CN-fnst::CTF 隼目 – SeanDictionary

这次战绩：RP.3142 RK.17

这次是两人队，感谢SeanDictionary，Z41sArrebol

有一说一虽然图寻找的我很难受，但是给我做爽了

Misc

sign in | FINISHED

保存得到的图片，然后用在线图片隐写工具

得到flag{wobushinailong_woshihuangdou}

简简单单 | FINISHED

先十六进制转字符，然后核心价值观解码，十六进制，Base100，十六进制，Base62，Base58

最后两个Base要用这个工具，似乎别的出来答案不对。

夜观天象 | FINISHED

先在key.html中将所有的rgb抄下来，转换16进制就得到了key

用slienteye破解下，我们得到了flag.txt

我夜观天象，算出你将会得到flag

天象='角木蛟 觜火猴 箕水豹 毕月乌 氐土貉 毕月乌 轸水蚓 女土蝠 尾火虎 昴日鸡 壁水貐 箕水豹 尾火虎 奎木狼 心月狐 张月鹿 尾火虎 井木犴 昴日鸡 柳土獐 角木蛟 女土蝠 室火猪 觜火猴 氐土貉 奎木狼 牛金牛 箕水豹 亢金龙 胃土雉 房日兔 翼火蛇 尾火虎 轸水蚓 箕水豹 尾火虎 尾火虎 壁水貐 牛金牛 亢金龙 氐土貉 箕水豹 翼火蛇 翼火蛇 亢金龙 女土蝠 星日马 角木蛟 壁水貐 井木犴 角木蛟 牛金牛 箕水豹 柳土獐 室火猪 张月鹿 心月狐 星日马 角木蛟 虚日鼠 亢金龙 参水猿 箕水豹 箕水豹 尾火虎 翼火蛇 斗木獬 参水猿 心月狐 尾火虎 张月鹿 张月鹿 虚日鼠 星日马 斗木獬 室火猪 氐土貉 鬼金羊 角木蛟 娄金狗 斗木獬 井木犴 壁水貐 斗木獬 氐土貉 星日马 轸水蚓 氐土貉'

star_to_direction = {
    "斗木獬": 0, "牛金牛": 0, "女土蝠": 0, "虚日鼠": 0, "危月燕": 0, "室火猪": 0, "壁水貐": 0,
    "角木蛟": 1, "亢金龙": 1, "氐土貉": 1, "房日兔": 1, "心月狐": 1, "尾火虎": 1, "箕水豹": 1,
    "奎木狼": 2, "娄金狗": 2, "胃土雉": 2, "昴日鸡": 2, "毕月乌": 2, "觜火猴": 2, "参水猿": 2,
    "井木犴": 3, "鬼金羊": 3, "柳土獐": 3, "星日马": 3, "张月鹿": 3, "翼火蛇": 3, "轸水蚓": 3
}
stars_list = [
    "角木蛟", "觜火猴", "箕水豹", "毕月乌", "氐土貉", "毕月乌", "轸水蚓", "女土蝠", "尾火虎",
    "昴日鸡", "壁水貐", "箕水豹", "尾火虎", "奎木狼", "心月狐", "张月鹿", "尾火虎", "井木犴",
    "昴日鸡", "柳土獐", "角木蛟", "女土蝠", "室火猪", "觜火猴", "氐土貉", "奎木狼", "牛金牛",
    "箕水豹", "亢金龙", "胃土雉", "房日兔", "翼火蛇", "尾火虎", "轸水蚓", "箕水豹", "尾火虎",
    "尾火虎", "壁水貐", "牛金牛", "亢金龙", "氐土貉", "箕水豹", "翼火蛇", "翼火蛇", "亢金龙",
    "女土蝠", "星日马", "角木蛟", "壁水貐", "井木犴", "角木蛟", "牛金牛", "箕水豹", "柳土獐",
    "室火猪", "张月鹿", "心月狐", "星日马", "角木蛟", "虚日鼠", "亢金龙", "参水猿", "箕水豹",
    "箕水豹", "尾火虎", "翼火蛇", "斗木獬", "参水猿", "心月狐", "尾火虎", "张月鹿", "张月鹿",
    "虚日鼠", "星日马", "斗木獬", "室火猪", "氐土貉", "鬼金羊", "角木蛟", "娄金狗", "斗木獬",
    "井木犴", "壁水貐", "斗木獬", "氐土貉", "星日马", "轸水蚓", "氐土貉"
]
direction_string = ''.join(str(star_to_direction[star]) for star in stars_list)
quaternary_numbers = [direction_string[i:i+4] for i in range(0, len(direction_string), 4)]
decimal_numbers = [int(num, 4) for num in quaternary_numbers if len(num) == 4]
print(''.join(chr(num) for num in decimal_numbers))

flag{BaguA_M4ster_0v0}

烟③ | （复现）

先对文件反转，保存为pdf

转word文档，然后就能找到右下角一个很小的照片，放大得到flag

Crypto

ezCrypto | FINISHED

n能直接分解

import gmpy2
from Crypto.Util.number import *
e = 65537 
n = 1455925529734358105461406532259911790807347616464991065301847 
c = 69380371057914246192606760686152233225659503366319332065009 
p=1201147059438530786835365194567
q=1212112637077862917192191913841
phi=(p-1)*(q-1)
d=gmpy2.invert(e,phi)
m=pow(c,d,n)
print(long_to_bytes(m))
#flag{fact0r_sma11_N}

签到 | FINISHED

注意到文字没有线索，按习惯扔到010查看十六进制

发现有未显示字节，猜测unicode零宽隐写

flag{H@v3_fUn}

神秘dp | FINISHED

dp泄露直接抄板子，详细推导看这篇博客

from Crypto.Util.number import *
e = 65537
n = 13851998696110232034312408768370264747862778787235362033287301947690834384177869107768578977872169953363148442670412868565346964490724532894099772144625540138618913694240688555684873934424471837897053658485573395777349902581306875149677867098014969597240339327588421766510008083189109825385296069501377605893298996953970043168244444585264894721914216744153344106498382558756181912535774309211692338879110643793628550244212618635476290699881188640645260075209594318725693972840846967120418641315829098807385382509029722923894508557890331485536938749583463709142484622852210528766911899504093351926912519458381934550361 
dp = 100611735902103791101540576986246738909129436434351921338402204616138072968334504710528544150282236463859239501881283845616704984276951309172293190252510177093383836388627040387414351112878231476909883325883401542820439430154583554163420769232994455628864269732485342860663552714235811175102557578574454173473
c = 6181444980714386809771037400474840421684417066099228619603249443862056564342775884427843519992558503521271217237572084931179577274213056759651748072521423406391343404390036640425926587772914253834826777952428924120724879097154106281898045222573790203042535146780386650453819006195025203611969467741808115336980555931965932953399428393416196507391201647015490298928857521725626891994892890499900822051002774649242597456942480104711177604984775375394980504583557491508969320498603227402590571065045541654263605281038512927133012338467311855856106905424708532806690350246294477230699496179884682385040569548652234893413
for k in range(1, e):
    p = (e * dp - 1) // k + 1
    if (e * dp - 1) % k == 0 and isPrime(p) and n % p == 0:
        q = n // p
        if isPrime(q):
            break
phi = (p - 1) * (q - 1)
d = inverse(e, phi)
dq = d % (q-1)
m_p = pow(c, dp, p)
m_q = pow(c, dq, q)
h = (inverse(q, p) * (m_p - m_q)) % p
m = (m_q + h * q)
print(long_to_bytes(m))

flag{dp_i5_1eak}

math | FINISHED

注意到只要计算出key就能得到p

然而key不能暴力计算，因此考虑使用动态规划计算key

$dp[i][j][k]$，用$i$表示当前位数，用$j$表示最长的连续数字的长度，用$k$表示最后一位是0或1

状态转移方程如下

$$j=0,dp[i][j][k]=\sum_{n=0}^{3} dp[i-1][n][k\oplus 1]$$

$$j\ne 0,dp[i][j][k]=dp[i-1][j-1][k]$$

from Crypto.Util.number import *
from gmpy2 import next_prime

e = 65537
n=739243847275389709472067387827484120222494013590074140985399787562594529286597003777105115865446795908819036678700460141950875653695331369163361757157565377531721748744087900881582744902312177979298217791686598853486325684322963787498115587802274229739619528838187967527241366076438154697056550549800691528794136318856475884632511630403822825738299776018390079577728412776535367041632122565639036104271672497418509514781304810585503673226324238396489752427801699815592314894581630994590796084123504542794857800330419850716997654738103615725794629029775421170515512063019994761051891597378859698320651083189969905297963140966329378723373071590797203169830069428503544761584694131795243115146000564792100471259594488081571644541077283644666700962953460073953965250264401973080467760912924607461783312953419038084626809675807995463244073984979942740289741147504741715039830341488696960977502423702097709564068478477284161645957293908613935974036643029971491102157321238525596348807395784120585247899369773609341654908807803007460425271832839341595078200327677265778582728994058920387721181708105894076110057858324994417035004076234418186156340413169154344814582980205732305163274822509982340820301144418789572738830713925750250925049059
c=229043746793674889024653533006701296308351926745769842802636384094759379740300534278302123222014817911580006421847607123049816103885365851535481716236688330600113899345346872012870482410945158758991441294885546642304012025685141746649427132063040233448959783730507539964445711789203948478927754968414484217451929590364252823034436736148936707526491427134910817676292865910899256335978084133885301776638189969716684447886272526371596438362601308765248327164568010211340540749408337495125393161427493827866434814073414211359223724290251545324578501542643767456072748245099538268121741616645942503700796441269556575769250208333551820150640236503765376932896479238435739865805059908532831741588166990610406781319538995712584992928490839557809170189205452152534029118700150959965267557712569942462430810977059565077290952031751528357957124339169562549386600024298334407498257172578971559253328179357443841427429904013090062097483222125930742322794450873759719977981171221926439985786944884991660612824458339473263174969955453188212116242701330480313264281033623774772556593174438510101491596667187356827935296256470338269472769781778576964130967761897357847487612475534606977433259616857569013270917400687539344772924214733633652812119743

l = 2331
dp = [[[0]*2 for _ in range(3)] for _ in range(l)]
dp[0] = [[0,1],[0,0],[0,0],[0,0]]
for i in range(1,l):
    for j in range(3):
        for k in range(2):
            if j == 0:
                dp[i][j][k] = sum(dp[i-1][x][k^1] for x in range(3))
            else:
                dp[i][j][k] = dp[i-1][j-1][k]
key = sum(dp[-1][x][1] for x in range(3))

p = next_prime(key)
assert n == n//p*p
q = n//p
d = pow(e,-1,(p-1)*(q-1))
print(long_to_bytes(pow(c,d,n)))

下面是另外一个师傅的解法

观察规律发现，key的递推公式周期性变化，前三项之和加1或减1或不加

from Crypto.Util.number import *
from gmpy2 import next_prime

n = ?
c = ?

a1, a2, a3 = 22, 40, 75

for i in range(2322):
    if i % 4 == 2:
        a1, a2, a3 = a2, a3, a1 + a2 + a3 - 1
    elif i % 4 == 3:
        a1, a2, a3 = a2, a3, a1 + a2 + a3 + 1
    else:
        a1, a2, a3 = a2, a3, a1 + a2 + a3
p = next_prime(a3)
if n % p == 0:
    q = n // p
    e = 65537
    d = inverse(e, (p - 1) * (q - 1))
    m = pow(c, d, n)
    print(long_to_bytes(m))

flag{77310934-21fa-4ee4-a783-dc1865ebab28}

base1024 | FINISHED

网上有base1024千字文，拿来解密一下

if __name__ == "__main__":
    b_已解字节内容 = h_千字文解码(
        "利师迩鉴石碣遥逍汉玄珍覆穑碣云罗侈平同此竹岱饭乎见槐洛五伦璧策缘芸武秦伤阮空创欲雁刻分超任策迩释机于焉笃僚施迩姿植沙疫书曲亲零零零"
    )  # b_千字文编码)
    b_文本内容 = b_已解字节内容.decode("utf-8")
    print("解码好的:" + b_文本内容)
    # 脑洞竞技 代码逆向 漏洞挖掘 团队协作 密码破译 云端对决
    # flag{脑洞竞技 代码逆向 漏洞挖掘 团队协作 密码破译 云端对决}

不要忘记仰望星空 |FINISHED

将社会核心价值观解码后，得到了串盲文（实质上是些unicode码

⡳⠥⠦⠔⠶⠋⡳⠥⠢⠔⠆⠔⡳⠥⠢⠒⠙⠖⡳⠥⠶⠑⠉⠋⡳⠥⠶⠖⠦⠲⡳⠥⠢⠢⠂⠴⡳⠥⠲⠑⠴⠔⡳⠥⠦⠢⠉⠋⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠶⠔⠢⠑⡳⠥⠶⠔⠙⠦⡳⠥⠦⠴⠴⠉⡳⠥⠖⠶⠴⠔⡳⠥⠦⠴⠋⠙⡳⠥⠢⠆⠔⠃⡳⠥⠶⠖⠦⠲⡳⠥⠢⠃⠢⠔⡳⠥⠖⠴⠔⠋⡳⠥⠶⠁⠶⠁⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠖⠴⠒⠃⡳⠥⠖⠴⠋⠒⡳⠥⠖⠆⠢⠒⡳⠥⠔⠴⠴⠴⡳⠥⠢⠦⠴⠆⡳⠥⠔⠋⠂⠒⡳⠥⠶⠖⠦⠲⡳⠥⠶⠒⠆⠁⡳⠥⠢⠂⠖⠃⡳⠥⠖⠆⠂⠆⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠦⠙⠂⠋⡳⠥⠦⠙⠆⠒⡳⠥⠦⠴⠉⠉⡳⠥⠦⠦⠲⠉⡳⠥⠖⠶⠲⠑⡳⠥⠶⠖⠦⠲⡳⠥⠖⠉⠔⠔⡳⠥⠢⠴⠑⠶⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠲⠑⠆⠙⡳⠥⠔⠴⠂⠲⡳⠥⠢⠆⠁⠴⡳⠥⠢⠂⠖⠢⡳⠥⠶⠖⠦⠲⡳⠥⠶⠖⠶⠙⡳⠥⠔⠋⠔⠔⡳⠥⠔⠁⠖⠉⡳⠥⠋⠋⠴⠉⡳⠥⠴⠴⠁⡳⠥⠴⠴⠁⡳⠥⠢⠃⠋⠔⡳⠥⠲⠑⠦⠖⡳⠥⠋⠋⠴⠉⡳⠥⠦⠋⠙⠦⡳⠥⠖⠶⠴⠔⡳⠥⠔⠴⠁⠒⡳⠥⠖⠦⠒⠔⡳⠥⠦⠙⠦⠁⡳⠥⠖⠶⠖⠢⡳⠥⠦⠙⠦⠁⡳⠥⠔⠢⠶⠋⡳⠥⠶⠖⠦⠲⡳⠥⠢⠔⠦⠆⡳⠥⠖⠂⠴⠋⡳⠥⠔⠂⠙⠂⡳⠥⠶⠃⠦⠙⡳⠥⠖⠦⠙⠆⡳⠥⠴⠴⠁⡳⠥⠴⠴⠁⡳⠥⠆⠴⠂⠲⡳⠥⠆⠴⠂⠲⡳⠥⠒⠴⠴⠁⡳⠥⠴⠴⠖⠖⡳⠥⠴⠴⠖⠉⡳⠥⠴⠴⠖⠂⡳⠥⠴⠴⠖⠶⡳⠥⠒⠴⠴⠃

先是社会主义核心价值观解码，再8点盲文解码（选择“英国美国计算机8点”）

（是的，盲文翻译不是盲文加密

用这个在线网站就行-工具

print(
    """
    \u897f\u5929\u53d6\u7ecf\u7684\u5510\u4e09\u85cf\uff0c\u000a
    \u795e\u79d8\u800c\u6709\u80fd\u529b\u7684\u5b59\u609f\u7a7a\uff0c\u000a
    \u603b\u60f3\u6253\u9000\u5802\u9f13\u7684\u732a\u516b\u6212\uff0c\u000a
    \u8d1f\u8d23\u80cc\u884c\u674e\u7684\u6c99\u50e7\uff0c\u000a
    \u4e2d\u9014\u52a0\u5165\u7684\u767d\u9f99\u9a6c\uff0c\u000a
    \u000a
    \u5bf9\u4e86\uff0c\u8fd8\u6709\u90a3\u6839\u8d8a\u6765\u8d8a\u957f\u7684\u5982\u610f\u91d1\u7b8d\u68d2\u000a\u000a
    \u2014\u2014\u300a\u0066\u006c\u0061\u0067\u300b
    """
)

再unicode解码，得到：

西天取经的唐三藏，

神秘而有能力的孙悟空，

总想打退堂鼓的猪八戒，

负责背行李的沙僧，

中途加入的白龙马，

对了，还有那根越来越长的如意金箍棒

——《flag》

这几句话其实是《宇宙探索编辑部》的一种暗喻。（还好我看过这部电影

得到flag{宇宙探索编辑部}。