game

下载附件

图片

谷歌识图

图片

最后flag为XYCTF{Papers Please}

ez_隐写

下载附件

图片

伪加密

图片

查看png文件发现不对,估计是宽高错误

图片

宽高一把梭

图片

得到压缩包密码:20240401

又一次伪加密

图片

得到图片

图片

盲水印

图片

最后flag为XYCTF{159-WSX-IJN-852}

EZ_Base1024*2

下载附件查看内容

1
מಥൎࢺଳɫअΥٻଯԢڥիɺ୦ࢸЭਘמۊիɎඥࡆڣߣಷܤҾয౽5

base2048解码

图片

最后flag为XYCTF{84ca3a6e-3508-4e34-a5e0-7d0f03084181}

真>签到

下载附件得到一个带锁的zip

图片

010查看压缩包发现flag

图片

最后flag为XYCTF{59bd0e77d13c_1406b23219e_f91cf3a_153e8ea4_77508ba}

熊博士

下载附件

图片

随波逐流一把梭,得知是埃特巴什码

图片

最后flag为XYCTF{liu_ye_mei_you_xioa_jj}

网线追踪

题目描述:

名为JFTQ的黑客使用某种不为人知的手段渗透进了一个不太安全的系统里 聪明的ctfer 你知道他是怎么做到的吗

打开流量包追踪tcp流,在最后的一个流中发现了xxencode编码

图片

xxencode解码

图片

应该是针对Windowsxp的cve漏洞,这里看到流量中还有smb协议

1
ip.dst==192.168.204.131&& ip.src==192.168.204.133

找到几个打开的端口为1065,445,139,135

结合windows XP系统和在攻击行为中大量对445端口的连接 我们可以判断这是windows XP系统 中最常见的漏洞 ms08_067 搜一下这个漏洞的CVE号 为 CVE-2008-4250

最后flag为XYCTF{192.168.204.133_445_139_135_CVE-2008-4250}

TCPL

题目描述:

都坤吧是兄弟,运行就有flag

我肯定不信这能直接运行,果然发现kali运行不了,于是使用readelf看了一下,发现是risc-v架 构的,也就是说需要qemu跑

安装quem:

1
2
3
4
5
6
7
sudo apt install libc6-riscv64-cross
sudo apt install binutils-riscv64-linux-gnu
sudo apt install gcc-riscv64-linux-gnu
sudo apt install binutils-riscv64-unknown-elf
sudo apt install gcc-riscv64-unknown-elf
sudo apt install qemu-system-misc
sudo apt install qemu-user

运行文件得到flag:FLAG{PLCT_An4_r1SCv_x1huann1}

图片

1替换0

最后flag为XYCTF{PLCT_An4_r0SCv_x0huann0}

osint1

下载附件

图片

百度识图,小红书获得答案

图片

最后flag为XYCTF{江苏省|南通市|滨海东路|黄海}

Osint2

题目描述:

可恶的zhaowu居然把车次信息挡住了

下载附件

图片

看图的话,能看出来是洛阳龙门开往泸州的列车,网上查到的有G3292/G3293

(这两辆车的奇偶数关系挺好玩,我记得从南京西站开始从3292变更为3293,因为途径北京,入京单数出京双数)

省份自然是河南省

搜索河南著名景点,多试几个发现老君山是最后答案

最后flag为XYCTF{xyctf{G3293|河南省|老君山}}

Ez_osint

下载附件得到一张图片

图片

想继续社工,但是发现这题有点不一样,查看属性,发现深度有点不对

图片

使用Stegsolve查看一下通道

图片

发现链接,跟进看看

图片

找到对应时间的信查看评论找到flag

图片

疯狂大杂烩!九转功成

题目描述:

你能突破九大关卡修成神仙吗?

hint:

1
2
3
4
1.压缩包密码为比赛名称+8位什么来着?忘了。哈哈哈!
2.flag格式:XYCTF{md5(flag)}
3.第三层非夏多,看看交点
4.第六层键盘画图,狼蛛键盘最新版你值得拥有!

一看就是flag分成好几半的题,一步步来吧

下载附件

图片

好家伙,还真是修仙 压缩包密码提示比赛名称+八位什么东西 还用想吗一看就知道是比赛日期 20240401

所以压缩包密码为XYCTF20240401

解压成功

先看一下故事背景

图片

意思很明确,从第一层到第九层,意思是flag被分成了九份

第一层:炼气

下载附件

图片

先看提示文本

图片 
1
曰:玉魔命灵天观罗炁观神冥西道地真象茫华茫空吉清荡罗命色玉凶北莽人鬼乐量西北灵色净魂地魂莽玉凶阿人梵莽西量魄周界

天书解密

图片

得到压缩包密码:First_layer_simple

解压压缩包

图片

一看就是图片宽高有问题,直接宽高一把梭

图片

第一部分flag:XYCTF{T3e_c0mb1nation_

第二层 :筑基

解压附件

图片

先看提示

图片 
1
xihak-minoh-zusok-humak-zurok-gulyk-somul-nenel-dalek-nusyh-zumek-sysuk-zelil-fepak-tysok-senax

随波逐流一把梭

图片

BubbleBabble解码: The_second_layer_is_also_simple

解压压缩包

图片

png图片,直接zsteg一把梭

图片

发现base64编码,解密

ZmxhZzLvvJowZl9jcnlwdDBfYW5kXw==

图片

第二部分flag:0f_crypt0_and_

第三层:结丹

解压压缩包

图片

先看提示图片

图片

第一反应是夏多密码,但根据提示不是

看交点的话,有两个交点,三个交点,四个交点的 这种情况只有摩斯密码 四个交点代表”-” 三个交点代表空格 两个交点代表”.”

摩斯解密

1
- .... . ..--.- - .... .. .-. -..
图片 全小写: the_third

解压压缩包

图片

先看flag.txt

图片

再看压缩包

图片

010查看压缩包

图片

发现编码

1
5a+G56CB57uZ5L2g5Y+I5oCO5qC377yaMTIzNDU2

base解密

图片

解压压缩包得到

1
MZWGCZZT566JU3LJONRV6MLTL5ZGKNTMNR4V6ZTVNYQSC===

base解密

图片

第三部分flag:misc_1s_re6lly_fun!!

第四层:元婴

解压压缩包

图片

先看提示

图片 
1
都2024年了不会还有人解不出U2FsdGVkX1+y2rlJZlJCMnvyDwHwzkgHvNsG2TF6sFlBlxBs0w4EmyXdDe6s7viL吧

有四种。rabbit编码,des,3des,aes

密钥是2024

最后测试是3des

图片

解密得到:The_fourth_floor_is_okay

解压压缩包

图片

先看提示

图片

凯撒解密

图片

解得:1a813cbb17c040358d772e37fa137edbeddedb38bf704a56b2a9e22dc7f05f77 db文件,数据库文件

图片

解密脚本

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
input_pass = '1a813cbb17c040358d772e37fa137edbeddedb38bf704a56b2a9e22dc7f05f77'
input_dir = r'C:\\Users\\23831\\Desktop\\xyctf\\修仙传\\第四层\\第四层'
import ctypes
import hashlib
import hmac
from pathlib import Path
from Crypto.Cipher import AES
SQLITE_FILE_HEADER = bytes('SQLite format 3', encoding='ASCII') + bytes(1)
IV_SIZE = 16
HMAC_SHA1_SIZE = 20
KEY_SIZE = 32
DEFAULT_PAGESIZE = 4096
DEFAULT_ITER = 64000
password = bytes.fromhex(input_pass.replace(' ', ''))
def decode_one(input_file):
    input_file = Path(input_file)
    with open(input_file, 'rb') as (f):
       blist = f.read()
    print(len(blist))
    salt = blist[:16]
    key = hashlib.pbkdf2_hmac('sha1', password, salt, DEFAULT_ITER, KEY_SIZE)
    first = blist[16:DEFAULT_PAGESIZE]
    mac_salt = bytes([x ^ 58 for x in salt])
    mac_key = hashlib.pbkdf2_hmac('sha1', key, mac_salt, 2, KEY_SIZE)
    hash_mac = hmac.new(mac_key, digestmod='sha1')
    hash_mac.update(first[:-32])
    hash_mac.update(bytes(ctypes.c_int(1)))
    if hash_mac.digest() == first[-32:-12]:
       print('Decryption Success')
    else:
       print('Password Error')
    blist = [
       blist[i:i + DEFAULT_PAGESIZE]
       for i in range(DEFAULT_PAGESIZE, len(blist), DEFAULT_PAGESIZE)
    ]
    with open(input_file.parent / f'decoded_{input_file.name}', 'wb') as (f):
       f.write(SQLITE_FILE_HEADER)
       t = AES.new(key, AES.MODE_CBC, first[-48:-32])
       f.write(t.decrypt(first[:-48]))
       f.write(first[-48:])
       for i in blist:
          t = AES.new(key, AES.MODE_CBC, i[-48:-32])
          f.write(t.decrypt(i[:-48]))
          f.write(i[-48:])
if __name__ == '__main__':
    input_dir = Path(input_dir)
    for f in input_dir.glob('*.db'):
       decode_one(f)

运行得到一个文件

图片

生成数据库文件 用db browser查看找到flag

图片

第四部分flag:L1u_and_K1cky_Mu

第五层:化神

解压压缩包

图片

先看提示

图片 
1
2
enc = 'key{liu*****'
md5 = '87145027d8664fca1413e6a24ae2fbe7'

要根据 md5 去得到明文,可以爆破,猜测最后一个 * 为},之后我们进行爆破

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
import hashlib
enc = 'key{liu'
md5 = '87145027d8664fca1413e6a24ae2fbe7'
 
for x in range(0,127):
    for y in range(0,127):
        for z in range(0,127):
            for k in range(0,127):
                temp1 = hashlib.md5(str(enc + chr(x) + chr(y) + chr(z) + chr(k) + "}").encode("utf-8"))
                temp2 = temp1.hexdigest()
                if(md5 == temp2):
                    print(enc + chr(x) + chr(y) + chr(z) + chr(k) + "}") 
#key{liuyyds}

得到压缩包密码:liuyyds

解压压缩包

图片

serpent解密,密钥:liuyyds

图片

下载附件并打开

图片

零宽解密

图片

第五部分flag:_3re_so_sm4rt!

第六层:炼虚

解压压缩包

图片

先看提示

图片 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
wszrdc 
fgtrfvb 
ghytgbn 
rfctg 
yhju
frtg
uyhbghj
6yhn
uyhjujmn
tgvvghb
yhnmghj
4rfv
derf
iujkikmn

一眼键盘密码 画出来为:keeponfighting

解压压缩包

图片

前面一个个文件分析,发现都是假flag,只有那个图片估计藏flag jpg隐写先考虑steghide

密码考虑,发现前面几个文件都有数字,考虑顺序或者逆序 14689或者98641

最后测试是98641

图片

查看文本内容

图片

第六部分flag:In_just_a_few_m1nutes_

第七层:合体

解压压缩包

图片

先看提示

图片 
1
2
密文:Tig+AF8-viakubq+AF8-vphrz+AF8-xi+AF8-uayzdyrjs
听说维吉尼亚key大残

赛博厨子一把梭

图片

获得压缩包密码:The_seventh_level_is_difficult

解压压缩包

图片

根据颜色表示的数值,拼成数字

1
164 150 145 171 137 167 145 162 145 137 164 150 162 60 165 147 150 41

八进制转字符串

图片

第七部分flag:they_were_thr0ugh!

第八层:大乘

解压压缩包

图片

先看提示脚本

源码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# hint8.py

from Crypto.Util.number import bytes_to_long, getPrime
flag=b"password{xxxxx}"
p,q= getPrime(1024),getPrime(1024)
n = p * q
e = 65537
m = bytes_to_long(flag)
c = pow(m,e,n)
print("n=",n)
print("c=",c)
print("p^q=",p^q)
'''
n= 22424440693845876425615937206198156323192795003070970628372481545586519202571910046980039629473774728476050491743579624370862986329470409383215065075468386728605063051384392059021805296376762048386684738577913496611584935475550170449080780985441748228151762285167935803792462411864086270975057853459586240221348062704390114311522517740143545536818552136953678289681001385078524272694492488102171313792451138757064749512439313085491407348218882642272660890999334401392575446781843989380319126813905093532399127420355004498205266928383926087604741654126388033455359539622294050073378816939934733818043482668348065680837
c= 1400352566791488780854702404852039753325619504473339742914805493533574607301173055448281490457563376553281260278100479121782031070315232001332230779334468566201536035181472803067591454149095220119515161298278124497692743905005479573688449824603383089039072209462765482969641079166139699160100136497464058040846052349544891194379290091798130028083276644655547583102199460785652743545251337786190066747533476942276409135056971294148569617631848420232571946187374514662386697268226357583074917784091311138900598559834589862248068547368710833454912188762107418000225680256109921244000920682515199518256094121217521229357
p^q= 14488395911544314494659792279988617621083872597458677678553917360723653686158125387612368501147137292689124338045780574752580504090309537035378931155582239359121394194060934595413606438219407712650089234943575201545638736710994468670843068909623985863559465903999731253771522724352015712347585155359405585892

'''

普通剪纸算法

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
from Crypto.Util.number import *
import gmpy2
import sys  # 导入sys模块
sys.setrecursionlimit(3000)  # 将默认的递归深度修改为3000
 
n = 22424440693845876425615937206198156323192795003070970628372481545586519202571910046980039629473774728476050491743579624370862986329470409383215065075468386728605063051384392059021805296376762048386684738577913496611584935475550170449080780985441748228151762285167935803792462411864086270975057853459586240221348062704390114311522517740143545536818552136953678289681001385078524272694492488102171313792451138757064749512439313085491407348218882642272660890999334401392575446781843989380319126813905093532399127420355004498205266928383926087604741654126388033455359539622294050073378816939934733818043482668348065680837
seed = 14488395911544314494659792279988617621083872597458677678553917360723653686158125387612368501147137292689124338045780574752580504090309537035378931155582239359121394194060934595413606438219407712650089234943575201545638736710994468670843068909623985863559465903999731253771522724352015712347585155359405585892
#seed即p^q
 
def findp(p, rp):
    l = len(p)
    if l == 1024:
        rp.append(int(p, 2))
    else:
        pp = int(p, 2)
        qq = (seed ^ pp) % 2 ** l
        if pp * qq % 2 ** l == n % 2 ** l:
            findp('1' + p, rp)
            findp('0' + p, rp)
 
rp = []
findp('1', rp)
for i in rp:
    if n%i==0 & isPrime(int(i)):
        print(i)
#145805499551351837545170670839798336872366414383311042018386386595288060139791135454980413014693924866953972662266748526407954492877610429602886244372924035960962307198910659475639333945895922717307291255423855616274924584270570126180050363106535962473049107576556315461013755859097114552522187755171423621071
#153796947048270429510444756458855481287460639468563001213489907625132438953570738468181770925091867439727519074685449940618659583114338501872698220745473531199063071421852521618805765627999106188015431567625318850899895052130157037822960945909520973243793507740817436707504505709194025074527084803054107605547
 
 
p=145805499551351837545170670839798336872366414383311042018386386595288060139791135454980413014693924866953972662266748526407954492877610429602886244372924035960962307198910659475639333945895922717307291255423855616274924584270570126180050363106535962473049107576556315461013755859097114552522187755171423621071
q=n//p
c=1400352566791488780854702404852039753325619504473339742914805493533574607301173055448281490457563376553281260278100479121782031070315232001332230779334468566201536035181472803067591454149095220119515161298278124497692743905005479573688449824603383089039072209462765482969641079166139699160100136497464058040846052349544891194379290091798130028083276644655547583102199460785652743545251337786190066747533476942276409135056971294148569617631848420232571946187374514662386697268226357583074917784091311138900598559834589862248068547368710833454912188762107418000225680256109921244000920682515199518256094121217521229357
e=65537
phi = (p-1) * (q-1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
print(long_to_bytes(m))
#password{pruning_algorithm}

运行得到password{pruning_algorithm}

图片

解压得到 txt 文本,里面是 no 和 yes 组成的。想到 01 画图。no 代表 0,yes 代表 1

图片

但要知道坐标才行,010 分析压缩包文件尾:

图片

发现base编码,base解码

图片

随言随语解密

图片

坐标和 flag 格式都有了,接下来进行画图:

str 填入 01

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
from PIL import Image
MAX1 = 548
MAX2=72
pic = Image.new("RGB",(MAX1, MAX2))
str = "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111111111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111111111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111111100000111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111000011111111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111111111111111000000000110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111100000000011111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111111000000001111111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111111111111110000000011111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100000000000001111110000000000011111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000011111100000000001111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111111110111111100000000111111110000000000000000000000000000000000000000000000001111111111111111111100000000000000000000011110000000000000000000000111100000000000011111000000000000111111000000000011111100000000111111111110000000000000000001001011111111111111111111111000000000000000000000111000000000000000000000000111110000000000001111100000000000000000000000000000000000000000000000000000000000000000000000000000000000001010000000000000000000000000000000011110000000000000111111100000000000000000000000000011111111111110000000001111000000000000111111110000111111000000000111111110000000000000000000000000000000000000000000111111111111111111111111111111100000000000001111100000000000000000000011111100000000000111110000000000000111110000000111111111111000111111111111110000111100000011111111111111111111111111111111000000000000000000011111000000000000000000000011111100000000000011111100000011111111111111111111111111111111100000001111000000000000000000000000000000001111111100000000001111110000000000011111111000000000111111111000000000000000000000000011111111111111111000001111111100000000011111110000001111110000000000111111110000000000000000000000000000000000000000001111111111111111111111111111111100000000000111111000000000000000000000011111100000000000111100000000000001111100000001111111111100001111111111111100001111000000111111111111111111111111111111110000000000000000000111110000000000000000000000111110000000000000011111000000111111111111111111111111111111111000000111111111111111000000000000000000000011111111000000000011111110000000001111111110000000011111111110000000000000100000000000111111111111111110000011111111000000000111111000000111111100000000000111111110000000000000000000000000000000000000000011111111111111111111111111111111000000000011111110000000000000000000000111111100000000000000000000000000111111000000001111111111000111111111111111000111110000001111111111111111111111111111111100000000000000000001111100000000000000000000001111100000000000000111110000000111111111111111111111111111111110000001111111111111111100000000000000000000111111110000000000111111100000000001111111100000001111111111000000000000111000000000001111111111111111000000111111110000000011111100000111111111000000000000111111100000000000000000000000000000000000000000111111111111111111111111111111100000000000111111000000000000000000000000111111000000000000000000000000001111100000000011111111100001111111111111110001111100000000111111111111111111111111111111000000000000000000011111000000000000000000000011111000000000000001111100000001111111111111111111111111111100000000011111111111111111100000000000000000000111111000000000001111110000000000000110000000000111111111100000000000111110000000000011111111111111100000001111111110000000111111000011111111100000000000000111111100000000000000000000000000000000000000001111111110000011000000000000000000000000011111100000000000000000000000000111111000000000000000000000000111111000000000011111111000011111111111111100011111000000000000000000000000000000000000000000000000000000111111111100000000000000000000111110000000000000011111000000000000000000000000000000000000000000000111111111111111111100000000000000000000000000000000000000000000000000000000000000000001111111110000000000011111100000000000111111111111100000000011111111100000011111100001111111110000000000000000111111000000000000000000000000000000000000000011111000000000000000000000000000000000001111110000000000000000000000000000111111000000000000000000001111111100000000000011111100000011111111111111000111110000000000000000000000000000000000000000000000000111111111111111111111100000000000011111100000000000000111111000000000000000000000000000000000000000000000111111111111111111100000000000000000000000000000000000000000000000000000000000000000011111111100000000001111110000000000001111111111110000000000111111111000000111110000011111110000000000000000001111111000000000000000000000000000000000000000111110000000000000000000000000000000000011111000000000000000000000000000001111110000000000000000111111111110000000000000111111000000000000011111110011111000000000000000000000000000000000000000000000000001111111111111111111111110000000000111110000000000000000111110000000000000000000000000000000000000000000000111100000001111111100000000000000000000000000000000000000000000000000000000000000000111111111000000001111111000000000000011111111110000000000001111111110000001111100001111110000000000000000000001111110000000000000000000000000000000000000001111100000000000000000000000000000000000111110000000000000000000000000000001111100000000000000001111111110000000000000000111100000000000000001111100111110000000000000000000000000000000000000000000000000011111111111111111111111110000000001111100000000000000001111100000000000000000000000000000000000000000000000000000000000111111100000000000000000000000000000000000000000000000000000000000000000111111110000000111111100001100000000111111111000000000000011111111100000111110000011111000000000000000000000011111100000000000000000000000000000000000000011111000000000000000000000000000000000011111000000000000000000000000000000001111100000000000000011111111111000000000000000110000000000000000111110001111100000000000000000000000000000000000000000000000000011111111111111111111111100000000011111000000000000000011111000000000000000000000000000000000000000000000000000000000001111111111111000000000000000000000000000000000000000000000000000000000000111111100000111111110000111100000001111111000000000000000111111111000001111100001111110000000000000000000000011111000000000000000000000000000000000000000111111111000000011000000000000000000000111110000000000000000000000000000000011111000000000000000111111111111000000000000000000000000000000001111100011111000000000000000000000000000000000000000000000000000000001111111111011111111000000000111110000000000000000111110000000011111111111111111111111111000000000000000000000000001111111111111100000000111110000000000000000000000000000000111100000000000011111000011111111000111111000000011111100000000000000001111111100000011111000011111000000111000000000000000111110000000000000000000000000000000000000001111111111111111111111111111111000000001111100000000000000000000000000000000111110000000000000001111111111111000000000000000000000000000000011111001111100000000011111111111111111111111111111110000000000000000000111110000000111111000000001111100000000000000001111100000111111111111111111111111111111111000000000000000000000001111111111111100000011111111000000000000000000000000000111111110000000000111110011111111100011111110000000111110000000000000000011111111000000111110000111110000111111100000000000001111110000000000000000000000000000000000000011111111111111111111111111111110000000111110000000000000001111000000000000000111110000000000000000000001111111000000000000000000000000000000111100011111000000001111111111111111111111111111111100000000000000000001111100000000111110000000011111000000000000000011111000001111111111111111111111111111111111000000000111000000000001111111111111000000111111110000000000000000000000000011111111100000000001111111111111110000111111000000001111100000000000000000111111110000001111100011111000001111111000000000000001111100000000000000000000000000000000000000111111111111111111111111111111100000001111100000000000000111111000000000000001111100000000000000000000001111111000000000000000000000000000011111000111110000000011111111111111111111111111111111100000000000000000011111000000001111100000000111110000000000000000111110000001111111111111111111111111111111000000000001111000000000001111111111111000001111111100000000001111110000000000111111111000000000011111111111110000001111100000000011111000000000000000001111111100000011110000111110000111111110000000000000011111000000000000000000000000000000000000000111111111111111111111111111111100000011111000000000000011111111000000000000011111000000000000000000000001111110000000000000000000000000000111110001111100000000111111111111111111111111111111111000000000011100000111110000000011111000000001111100000000000000001111100000011111111111111111111111111111000000000000011110000000000000000011111110000001111111000000000111111110000000001111111100000000000111111111111000000000100000000000111100000000000000000011111111000000111100001111100001111111100000000000000111110000000000000000000000000000000000000000000000000000000000000001111111000000111110000000000000111111110000000000000111110000000000000000000000001111100000000000000000000000000001111100111110000000001111111111111111111111111111111110000000001111100001111100000000011110000000011111000000000000000011111000000000000000000000000000000000000000000000000111100000000000000000111111000000001111110000000011111111110000000011111100000000000001111111111111000000000000000000001111000000000000000000111111111000001111100011111000001111111000000000000001111100000000000000000000000000000000000000000000000000000000000000000111110000001111100000000000001111111100000000000001111100000000000000000000000011111100000000000000000000000000011110001111100000000011111000000000000000000000011111100000000011111100011111000000000111100000000111111000000000000001111110000000000000000000000000000000000000000000000011111000000000000000011111100000000001111100000000111111111100000000111110000000000000011111111111111111110000000000000011110000000000000000001111111100000011111000011111000011111110000000000000011110000000000000000000000000000000000000000000000000000000000000000001111100000011111000000000000011111111000000000000011111000000000000000000000000111111000000000000000000000000001111100011111000000000111110000000000000000000000011111000000000111111000111110000000011111000000000111110000000000000011111100000000000000000000000000000000000000000000000111110000000000000001111110000000000011111100000000111111111000000001111100000000000000111111111111111111100000000000000111100000000000000000011111110000000111110000111110000011111000000000000001111100000000000000000000000000000000000000000000000000000000000000000011111000000111110000000000000111111100000000000000111110000000000000000000000001111110000000000000000000000000011111000111110000000001111100000000000000000000000111110000000001111100001111100000000111110000000001111100000000000000111110000000000000000000000000000000000000000000000001111100000000000000111111000000000000011111000000000000000000000000011111000000000000001111111111111111111100000000000001111000000000000000000111111000000001111100001111100000000000000000000000011111000000000000000000000000000000000000000000000000000000000000000000111110000001111100000000000000111110000000000000001111100000011100000000000000011111100000000000000000000000000111110011111000000000011111000000000000000000000001111100000000001110000011111000000001111100000000011111000000000000001111100000000000000000000000000000000000000000000000011111000011110000011111100000000000000111110000000000000000000000000111110000000000000011111111111111111111000000000000011110000000000000000001111100000000011111100001111100000000000000000000000111110000000000000000000000000000000000000000000111000000000000011111111111100000011111000000000000000000000000000000000011111000011111100000000000000111111000000000000000000000000001111000111110000000000111110000000000000000000000011111000000000000000000111111000000011111000000000111110000000000000011111000000000000000000000000000000000000000000000000111110000111100001111110000000000000001111100000000000000000000000011111100000000000000111111010000011111110000000000000111100000000000000000011111000000000011111000011111100000000000000000000011111100000000000000000000000000000000000000001111111111111111111111111111111000000111110000000000000000000000000000000000111110000111111000000000000001111110000000000000000000000000111110001111100000000001111100000000000000000000000111110000000000000000111111111111111111110000000001111110000000000001111110000001111000000000000000000000000011110000000001111100001111100111111000000000000000011111000000000000000000000000111110000000000000001111110000000001111100000000000001111000000000000000000111100000000000111110000011111110000000011100000000111110000000000000000000000000000000000000000111111111111111111111111111111110000001111110000000000000000000000000000000011111100000111111000000000000111111000000000000000000000000001111100111111000000000011111000000000111000000000001111100000000000001111111111111111111111100000000001111100000000000011111000000011110000000000000000000000000111100000000011111000011111011111100000000000000000111111000000000000000000000001111100000000000000011111000000000011111000000000000011110000000000000000001111000000000001111110000111111111111111111000000011111100000000000000000000000000000000000000001111111111111111111111111111111000000001111100000000000000000000000000000000111110000001111110000000000011111110000000000000001100000000011111001111100000000000111110000000001111000000000011111000000000001111111111111111111111111000000000011111100000000001111110000000111100000000000000000000000001111000000000111110000111111111110000000000000000000111110000000000000000000000111111000000000000000111110000000000111110000000000000111100000000000000000011110000000000001111100000111111111111111110000000111111000000000000000000000000000000000000000011111111111111111111111111111110000000011111000000000000000000000011000000001111100000011111110000000001111111000000000000001111100000000111100011111000000000001111100000000011110000000000111110000000001111111111111111111111111110000000000111111100000000111111000000001111000000000000000000000000011110000000001111100001111111111000000000000000000001111110000000000000000000001111110000000000000001111100000000001111100000000000001111000000000000000000111100000000000011111100000111111111111111100000011111100000000000000000000000000000000000000000111111100000000000000000000000000000000111111000001111000000000001111100001111110000000011111111000001111111110000000000000011111000000011111000111110000000000011111000000000111110000000001111100000000111111111111100010111111111100000000000111111110000111111110000000011111000000000000000000000000111100000000011111000011111111100000000000000000000011111100000000000000000000111111000000000000000011111000000000011111000000000000011111000000000000000001111000000000000011111100000011111111111100000001111110000000000000000000000000000000000000000001111100000000000000000000000000000000000111111111111110001111100011111111111111100000000011111111111111111111000000000000000111111000000111110001111100000000000111110000000001111100000000011111000000001111111000000000000000011111000000000000111111111111111111000000000111110000000000000000000000001111000000000111110000111111110000000000000000000000011111100000000000000000001111110000000000000000111110000000000111111000000000000111110000000000000000011110000000000000111111100000001111111110000000111111100000000000000000000000000000000000000000011111000000000000000000000000000000000001111111111111100011111100011111111111110000000000011111111111111111100000000000000001111110000001111100111110000000000001111000000000011111000000000111110000000111111000000000000000000111110000000000001111111111111111110000000001111100000000000000000000000011110000000001111100011111111000000001000000000000000111111100000000000000000111111100000000000000001111100000000001111110000000000001111100000000000000000111100000000000000111111100000000000000000000011111110000000000000000000000000000000000000000000111110000000000000000111111111100000000001111111111110001111111100111111111111100000000000011111111111111110000000000000000011111110000111110001111100000000000011110000000000111110000000001111100000011111100000000000000000001111100000000000001111111111111111000000000011111000000000000000000000000111100000000011111000111111100000000111000000000000000111111100000000000000011111110000000000000000011111000000000011111100000000000011111100000000000000001111000000000000000111111100000000000000000001111111000000000000000000000000000000000000000000001111100000000000000001111111111000000000001111111111100111111111100111111111110000000000000011111111111110000000000000000000111111110011111100011111000000000000111100000000001111100000000011111000000111110000000000000000000011111000000000000000111111111111000000000000111110000000000000000000000001111000000000111110011111110000000011110000000000000001111111100000000000011111111000000000000000000111110000000000111111000000000000111111100000000000000011110000000000000000111111110000000000000001111111100000000000000000000000000000000000000000000011111111111111000000011111111110000000000001111111110011111111111000111111111000000000000000001111111110000000000000000000001111111111111111000111110000000000001111000000000011111110000011111110000001111100000000000000000000111110000000000000000011111111000000000000001111100000000000000000000000011110000000001111111111111000000000111110000000000000001111111111000000011111111100000000000000000001111100000000001111111000000000000111111110000000000000111100000000000000000111111111100000000011111111110000000000000000000000000000000000000000000000111111111111111111000011111111100000000000001111111100111111111111001111111100000000000000000000000000000000000000000000000011111111111111110011111000000000000011110000000000111111111111111111100000011110000000000000000000001111100000000000000000000000000000000000000011111000000000000000000000000111100000000001111111111100000000001111100000000000000001111111111111111111111110000000000000000000001111000000000111111111111000000001111111111111111000001111000000000000000000111111111111111111111111111000000000000000000000000000000000000000000000001111111111111111111000011111110000000000000001111110001111111111110001111100000000000000000000000000000000000000000000000000011111111111111000111110000000000000111000000000001111111111111111111000000111100000000000000000000001111000000000000000000000000000000000000000111100000000000000000000000001111000000000011111111110000000000011111000000000000000001111111111111111111111000000000000000000000011110000000011111111111111000000001111111111111110000011110000000000000000000011111111111111111111111100000000000000000000000000000000000000000000000011111111111111111110000011111000000000000000000000000011111111111100000000000000000000000000000000000000000000000000000000000011111111111110001111100000000000000100000000000011111111111111111110000001111000000000000000000000011111000000000000000000000000000000000000001111000000000000000000000000011110000000000111111111000000000000111100000000000000000000111111111111111111100000000000000000000000111000000000111111111111110000000001111111111111100000111100000000000000000000011111111111111111111100000000000000000000000000000000000000000000000000011111111111111111000000011100000000000000000000000000111111111111000000000000000000000000000000000000000000000000000000000000011111111111100001111000000000000000000000000000011111111111111111000000011110000000000000000000000111110000000000000000000000000000000000000011110000000000000000000000000111100000000001111111100000000000001111000000000000000000000011111111111111100000000000000000000000000110000000011111111111111000000000001111111111111000000111000000000000000000000000111111111111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001111111111100000000000000000000000000000000000000000000000000000000000000000111111100000000000000000000000000000000000000000001111101100000000000111000000000000000000000001111110000000000000000000000000000000000000011000000000000000000000000000110000000000000010100000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000011111111111100000000000000000000100000000000000000000000000000000000000001111111110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011110000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
i = 0
for y in range (0,MAX2):
    for x in range (0,MAX1):
        if(str[i] == '1'):
            pic.putpixel([x,y],(0, 0, 0))
        else:
            pic.putpixel([x,y],(255,255,255))
        i = i+1
pic.show()
pic.save("flag.png")

运行得到图片

图片

原神文字,别问我怎么知道的,ctf玩原玩的

图片

对照得到:Sm3rt_y0u_can_do

第八部分flag:Sm3rt_y0u_can_do

第九层:渡劫

解压压缩包

图片

先看提示脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
# hint9.py

from Crypto.Util.number import *
from random import randint

p = getPrime(512)
q = getPrime(512)
n = p * q
e = 65537

list = []
for _ in range(2):
    a, b = randint(0, 2**8), randint(0, 2**256)
    list.append(a * p + b * q)

password = b"xxxxx"
c = pow(bytes_to_long(password), e, n)
print(f'{n = }')
print(f'{c = }')
print(f'{list = }')


#n = 107803636687595025440095910573280948384697923215825513033516157995095253288310988256293799364485832711216571624134612864784507225218094554935994320702026646158448403364145094359869184307003058983513345331145072159626461394056174457238947423145341933245269070758238088257304595154590196901297344034819899810707
#c = 46049806990305232971805282370284531486321903483742293808967054648259532257631501152897799977808185874856877556594402112019213760718833619399554484154753952558768344177069029855164888168964855258336393700323750075374097545884636097653040887100646089615759824303775925046536172147174890161732423364823557122495
#list = [618066045261118017236724048165995810304806699407382457834629201971935031874166645665428046346008581253113148818423751222038794950891638828062215121477677796219952174556774639587782398862778383552199558783726207179240239699423569318, 837886528803727830369459274997823880355524566513794765789322773791217165398250857696201246137309238047085760918029291423500746473773732826702098327609006678602561582473375349618889789179195207461163372699768855398243724052333950197]

爆破a求q,使用笛卡尔积

h1 = a1p + b1q h2 = a2p + b2q而其中的 a1 和 a2 很小,所以爆破一下可求

a2h1 – a1h2 = (a2b1 – a1b2) q

发现是 q 的倍数,然后和 n 进行 gcd 即可

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
from Crypto.Util.number import *
from itertools import product
from math import gcd
import gmpy2
 
n = 107803636687595025440095910573280948384697923215825513033516157995095253288310988256293799364485832711216571624134612864784507225218094554935994320702026646158448403364145094359869184307003058983513345331145072159626461394056174457238947423145341933245269070758238088257304595154590196901297344034819899810707
c = 46049806990305232971805282370284531486321903483742293808967054648259532257631501152897799977808185874856877556594402112019213760718833619399554484154753952558768344177069029855164888168964855258336393700323750075374097545884636097653040887100646089615759824303775925046536172147174890161732423364823557122495
list = [618066045261118017236724048165995810304806699407382457834629201971935031874166645665428046346008581253113148818423751222038794950891638828062215121477677796219952174556774639587782398862778383552199558783726207179240239699423569318, 837886528803727830369459274997823880355524566513794765789322773791217165398250857696201246137309238047085760918029291423500746473773732826702098327609006678602561582473375349618889789179195207461163372699768855398243724052333950197]
h1, h2 = list
 
for a, b in product(range(2**8), repeat=2):
    q = gcd(a * h1 - b * h2, n)
    if q != 1 and q < n:
        print(q, n)
        break
q = 12951283811821084332224320465045864899191924765916891677355364529850728204537369439910942929239876470054661306841056350863576815710640615409980095344446711
 
p = n // q
e = 65537
d = pow(e, -1, (p - 1) * (q - 1))
m = pow(c, d, n)
print(long_to_bytes(m))
#game_over

解压压缩包 先看txt

图片

意思应该是压缩包有东西,图片没东西

缩包名字叫我们的小秘密嘿嘿,想到oursecret,密码是game_over

图片

分离出flag.txt查看

图片

第九部分flag:_nine_turns?}

最后合并flag为

1
XYCTF{T3e_c0mb1nation_0f_crypt0_and_misc_1s_re6lly_fun!!L1u_and_K1cky_Mu_3re_so_sm4rt!In_just_a_few_m1nutes_they_were_thr0ugh!Sm3rt_y0u_can_do_nine_turns?}

md5加密

图片

最后flag为XYCTF{b1bdc6cf06a28b97c91c1c12f0d3bc00}