这次比赛又是国服签到型选手
1.双重图格
题目给了两章图片和一个hint的excel文件,写的时候一直以为是文件外藏了什么,发现其实是空格隐藏数据,进去之后把空格都替换掉就发现提示
得到 Insert:OFFSET28354h
意思是在28354h这个位置插入什么
把图片放到010里看一下,
有一块识别不出来的数据,结合前面的提示,
把这一块剪切下来放到提示的位置。(这里我看了半天大佬的wp没懂,问了群里的师傅才知道,谢谢好心的师傅们)
这里涉及到fdat的数据,这里是apng的文件,要用谷歌或者火狐浏览器查看才行(我的浏览器不知道为什么一直显示不出来我就直接用了群里师傅的图了,太菜了)
这是DotCode 找了个在线扫描器:https://demo.dynamsoft.com/DBR/BarcodeReaderDemo.aspx
扫出来的结果为:U2FsdGVkX1/mLyhDqehTlmxmPoamVfr7h1El3iWRVvuJQodh1HvxMeQ2F8lgHfXzq70N4U/ZcjYtjLbXE8HRmw==
这就是密文了 ,接下来是key.jpg
拿到手的时候发现是反色的,先放到stegsolve里面反色了一下发现什么都扫不出来,刚开始还以为是哪里出问题了,用手机也扫了一遍也不行,我还以为是我的手机问题,全家的手机都拿来试了一次,才确定是图的问题,于是看看有没有隐藏文件,放到虚拟机里binwalk一下
发现有另外一张图,dd出来
得到这样一张图,先修补一下
这里借了大佬的图因为实在p的太粪了
再放进stegsove里xor一下得到
就能扫出来
在解密一下就得到flag
(不知道为什么有几个网站解不出来,还是要靠大佬呀,太菜了。)
DASCTF{b12e6674e844486d20d24793809ae38a}
2.eeeeeeeasyusb
给了一个文本文件,打开发现一段字
在移动光标的时候有明显的顿挫感,所以猜测是零宽字符隐写
得到
发现好像没什么意义(比赛时候就做到这里,后来比赛结束看别的师傅的wp才知道这是英文nut(坚果)指的是坚果云,我真的裂开,还是太菜)
前面是链接:https://www.jianguoyun.com/p/DYcbU-gQz_TZCBjh8rID
后面是密码:jmTjTw
下载下来是两个usb流量包
百度了一下发现可以追踪鼠标和键盘的轨迹的(这么牛吗)
借了大佬的脚本来画图
先提取出流量包的内容,参考这位师傅
命令是
tshark -r part1.pcapng -T fields -e usb.capdata > usb1data.txt
#!/usr/bin/python
# coding: utf-8
import matplotlib.pyplot as plt
import numpy as np
import matplotlib as mpl
mpl.rcParams['font.family'] = 'sans-serif'
mpl.rcParams['font.sans-serif'] = 'NSimSun,Times New Roman'
x, y = np.loadtxt('res.txt', delimiter=' ', unpack=True)
plt.plot(x, y, '*', label='Data', color='black')
plt.xlabel('x')
plt.ylabel('y')
plt.title('Data')
plt.legend()
plt.show()
这个脚本跑出来坐标
#!/usr/bin/python
# coding: utf-8
import matplotlib.pyplot as plt
import numpy as np
import matplotlib as mpl
mpl.rcParams['font.family'] = 'sans-serif'
mpl.rcParams['font.sans-serif'] = 'NSimSun,Times New Roman'
x, y = np.loadtxt('res.txt', delimiter=' ', unpack=True)
plt.plot(x, y, '*', label='Data', color='black')
plt.xlabel('x')
plt.ylabel('y')
plt.title('Data')
plt.legend()
plt.show()
这里用来画出来,本来像把大佬们的脚本整合一下,但是老是出错,干脆麻烦一点分开来了
得到:
水平旋转一下得到:166433882cd04aaa
然后就是part2
还是靠大佬的脚本
normalKeys = {"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
nums = []
keys = open('usb2data.txt')
for line in keys:
if len(line)!=17: #首先过滤掉鼠标等其他设备的USB流量
continue
nums.append(line[0:2]+line[4:6]) #取一、三字节
keys.close()
output = ""
for n in nums:
if n[2:4] == "00" :
continue
if n[2:4] in normalKeys:
if n[0:2]=="02": #表示按下了shift
output += shiftKeys [n[2:4]]
else :
output += normalKeys [n[2:4]]
else:
output += '[unknown]'
print('output :n' + output)
得到:
这最后还是需要一点脑洞,根据part1又16位,part2应该也有16位,已知的9位以及35个F2,F3,以可知道5个F2,F3为一个字符,所以位培根密码,F2是a,F3是b,最后解码即可(原话copy,脑洞确实大)
最后得到密码:056bd4ad29bb522b
结合一下:flag{166433882cd04aaa056bd4ad29bb522b}
3.标错的字符
大佬们还没有预期解,遵循7的意志就能通关!!
flag{287fe711b6c25ec4352df516e7f8cc33}
参考:http://blog.v3ged4g.top/2020/08/27/DASCTF%E5%85%AB%E6%9C%88%E8%B5%9B-misc-eeeeeeeasyusb/
http://www.fzwjscj.xyz/index.php/archives/38/#analyze-2
http://www.ga1axy.top/index.php/archives/46/