---

1、file OneBadSon.txz

OneBadSon.txz: XZ compressed data

2、xz -d OneBadSon.txz

3、tar -xvf OneBadSon.tar

OneBadSon/

OneBadSon/One_Bad_Son

4、file One_Bad_Son

One_Bad_Son: data

5、cat One_Bad_Son

6、思考

每一行以00 02 起始 00结束

像是 ｛id ：123456｝格式

经过谷歌后。发现这个bson格式

bson格式如下

A document such as {"hello":"world"} will be stored as:

					Bson:
  \x16\x00\x00\x00               // total document size
  \x02                           // 0x02 = type String
  hello\x00                      // field name
  \x06\x00\x00\x00world\x00      // field value (size of value, value, null terminator)
  \x00                           // 0x00 = type EOO ('end of object')
 

对此。我们需要用bson 的decode方式格式化

但是bson需要添加长度。

用Python读取后，发现每行的长度为114

使用下面的代码进行解题

import base64
import codecs
import bson
with codecs.open("./One_Bad_Son", "rb") as input_file:
    data = input_file.read()
    data = '\x72\x00\x00' + data
    loaded = bson.decode_all(data)
    with codecs.open("out.txt", "w") as output_file:
        output_file.write("[\n")
        for d in loaded:
            output_file.write(repr(d)+"\n")
        output_file.write("]\n")
used_id = set()
ordered = sorted(loaded, key=lambda di: int(di['raw']))

flag_data = []
for d in ordered:
    id = d['raw']
    if id not in used_id and d['fname'] == 'flag':
        base = d['dat']
        decoded = base64.b64decode(base)
        flag_data.append(decoded)
        used_id.add(id)
with codecs.open("out.png", "wb") as output_file:
    output_file.write("".join(flag_data))

最后， 可以得到答案的png图片