西湖论剑2020部分wp

前言

      这次比赛体验很好，虽然身为web手的我没有做出一道web题，但是被大佬带着做出一道misc的感觉很不错。。。(PS：我没叛变web)

Yusapapa

工具

Stegpy、stegdetect、Invisible Secrets

题解

      进去F12获得一段文字：

Maybe these texts are really helpful for you Biometric list is OK! endow gremlin indulge bison flatfoot fallout goldfish bison hockey fracture fracture bison goggles jawbone bison flatfoot gremlin glucose glucose fracture flatfoot indoors gazelle gremlin goldfish bison guidance indulge keyboard keyboard glucose fracture hockey bison gazelle goldfish bison cement frighten gazelle goldfish indoors buzzard highchair fallout highchair bison fallout goldfish flytrap bison fallout goldfish gremlin indoors frighten fracture highchair bison cement fracture goldfish flatfoot gremlin flytrap fracture buzzard guidance goldfish freedom buzzard allow crowfoot jawbone bison indoors frighten fracture bison involve fallout jawbone Burbank indoors frighten fracture bison guidance gazelle flatfoot indoors indulge highchair fracture bison hockey frighten gremlin indulge flytrap bison flagpole fracture bison indulge hockey fracture flytrap bison allow blockade endow indulge hockey fallout blockade bison gazelle hockey bison inverse fracture highchair jawbone bison gazelle goggles guidance gremlin highchair indoors fallout goldfish indoors bison gazelle goldfish bison indoors frighten gazelle hockey bison flatfoot frighten fallout glucose glucose fracture goldfish freedom fracture blackjack blackjack

      根据关键词Biometric list在Github中找到go-pgpwords，但是由于没有go环境，就顺着解密脚本提供的链接找到了密码表的地址。

      接着自动化获得密文对应的十六进制码并解码：

You can see my collection puzzles in /hint.rar and another /encode.png.
By the way,the picture shoud be used 
"Yusa" is very important in this challenge!!

      从解码出来的文字中我们可以得到两个信息：

1. 路由/hint.rar和/encode.png
2. Yusa可能会是某个环节的密钥

      从路由/hint.rar中我们可以获得一个rar压缩包，里面给了一个hint：

利用一种较为古老和不常见的工具。USE your google and Baidu

接着就找古老的隐写工具(一开始以为是rar爆破，但是一想爆破工具老不老好像没啥区别，一点都不优雅(×)，找到Stegpy。

命令stegpy index.webp获得隐写信息：

the_password_is:Yus@_1s_YYddddsstegpy encode.webp the_key_is:Yus@_yydsstegpy!!

通过密码Yus@_yydsstegpy!!打开压缩包获得hint.jpg，stegdetect分析图片获得加密信息，

命令stegdetect.exe -t jopi -s 10.0 hint.jpg获得加密方式hint.jpg : invisible[568](***) jphide(**)，找解密工具Invisible Secrets。

安装之后选择unhide Files，然后密钥Yusa、解密算法Blowfish获得encode.py，该文件是生成encode.png的脚本，逆一下获得flag。

decode脚本：

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

import os,random
from PIL import Image,ImageDraw

enc_pic=Image.open('encode.png')
a,b = enc_pic.size

R=[]
G=[]
B=[]
for x in range(a):
    for y in range(b):
        R.append(bin(enc_pic.getpixel((x,y))[0]).replace('0b','').zfill(8))
        G.append(bin(enc_pic.getpixel((x, y))[1]).replace('0b','').zfill(8))
        B.append(bin(enc_pic.getpixel((x, y))[2]).replace('0b','').zfill(8))
key1stream=[]
key2stream=[]
enc=[]
for i in range(len(R)):
    if R[i][-1] == "1":
        key1stream.append(1)
    else:
        key1stream.append(0)

for i in range(len(G)):
    if G[i][-1] == "1":
        key2stream.append(1)
    else:
        key2stream.append(0)

for i in range(len(B)):
    if B[i][-1] == "1":
        enc.append(1)
    else:
        enc.append(0)
flag=[]
for i in range(len(enc)):
    flag.append(enc[i]^key1stream[i]^key2stream[i])

print(len(flag))
p = Image.new('L',(a,b),(255))
print(flag.count(1))
for x in range(a):
    for y in range(b):
        if flag[y+x*b]==1:
            p.putpixel((x,y),(255))
        else:
            p.putpixel((x,y),(0))
p.show()
p.save("flag.png")