2021CISCN
煤矿路口西 Lv3

2021CISCN-Misc


tiny traffic

流量包导出http对象得到一堆文件

其中【test】和【secret】似乎有点东西

但直接打开为乱码

考虑br解码

import brotli
f = open('secret','rb').read()
print(f)
c = brotli.decompress(f)
print(c)
#b'\x08\xc8\x01\x10\xa2\xd4\x99\x07\x1a\x0e\n\x05e2345\x12\x057af2c\x1a\x0f\n\x067889b0\x12\x0582bc0 \xc6\xa2\xec\x07*\td172a38dc'

以上是解码后的【secret】内容,猜测为flag

【test】

1

根据内容搜索得到https://blog.csdn.net/u013210620/article/details/81317731

安装好后,将test后缀改为.proto

protoc test.proto  --python_out=./

解决报错https://blog.csdn.net/qq_27563511/article/details/80696403

2

得到test_pb2.py

编写代码,

调用这个库

#! /usr/bin/env python
import test_pb2

flag_pb = test_pb2.PBResponse()
flag_pb.ParseFromString(b'\x08\xc8\x01\x10\xa2\xd4\x99\x07\x1a\x0e\n\x05e2345\x12\x057af2c\x1a\x0f\n\x067889b0\x12\x0582bc0 \xc6\xa2\xec\x07*\td172a38dc')
print(flag_pb)

3

按要求拼接得到

CISCN{e66a22e23457889b0fb1146d172a38dc}

running_pixel

gif动图分离得到382张png

观察得它们中存在统一RGB值为(233,233,233)的色块

提取出他们的坐标值

#!/usr/bin/python
# -*- coding: utf-8 -*-
import cv2
import numpy as np
from PIL import Image
for k in range(0,382):#张数
im = Image.open('Frame%d.png'%k)
# print(im.size[0])
# print(im.size[1])
for i in range(0,400):
for j in range(0,400):
#print('Frame%d.png'%k)
# print(im.getpixel((i, j)))
if(im.getpixel((i, j))==(233, 233, 233, 255)):
# print('Frame%d.png'%k)
print(i,j)
#print(im.getpixel((i,j)))
break

保存到xy.txt中

from PIL import Image
img=Image.new('RGB',(400,400))
file = open("xy.txt", "r")
text = file.readlines()[0]
ch = text.split(" ")
print(ch)
x = []
y = []
for i in ch:
x.append(i.split(',')[0])
y.append(i.split(',')[1])
#print(x)
print(len(x))
for k in range(len(x)):
print(k)
img.putpixel((int(y[k]),int(x[k])),(233,233,233))
img.save("test%d.png"%k)

读取坐标值数据并写在对应位置上

4

flag的顺序为数字依次出现的数据

CISCN{12504d0f-9de1-4b00-87a5-a5fdd0986a00}

隔空传话

pdu编码

首先进行数据清洗

import re
b = []
d = []
e = []
a = open('data.txt')
for i in a:
b.append(i[34:46])
# print(b)

for i in b:
# print(i)
# c = i[::2]
# print(c)
c=""
text_list = re.findall(".{2}", i)
for j in text_list:
c+=j[::-1]
d.append(c)
d = sorted(d)
# print(d)
# 此时d为已经排序好的顺序
for i in d:
text_list = re.findall(".{2}", i)
c=""
for j in text_list:
c+=j[::-1]
e.append(c)
# print(e)
file_handle=open('dnm.txt',mode='w')
for i in range(616):
woc = 0
c = ("调转前:{} |调转后: {} \n".format(d[woc],e[woc]))
file_handle.write(c)
woc+=1
# e = sorted(e)
#
# for i in d:
# file_handle.write("{}\n ".format(i))
# print(i)
# file2 = open('dnm.txt')
#
# step = 0 #计数器
# for i in file2:
# print("调转后:{} 调转前:{}".format(i,e[step]))
# step += 1

5

得到类似210425194359的,按照年月日时分秒排列的数据

经过手动匹配后,pdu解码

http://www.sendsms.cn/pdu/

补充前后关键数据如下:

6

the first part of the flag is the first 8 digits of your phone number 
那其他部分呢
看看你能从这些数据里发现什么?w465

拼合数据得到png

7

贴进010后

png根据crc32爆破长宽

# -*- coding: utf8 -*-
import os
import binascii
import struct
misc = open("Untitled1.png", "rb").read()
# 爆破宽
for i in range(1024):
data = misc[12:16] + struct.pack('>i', i) + misc[20:29] # IHDR数据
crc32 = binascii.crc32(data) & 0xffffffff
if crc32 == 0xBFFAF2DD: # IHDR块的crc32值
print('weight')
print(i)
print("hex:" + hex(i))
# 爆破高
for i in range(1024):
data = misc[12:20] + struct.pack('>i', i) + misc[24:29]
crc32 = binascii.crc32(data) & 0xffffffff
if crc32 == 0xBFFAF2DD:
print('height')
print(i)
print("hex:" + hex(i))
# weight
# 465
# hex:0x1d1

8

CISCN{15030442_b586_4c9e_b436_26def12293e4}

robot

给了一个pcapng流

通过追踪tcp流

发现【Value.[36,35,0]】字样

疑似坐标

通过数据清洗

import re
with open('./tcp.txt','r',encoding="utf-8") as f:
text = f.read()
p1 = re.compile(r'Value\.\[\d+,\d+,-?\d+\.*\d*\]')
data = (re.findall(p1, text))

with open('data.txt','w',encoding="utf-8") as l:
l.write(str(data))

得到

9

经过处理,参考前卷代码

from PIL import Image
img=Image.new('RGB',(400,400))
mark=[(27,36),(28,35),(29,35),(31,35),(32,35),(33,35),(35,35),(36,35),(37,35),(39,34),(40,34),(41,33),(42,32),(43,32),(45,32),(47,31),(48,29),(49,28),(49,27),(50,26),(50,25),(51,23),(51,22),(51,21),(52,20),(52,19),(52,18),(52,17),(52,16),(52,15),(51,14),(50,14),(49,14),(48,14),(47,14),(46,14),(45,14),(44,14),(43,14),(42,14),(40,14),(39,14),(37,14),(35,14),(34,14),(32,14),(30,14),(28,14),(27,14),(26,14),(25,14),(24,14),(23,14),(22,14),(21,15),(20,16),(19,17),(18,19),(18,21),(18,22),(18,23),(18,24),(18,26),(18,27),(18,28),(18,30),(18,32),(18,33),(18,34),(19,37),(21,39),(21,40),(22,42),(24,44),(24,45),(26,47),(27,48),(28,49),(29,50),(30,51),(31,52),(33,53),(34,53),(35,54),(36,54),(37,54),(38,54),(39,54),(40,54),(41,54),(44,54),(46,54),(48,54),(50,54),(52,53),(53,53),(54,52),(55,52),(56,52),(58,51),(59,50),(61,49),(62,49),(64,47),(65,47),(67,46),(68,46),(70,45),(71,44),(71,44,-10),(125,23),(125,23),(124,22),(123,22),(121,21),(118,20),(115,19),(113,19),(112,18),(111,18),(109,17),(106,16),(104,16),(103,16),(102,15),(101,15),(100,15),(99,15),(98,15),(97,15),(96,15),(95,15),(94,15),(93,15),(92,15),(91,15),(89,15),(87,17),(85,18),(85,19),(84,21),(83,21),(82,22),(82,23),(81,24),(81,26),(80,28),(80,29),(80,31),(80,32),(79,34),(79,35),(79,37),(79,39),(79,41),(79,43),(79,44),(79,46),(79,47),(80,48),(81,49),(82,50),(84,50),(87,51),(88,51),(90,51),(91,51),(93,51),(94,51),(97,51),(100,50),(101,49),(102,49),(103,48),(105,46),(106,45),(108,43),(109,42),(110,41),(111,39),(112,38),(112,36),(113,34),(114,33),(115,32),(115,31),(116,30),(117,28),(118,27),(118,28),(117,30),(116,32),(115,34),(115,36),(114,39),(114,41),(114,43),(114,45),(114,47),(114,48),(114,50),(114,52),(114,53),(115,54),(116,55),(117,56),(118,57),(120,57),(122,57),(124,57),(126,57),(128,57),(131,57),(133,57),(136,57),(138,57),(141,57),(143,56),(145,55),(147,53),(149,52),(150,52),(152,50),(153,49),(155,47),(156,46),(157,45),(157,45,-10),(212,24),(212,24),(213,23),(211,21),(210,20),(209,19),(208,18),(207,17),(206,16),(205,15),(204,15),(201,14),(200,14),(199,14),(197,14),(196,14),(195,14),(193,14),(191,14),(189,16),(188,16),(187,16),(186,17),(185,17),(183,18),(183,20),(183,21),(182,22),(182,23),(182,24),(182,25),(182,26),(182,27),(182,29),(183,31),(184,32),(186,33),(187,34),(188,34),(189,35),(190,35),(192,36),(194,37),(196,37),(198,38),(199,38),(200,38),(201,38),(202,39),(203,39),(204,40),(207,41),(207,42),(208,43),(208,44),(208,45),(208,46),(208,48),(208,50),(208,51),(207,53),(207,54),(206,56),(204,58),(203,60),(202,61),(201,62),(201,63),(200,64),(199,64),(198,64),(197,65),(196,65),(195,65),(193,65),(192,65),(190,65),(189,65),(187,65),(185,65),(184,65),(183,65),(181,64),(180,63),(179,63),(178,62),(177,62),(175,61),(174,60),(173,59),(173,59,-10),(243,20),(243,20),(244,19),(244,21),(244,25),(245,26),(245,29),(247,32),(247,34),(248,36),(248,37),(249,39),(250,40),(251,42),(251,43),(252,44),(254,44),(256,44),(258,44),(260,42),(262,41),(263,40),(265,38),(266,35),(267,32),(268,30),(271,27),(272,25),(273,22),(274,21),(275,20),(275,19),(274,18),(274,20),(272,22),(271,23),(271,26),(268,29),(266,33),(266,35),(265,37),(263,40),(262,42),(262,44),(261,47),(260,49),(259,51),(258,55),(258,56),(257,58),(255,61),(254,62),(253,63),(253,64),(252,65),(251,66),(250,67),(249,68),(248,69),(247,70),(246,71),(245,72),(244,73),(244,73,-10),(298,64),(298,64),(299,65),(300,65),(302,65),(304,65),(306,65),(308,65),(309,65),(312,65),(315,65),(317,65),(319,65),(322,65),(325,65),(327,65),(330,65),(332,65),(334,66),(335,66),(335,66,-10),(20,103),(20,104),(20,107),(20,110),(20,112),(20,114),(20,118),(19,121),(18,124),(17,126),(17,130),(17,134),(17,137),(17,139),(17,142),(17,143),(17,146),(17,147),(17,149),(17,150),(17,149),(17,148),(17,146),(18,145),(18,143),(19,142),(20,141),(20,140),(21,138),(21,137),(22,135),(23,134),(24,132),(25,131),(26,129),(27,128),(28,127),(29,126),(31,125),(32,124),(32,123),(34,121),(35,120),(37,120),(38,119),(40,118),(41,118),(43,117),(44,116),(46,115),(48,115),(49,114),(50,113),(51,113),(52,112),(52,112,-10),(80,121),(80,121),(79,120),(78,121),(77,122),(77,123),(77,124),(76,127),(75,128),(74,129),(73,131),(73,132),(73,133),(72,135),(72,136),(72,137),(72,138),(72,139),(72,140),(72,142),(72,144),(72,145),(73,148),(74,149),(77,150),(78,150),(80,151),(81,151),(82,151),(83,151),(84,151),(85,151),(87,151),(89,151),(90,151),(92,150),(93,150),(95,149),(97,147),(98,146),(99,146),(100,145),(101,144),(102,142),(102,141),(104,139),(104,138),(105,136),(105,135),(105,133),(105,132),(105,131),(105,129),(104,128),(103,126),(102,126),(101,125),(98,123),(96,123),(95,123),(93,123),(92,122),(90,121),(89,121),(86,120),(86,120,-10),(147,98),(147,98),(146,99),(145,100),(144,103),(143,104),(142,105),(142,106),(142,109),(142,111),(142,114),(141,118),(140,120),(139,123),(138,127),(138,129),(137,133),(135,135),(134,137),(133,139),(131,142),(131,143),(131,145),(130,146),(129,149),(128,152),(128,153),(127,156),(127,157),(126,158),(127,157),(129,157),(130,156),(132,156),(134,155),(137,153),(138,152),(139,151),(140,150),(143,149),(144,148),(145,147),(146,146),(147,145),(149,144),(149,143),(150,142),(151,141),(152,140),(152,139),(153,138),(153,137),(153,136),(153,135),(153,134),(153,133),(152,132),(151,131),(150,131),(149,130),(147,129),(147,129,-10),(186,136),(186,136),(183,137),(182,138),(182,139),(182,140),(181,142),(179,144),(179,145),(179,147),(178,149),(177,150),(177,151),(177,152),(177,154),(177,156),(177,157),(177,158),(178,160),(179,161),(180,162),(181,163),(182,164),(184,164),(186,164),(187,164),(188,164),(190,163),(191,162),(192,162),(194,160),(196,159),(197,158),(197,156),(198,155),(200,153),(200,152),(201,150),(201,149),(201,148),(201,147),(201,145),(201,144),(201,142),(201,141),(201,139),(201,138),(200,136),(199,135),(198,135),(197,135),(196,135),(195,135),(193,135),(192,135),(190,135),(189,135),(189,135,-10),(223,167),(223,167),(224,167),(226,167),(228,167),(229,167),(232,167),(233,167),(234,167),(235,167),(237,167),(238,167),(240,167),(241,167),(243,167),(244,167),(246,167),(247,167),(250,168),(251,168),(252,168),(253,168),(254,168),(254,168,-10),(269,135),(271,136),(273,138),(275,140),(276,141),(278,143),(280,145),(282,147),(284,149),(285,150),(288,152),(289,153),(291,154),(293,156),(294,157),(296,159),(297,160),(298,161),(299,162),(299,162,-10),(300,136),(299,136),(297,137),(296,138),(294,141),(294,142),(293,144),(293,145),(292,148),(291,149),(290,151),(288,153),(288,155),(287,156),(286,157),(285,159),(284,160),(283,161),(282,162),(281,163),(280,164),(279,165),(279,165,-10),(327,142),(328,143),(330,145),(332,148),(333,149),(335,151),(337,154),(339,156),(341,158),(342,159),(345,160),(347,161),(348,162),(350,164),(351,165),(352,166),(355,168),(356,169),(356,169,-10),(351,143),(350,143),(348,144),(347,144),(346,145),(343,148),(341,150),(339,152),(336,155),(333,158),(330,159),(327,162),(325,165),(323,167),(322,168),(319,170),(317,171),(316,171),(314,172),(313,172),(313,172)]
print(mark[0])
for j in range(len(mark)):
for i in range(len(mark)):
img.putpixel((list(mark[i])[0], list(mark[i])[1]), (255, 255, 255))
img.save('flag.png')

得到

10

md5加密

CISCN{d4f1fb80bc11ffd722861367747c0f10}

  • 本文标题:2021CISCN
  • 本文作者:煤矿路口西
  • 创建时间:2021-05-18 10:06:21
  • 本文链接:http://www.mklkx.xyz/2021/05/18/2021CISCN/
  • 版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!