X-NUCA(牛咖)联赛11月Crypto&Misc专题赛赛前--raw-vaganism的解题思路 

X-NUCA(牛咖)联赛11月Crypto&Misc专题赛赛前--raw-vaganism的解题思路

发表于:2016-11-18 10:00:00 来源:  合天网安实验室 阅读数(0人)

执行如下命令

$ mkdir Converted
$ for i in *.png; do sips -s format bmp $i --out Converted/$i.bmp;tail -c +55 Converted/$i.bmp > Converted/$i.raw;xxd -p -c 3 Converted/$i.raw | cut -b 1-2 | xxd -r -p > Converted/$i.bytes;done
$ cd Converted
$ rm *.bmp
$ rm *.raw

得到40个文件后

$ strings -n 12 *
$ grep <string found>*

Once we identify a pair, create a directory and move the 2 files there.

pair1: 043d09e121a1d2d77aaa098487ddf62d.png.bytes 153ba8b36ae16e23bc2e5f9eb2a6a8ac.png.bytes
pair2: 041ed9c9f84d7a0b4496db8a4c826f10.png.bytes a57c72b0f8b9bbecdcfd5432a4d2eb09.png.bytes
pair3: bd84baf5910e59c323379e1b33e36ce2.png.bytes d167ebbed97915d57e25e1358db26623.png.bytes
pair4: 7cf7909d1260d6f84eab3009fe06daad.png.bytes c7931c279ce7d5f8cbd38c6069464802.png.bytes
pair5: 815aadc10f8d41c013fe5673629b6642.png.bytes 96dcd0b28b851c67b88f137fc99d1138.png.bytes
pair6: 1ddb2cc40e3c7bfb63373a16b764454b.png.bytes a88b4bb3c225ed20440ba6bf633ab169.png.bytes
pair7: 2f7261b0dbcfec78455fb50ed13dead6.png.bytes e071dd8812e5a4256f75d47ad2dfeb39.png.bytes
pair8: 6ef798f8efac382a1a571429635a25d1.png.bytes b703cc3df27965de11879b1bf5a4ce69.png.bytes
pair9: 673d2143b07f6d73e924cfdce21e7e61.png.bytes be4e230f1f4f5243ab22fd8d6ab30754.png.bytes
pair10: 719e05cb25816db1393c64c472331de1.png.bytes b27dc3ed73a3bdf9cac3d9d9932912e6.png.bytes
pair11: 97a3c832cf761ed406807e09d7c5758c.png.bytes c149489a34faba509f344c8b3d352aba.png.bytes
pair12: 0a29ad2d1aace7ddfda6623ed14b3cfc.png.bytes c1c12dd4337839c56af7a7eab713cffe.png.bytes
pair13: 31120e8287762360b478fae1caa0cf85.png.bytes 6e43f9630245c1137c2c6581c68315a0.png.bytes
pair14: 99af438b2bbcbbcf6faa8a6954a311fb.png.bytes e51b9182f54ed286a13bc3b422698edb.png.bytes
pair15: 3dd036d19ddacac4cd521faaabd6e5f4.png.bytes 4738e11f93c0bbe6bb0508a3358dcc6a.png.bytes
pair16: 35f36d10e91fb913a5e7c9cf7c6bf05b.png.bytes 4cc1be4ed28baf7563a7bb5cfe7afe07.png.bytes
pair17: 0dbca0ab91aa52a82c356cf35fd12668.png.bytes 2888e1b8abae9a1e952db101f0c86ca1.png.bytes
pair18: 284f6b43f1da540bdeb4f349a086fe56.png.bytes 8785304561ecf81141fbdef7a914fb81.png.bytes
pair19: 5598f8c115335d71b65075aaf8c16ba5.png.bytes 580385af1a9cceba19ab9153521affd0.png.bytes
pair20: 563de7a878f2205af9acef7c86556cf4.png.bytes 92c899bed7be8af5cb79663fd32fae11.png.bytes

Once we know which images are paired, we can use convert on Kali to XOR the images together:


$ convert 043d09e121a1d2d77aaa098487ddf62d.png 153ba8b36ae16e23bc2e5f9eb2a6a8ac.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair1.png


$ convert 041ed9c9f84d7a0b4496db8a4c826f10.png a57c72b0f8b9bbecdcfd5432a4d2eb09.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair2.png


$ convert bd84baf5910e59c323379e1b33e36ce2.png d167ebbed97915d57e25e1358db26623.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair3.png


$ convert 7cf7909d1260d6f84eab3009fe06daad.png c7931c279ce7d5f8cbd38c6069464802.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair4.png


$ convert 815aadc10f8d41c013fe5673629b6642.png 96dcd0b28b851c67b88f137fc99d1138.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair5.png


$ convert 1ddb2cc40e3c7bfb63373a16b764454b.png a88b4bb3c225ed20440ba6bf633ab169.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair6.png


$ convert 2f7261b0dbcfec78455fb50ed13dead6.png e071dd8812e5a4256f75d47ad2dfeb39.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair7.png


$ convert 6ef798f8efac382a1a571429635a25d1.png b703cc3df27965de11879b1bf5a4ce69.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair8.png


$ convert 673d2143b07f6d73e924cfdce21e7e61.png be4e230f1f4f5243ab22fd8d6ab30754.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair9.png


$ convert 719e05cb25816db1393c64c472331de1.png b27dc3ed73a3bdf9cac3d9d9932912e6.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair10.png


$ convert 97a3c832cf761ed406807e09d7c5758c.png c149489a34faba509f344c8b3d352aba.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair11.png


$ convert 0a29ad2d1aace7ddfda6623ed14b3cfc.png c1c12dd4337839c56af7a7eab713cffe.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair12.png


$ convert 31120e8287762360b478fae1caa0cf85.png 6e43f9630245c1137c2c6581c68315a0.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair13.png


$ convert 99af438b2bbcbbcf6faa8a6954a311fb.png e51b9182f54ed286a13bc3b422698edb.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair14.png


$ convert 3dd036d19ddacac4cd521faaabd6e5f4.png 4738e11f93c0bbe6bb0508a3358dcc6a.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair15.png


$ convert 35f36d10e91fb913a5e7c9cf7c6bf05b.png 4cc1be4ed28baf7563a7bb5cfe7afe07.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair16.png


$ convert 0dbca0ab91aa52a82c356cf35fd12668.png 2888e1b8abae9a1e952db101f0c86ca1.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair17.png


$ convert 284f6b43f1da540bdeb4f349a086fe56.png 8785304561ecf81141fbdef7a914fb81.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair18.png


$ convert 5598f8c115335d71b65075aaf8c16ba5.png 580385af1a9cceba19ab9153521affd0.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair19.png


$ convert 563de7a878f2205af9acef7c86556cf4.png 92c899bed7be8af5cb79663fd32fae11.png -fx "(((255*u)&(255*(1-v)))|((255*(1-u))&(255*v)))/255" pair20.png


At this point we have 20 images with ASIS{ some dots }, so we know we are on the right path.


There are 3 filled dots in every image, and 60 dots total. For each of the 60 possibilities there is a filled dot in exactly one of the images. We can use the following command to look at metadata in Kali:


$ identify -verbose pair1.png


This command includes a histogram, which tells you what color values are present in the entire image.


We find that except for 3 pixels, all other pixels have a color value of 30/255 or less. The 3 pixels are definitely outliers, because they have a color value significantly above 30, but no more than 119. Those values could map to the ASCII table.


Gathering all the dots and the pixels from the images, we get the following data:


(pair)(pixel color)(ASCII)(dot position)
 1   95 100 119 _ d w   #38 #48 #53
 2   83  97 107 S a k    #5 #47 #58
 3   83  95 110 S _ n    #3 #30 #44
 4  105 108 121 i l y   #17 #18 #34
 5   98 110 116 b n t   #13 #24 #35
 6  105 105 117 i i u   #15 #43 #56
 7   51  78  95 3 N _   #26 #42 #51
 8   95 110 112 _ n p    #1 #22 #57
 9   52  80  95 4 P _   #39 #45 #50
10   52  71 114 4 G r   #14 #46 #52
11   48  95  95 0 _ _   #28 #37 #49
12   95 108 115 _ l s   #25 #27 #59
13   67 100 102 C d f   #10 #29 #33
14   95 103 114 _ g r    #9 #12 #36
15   65  65  95 A A _    #2 #19 #41
16   73 104 105 I h i    #4 #31 #32
17   97  99 104 a c h   #23 #54 #55
18   52  99 115 4 c s    #8 #20 #21
19   33 110 116 ! n t   #16 #40 #60
20   51  95 105 3 _ i    #6  #7 #11

Ordering them 1 through 60, we have 3 possibilities for each dot, which makes this non-trivial. I started by seeing the pattern _ASIS in the beginning and PNG in the middle and slowly went from there.


(dot)(options)(answer)
 #1 _np _
 #2 AA_ A
 #3 S_n S
 #4 Ihi I
 #5 Sak S
 #6 3_i _
 #7 3_i i
 #8 4cs s
 #9 _gr _
#10 Cdf C
#11 3_i 3
#12 _gr r
#13 bnt t
#14 4Gr 4
#15 iiu i
#16 !nt n
#17 ily l
#18 ily y
#19 AA_ _
#20 4cs c
#21 4cs 4
#22 _np p
#23 ach a
#24 bnt b
#25 _ls l
#26 3N_ 3
#27 _ls _
#28 0__ 0
#29 Cdf f
#30 S_n _
#31 Ihi h
#32 Ihi i
#33 Cdf d
#34 ily i
#35 bnt n
#36 _gr g
#37 0__ _
#38 _dw d
#39 4P_ 4
#40 !nt t
#41 AA_ A
#42 3N_ _
#43 iiu i
#44 S_n n
#45 4P_ _
#46 4Gr r
#47 Sak a
#48 _dw w
#49 0__ _
#50 4P_ P
#51 3N_ N
#52 4Gr G
#53 _dw _
#54 ach c
#55 ach h
#56 iiu u
#57 _np n
#58 Sak k
#59 _ls s
#60 !nt !

相关新闻

大家都在学

课程详情

网络安全漫谈

课程详情

信息安全基础

课程详情

网络安全基础