26.png", "rb").read()

# 爆破宽
for i in range(1024):
data = misc[12:16] + struct.pack('>i',i)+ misc[20:29] #IHDR数据
crc32 = binascii.crc32(data) & 0xffffffff
if crc32 == 0xEC9CCBC6: #IHDR块的crc32值
print('weight')
print(i)
print("hex:"+hex(i))

# 爆破高
for i in range(1024):
data = misc[12:20] + struct.pack('>i',i)+ misc[24:29]
crc32 = binascii.crc32(data) & 0xffffffff
if crc32 == 0xEC9CCBC6:
print('height')
print(i)
print("hex:"+hex(i))


#height
#606
#hex:0x25e

7:bmp修改高度

4-1

4-2

12-15:4字节的biWidth,这里是0x00000280,即十进制的640,用像素表示图像的宽度,查看文件信息验证正确; 16-19:4字节的biHeight,这里是0x000001E0,即十进制的480,用像素表示图像的高度,查看文件信息验证正确;同时,这是一个正数,表示图像是倒立的,即图像数据是从左下角到右上角排列的;

8:jpg修改高度

5-1

9:gif修改高度

6-1

后分离帧得到flag

10:bmp爆破宽度

import struct
import zlib
f = open('misc31.bmp','rb')
c = f.read()
width = c[18:22]
height = c[22:26]
# 爆破bmp宽度
for i in range(900,1100):
f1 = open(str(i)+'.bmp','wb')
# print(struct.pack('>i',i)[::-1])
img = c[:18]+struct.pack('>i',i)[::-1]+c[22:]
f1.write(img)
f1.close()

11:png爆破宽度

import struct
import zlib
#爆破png宽度
f = open(r'misc34.png','rb')
c = f.read()
width = c[16:20]
height = c[20:24]
for i in range(900,1200):
f1 = open(str(i)+'.png','wb')
# print(struct.pack('>i',i)[::-1])
img = c[:16]+struct.pack('>i',i)+c[20:]
f1.write(img)
f1.close()

12:遇到binwalk有东西,但分离不出的情况

11-1

根据binwalk提示,尝试手动分离

13:zsteg

首先尝试binwalk -e

发现bzip2

12-1

进一步binwalk却始终存在问题


zsteg misc17.png

得到应该分离的数据段

12-2

zsteg -e "extradata:0" /root/桌面/misc17.png > 1.txt
binwalk -e 1.txt

14:exiftool查看附加信息

15:gif考虑时间间隔/3637>>01

identify -format "%T" misc39.gif > 1
#coding=utf-8
text='737363636373737373736373636373736363737363737373636373737373637363636373736373737373737373637373737373737363737363737363736373637373636373636373737363636363737363636373637373636373637373636373736373736363737363637373736363736373737363637363737363736373737363637373637373636363736363737363737373737363636373637373636373637363737363637363637373637373636373737363636373736363736363637373736363736373736373736363737363637373737363636363736373737363637373736363736373737363636373637373636363737373736363636373637373636363636373736373636363737363736373637373736363737373737373637'.split('3')
print(text)
firstType = '6'
secondType = '7'
binaryString = ''

for char in text: #Foreach char
if char == firstType: #Check if it is the first type
binaryString += '0' #Mark it as 0
# print(char)
else:
binaryString += '1' #Mark it as 1
# print(char)

print(binaryString) #Print result
print((len(binaryString)-1)/7)

binary=''
for i in range(41):
binary += binaryString[7*i:7*i+7] + ' '
print(binary)
#1100011 1110100 1100110 1110011 1101000 1101111 1110111 1111011 0110101 0110010 0111000 0110001 0110010 1100110 1100110 0111001 0111001 0110101 1100110 1100010 0110111 1100010 1100101 0110010 0110110 0111000 1100100 0111001 0110110 0110011 1100001 0111001 1100101 1100010 1100011 1100001 0110000 0110100 0110101 0111001 1111101

16:LSB改变通道,改变排序方式

17:base

18:取IDAT,IHDR部分重新排列

1)IHDR领先

2)IDAT尝试重新排列

3)前后补全

<F5杯《Just Another 拼图》>

脑洞部分

1:010按位取

1-1

2:所有头的hex都该熟悉,各种hex魔转

Serial Number                   : 686578285826597329

686578285826597329=》hex(X&Ys)

X Resolution                    : 3902939465
Y Resolution : 2371618619
X Position : 1082452817
Y Position : 2980145261

>>> print(hex(x))
0xe8a22149
>>> print(hex(y))
0x8d5c073b
>>> print(hex(a))
0x4084eb51
>>> print(hex(b))
0xb1a1686d
  • 本文标题:MISC-image-0
  • 本文作者:煤矿路口西
  • 创建时间:2021-04-21 09:43:15
  • 本文链接:http://www.mklkx.xyz/2021/04/21/MISC-image-0/
  • 版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!