记一次CTF比赛帮忙

一位学长找我帮忙做几个CTF题目。于是乎,发现几个有趣的题目。

  1. 隐写题。

PNG图片里面藏了个二维码,Stegsolve解出二维码。

03F30D0AB6266A576300000000000000000100000040000000730D0000006400008400005A00006401005328020000006300000000030000000800000043000000734E0000006401006402006403006404006405006406006405006407006708007D00006408007D0100781E007C0000445D16007D02007C01007400007C0200830100377D0100712B00577C010047486400005328090000004E6941000000696C000000697000000069680000006961000000694C0000006962000000740000000028010000007403000000636872280300000074030000007374727404000000666C6167740100000069280000000028000000007307000000746573742E7079520300000001000000730A00000000011E0106010D0114014E280100000052030000002800000000280000000028000000007307000000746573742E707974080000003C6D6F64756C653E010000007300000000

看头几位像是一个文件的hex,保存为文件后发现是Python字节码——这就很有趣了。

$ sudo pip install uncompyle2

$ uncompyle6 nonam.pyc
 # uncompyle6 version 2.9.9
 # Python bytecode 2.7 (62211)
 # Decompiled from: Python 3.5.2+ (default, Sep 22 2016, 12:18:14)
 # [GCC 6.2.0 20160927]
 # Embedded file name: test.py
 # Compiled at: 2016-06-22 13:48:38

def flag():
 str = [65, 108, 112, 104, 97, 76, 97, 98]
 flag = ''
 for i in str:
 flag += chr(i)

print flag

手工吧str的ASCII求出来。

2.APK逆向。

看下包,只有classes.dex,没有C++的so库,皆大欢喜。

$ dex2jar classes.dex

JD-GUI查看代码,直接提取方法,修改一下代码,搞定。

package TEST;

import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;

/**
 *
 * @author Mjollnir
 */
 public class TEST {

/**
 * @param args the command line arguments
 */
 public static void main(String[] args) throws NoSuchAlgorithmException {
 MessageDigest localMessageDigest = MessageDigest.getInstance("MD5");
 localMessageDigest.reset();
 localMessageDigest.update("Tenshine".getBytes());
 String str1 = toHexString(localMessageDigest.digest(), "");
 StringBuilder localStringBuilder = new StringBuilder();
 for (int i = 0; i < str1.length(); i += 2) {
 localStringBuilder.append(str1.charAt(i));
 }
 String str2 = localStringBuilder.toString();
 System.out.print(str2);
 }

private static String toHexString(byte[] paramArrayOfByte, String paramString)
 {
 StringBuilder localStringBuilder = new StringBuilder();
 int i = paramArrayOfByte.length;
 for (int j = 0; j < i; j++)
 {
 String str = Integer.toHexString(0xFF & paramArrayOfByte[j]);
 if (str.length() == 1) {
 localStringBuilder.append('0');
 }
 localStringBuilder.append(str).append(paramString);
 }
 return localStringBuilder.toString();
 }
 }

Copyright © 2017, Mjollnir. 除非另有声明,本网站采用知识共享“署名-非商业性使用-相同方式共享 3.0 中国大陆”许可协议授权。

1 条评论

发表评论

邮箱地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据