一位学长找我帮忙做几个CTF题目。于是乎,发现几个有趣的题目。
- 隐写题。
PNG图片里面藏了个二维码,Stegsolve解出二维码。
03F30D0AB6266A576300000000000000000100000040000000730D0000006400008400005A00006401005328020000006300000000030000000800000043000000734E0000006401006402006403006404006405006406006405006407006708007D00006408007D0100781E007C0000445D16007D02007C01007400007C0200830100377D0100712B00577C010047486400005328090000004E6941000000696C000000697000000069680000006961000000694C0000006962000000740000000028010000007403000000636872280300000074030000007374727404000000666C6167740100000069280000000028000000007307000000746573742E7079520300000001000000730A00000000011E0106010D0114014E280100000052030000002800000000280000000028000000007307000000746573742E707974080000003C6D6F64756C653E010000007300000000
看头几位像是一个文件的hex,保存为文件后发现是Python字节码——这就很有趣了。
$ sudo pip install uncompyle2
$ uncompyle6 nonam.pyc
# uncompyle6 version 2.9.9
# Python bytecode 2.7 (62211)
# Decompiled from: Python 3.5.2+ (default, Sep 22 2016, 12:18:14)
# [GCC 6.2.0 20160927]
# Embedded file name: test.py
# Compiled at: 2016-06-22 13:48:38
def flag():
str = [65, 108, 112, 104, 97, 76, 97, 98]
flag = ''
for i in str:
flag += chr(i)
print flag
手工吧str的ASCII求出来。
2.APK逆向。
看下包,只有classes.dex,没有C++的so库,皆大欢喜。
$ dex2jar classes.dex
JD-GUI查看代码,直接提取方法,修改一下代码,搞定。
package TEST;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
/**
*
* @author Mjollnir
*/
public class TEST {
/**
* @param args the command line arguments
*/
public static void main(String[] args) throws NoSuchAlgorithmException {
MessageDigest localMessageDigest = MessageDigest.getInstance("MD5");
localMessageDigest.reset();
localMessageDigest.update("Tenshine".getBytes());
String str1 = toHexString(localMessageDigest.digest(), "");
StringBuilder localStringBuilder = new StringBuilder();
for (int i = 0; i < str1.length(); i += 2) {
localStringBuilder.append(str1.charAt(i));
}
String str2 = localStringBuilder.toString();
System.out.print(str2);
}
private static String toHexString(byte[] paramArrayOfByte, String paramString)
{
StringBuilder localStringBuilder = new StringBuilder();
int i = paramArrayOfByte.length;
for (int j = 0; j < i; j++)
{
String str = Integer.toHexString(0xFF & paramArrayOfByte[j]);
if (str.length() == 1) {
localStringBuilder.append('0');
}
localStringBuilder.append(str).append(paramString);
}
return localStringBuilder.toString();
}
}
Copyright © 2017, Mjollnir. 除非另有声明,本网站采用知识共享“署名-非商业性使用-相同方式共享 3.0 中国大陆”许可协议授权。
第一个的隐藏二维码具体是怎么解出的啊?