.online是哪国的域名!感觉这个分别很别致.看到pwn别以为是真是pwn
在github找到WP,有会在都从上边找 https://github.com/Impaler343/ShaastraCTF2024/blob/main/README.md
PWN
About Time
一个python3.11编译的exe文件,在win7上无法运行,解包后通过反编译网站得到部分代码
# Visit https://www.lddgo.net/string/pyc-compile-decompile for more information
# Version : Python 3.11
import time
d = {
'#': '1',
'@': '2',
'?': '3',
'!': '4',
'^': '5',
':': '6',
'*': '7',
'%': '8',
'$': '9',
'+': '0' }
def compare_strings(string1, string2):
pass
# WARNING: Decompyle incomplete
password1 = '%?^*%$'
do = input("Press 'ok' to start the game:")
password2 = input('Enter a 6-digit password consisting of numbers only:')
compare_strings(password1, password2)
# WARNING: Decompyle incomplete
因为既不能运行也不能反编译,只能猜,通过上边的字典猜:835789
Snooping
这是个流量题,据WP说从注释里找到SSL证书,然后...
Binary Exploitation
Iterant
给了一个程序
#include <bits/stdc++.h>
#define ll long long
using namespace std;
ll counter = -1;
ll fibbmod(ll n)
{
counter++;
if (n == 0)
return 2;
else if (n == 1)
return 3;
// cout << counter << " " << n << "\n";
if (counter % 2)
{
return fibbmod(n - 1) - fibbmod(n - 2);
}
else
{
return fibbmod(n - 1) + 2 * fibbmod(n - 2);
}
}
int main() // Driver function to see the value of first 30 numbers in the series
{
for (ll i = 0; i < 30; i++)
{
counter = -1;
ll x = fibbmod(i);
cout << i << "->" << x << "\n";
}
return 0;
}
//Here lies a complicated recursion problem of which the answer needs to be found for the value of 250. How will you do this?
//这里存在一个复杂的递归问题,需要找到值 250 的答案。你将如何做到这一点?
这题想了很久,后来发现是翻译题的问题,这是个简单的类斐波那契函数,对于偶数部分有
f(2k)=2*(f(2k-2)+f(2k-4))%2**64 对于奇数部分有f(2k+1) = 2*f(2k-2)
对于这个网上的翻译一直理解成求值为250的序号,其实题目是要求求第250项的值.大意了.
m = 2**64
a,b = 2, 2*2+3
for i in range(4,251,2):
c = 2*(a+b)%m
a,b = b,c
#print(i,c)
print(i,c)
OperationPWN
一个类似于汇编的.asm文件,助记符看不懂,而且是0解题,没看
Reverse Engineering
Freezing Fire
给的是32位程序,没看明白,但是从data区里找到个串ShaastraCTF{dLkDF@^HgsGRus63EsT&}
MusicalMath
应该是用音乐加的密,有一个用python编译的程序和一个乐谱,不认识.
exe文件解包后里边有个Password文件,用记事本打开看到ShaastraCTF{Musical_Collatz_Conjecture}
这题只有14解,不清楚是啥原因
Cryptography
Prime Decryption
根据题目名字猜是RSA,级了一个数组和两个数,猜是c,n,e
#Decrypting this is not usually easy, but you see that the public key is only 24 bits long! #You quickly collect the encrypted message and get to work...... Public Key: 14537813, 5. #Get Cracking!
a = [13831133, 12917356, 10030587, 10030587, 7776496, 10814604, 6081412, 10030587, 12646311, 9767093, 8851505, 7850875, 256117, 13831133, 11803398, 7205927, 2220894, 12646311, 6081412, 10030587, 2170797, 11065575, 13799515, 12522469, 2708638]
n,p,q,e = 14537813,3779,3847,5
c = [pow(c, invert(e,(p-1)*(q-1)),p*q) for c in a]
print(bytes(c))
#b'ShaastraCTF{RSA24Cracked}'
Twofold flipping
又是给了一堆数,看到尾部分的2,猜是127-n 的加密方式
a = [44,23,30,30,12,11,13,30,60,43,57,4,61,22,11,32,79,25,32,79,29,25,10,12,28,75,11,78,79,17,32,75,17,27,32,79,29,12,11,13,10,28,72,78,79,17,2]
bytes([0x7f-i for i in a])
#b'ShaastraCTF{Bit_0f_0bfusc4t10n_4nd_0bstruc710n}'
Laplace, Fourier and CNN
给定一段代码和密文
def add(a, b):
if a in c1:
if b in c1:
return (c1.index(a) + c1.index(b) + 2) % 26
else:
return (c1.index(a) + c2.index(b) + 2) % 26
else:
if b in c1:
return (c2.index(a) + c1.index(b) + 2) % 26
else:
return (c2.index(a) + c2.index(b) + 2) % 26
def diff(a, b):
if a in c1:
if b in c1:
return (c1.index(a) - c1.index(b)) % 26
else:
return (c1.index(a) - c2.index(b)) % 26
else:
if b in c1:
return (c2.index(a) - c1.index(b)) % 26
else:
return (c2.index(a) - c2.index(b)) % 26
def evaluator(tp, shift):
if tp in c1:
return c1[(shift - 1) % 26]
else:
return c2[(shift - 1) % 26]
flag = "Gibberish"
q = "c"
c1 = "abcdefghijklmnopqrstuvwxyz"
c2 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
for i in range(len(flag) - 2):
q += evaluator(flag[i + 1], diff(flag[i + 1], flag[i]))
q += flag[-1]
print(q)
# This is the encrypted flag
#Decrypt "cOgQdUrKiOrQjjHlNyIeG" and submit it in the format: ShaastraCTF{....}.
这东西看似简单,但这种加密用相邻两个字符加密,且未给出头尾,所以只能对两个字符爆破会有好多解,从头爆破,然后从一堆解中找出两个可读的试.
def encrypt(flag):
q = 'c'
for i in range(len(flag) - 2):
q += evaluator(flag[i + 1], diff(flag[i + 1], flag[i]))
return q
def deepfind(flag):
if len(flag)==len(enc)-1:
print(flag)
return
for t in c1+c2:
q = encrypt(flag+t+'G')
#print(flag+t, q)
if q == enc[:len(flag)+1]:
deepfind(flag+t)
enc = 'cOgQdUrKiOrQjjHlNyIeG'
for t1 in c1+c2:
deepfind(t1)
#ShaastraCTF{cRyPtOgRaPhYisAmAzInG} OK
CryptoGods
给了一段密文和一段注释
IaMBorEdOFfiNDiNGfLaGSiWANTTwODoSOMEthInginTEresTiNGwAiTDiDYOUSeEThatTwONoYoUDiDNOTIjUStFOUNdtHeflaGIamGOInGTWOTHeneXTqUesTIonyOUtWocAngoNOW
This flag can be deciphered by using the tools brought to life by the renowned computer scientists Gottfried Leibniz and Bob Bemer.
网上搜是莱布尼兹和ASC码之父,这俩人也不是一个时代的,而且最讨厌微积分了.就当是没提示.
上边的密文可读,所以不是经过编译的,从无章法的大小写看应该是大小写表示01,从长度看应该是7位ascii码
a = 'IaMBorEdOFfiNDiNGfLaGSiWANTTwODoSOMEthInginTEresTiNGwAiTDiDYOUSeEThatTwONoYoUDiDNOTIjUStFOUNdtHeflaGIamGOInGTWOTHeneXTqUesTIonyOUtWocAngoNOW'
c1 = "abcdefghijklmnopqrstuvwxyz"
b = ''.join(['0' if i in c1 else '1' for i in a])
m = bytes([int(b[i:i+7],2) for i in range(0, len(b),7)])
#b'Y35_7H15_15_7H3_FL4G'
#ShaastraCTF{Y35_7H15_15_7H3_FL4G}
还有几个隐写的题,附件有几百K,下不下来.算了没大意思.