历年iscc练武题misc复现


ISCC2022

2022冬奥会

题目描述:

1
2022冬奥会在北京举办,身为东道主的你知道此次冬奥会的吉祥物分别是谁吗?并且你知道这两只冬奥会的吉祥物最初设计的原型分别是什么吗?我只能提示你其中有一只的原型是我们的国宝哦。

下载附件

宽高一把梭

提取字符

1
2
3
冰墩墩的小伙伴经常被人冷
落,你知道它的原型是什么
吗?

unicode解密

冬奥会吉祥物雪容融原型是灯笼

“冰墩墩、雪容融”诞生背后:他们为何能代表中国-新华网

压缩包密码是

1
灯笼

解压压缩包

发现图片无法显示,010查看文件得到flag

最后flag为

1
ISCC{beij-dahb-1020}

单板小将苏翊鸣

题目描述:

1
在此次冬季奥运会项目中,17岁的单板小将苏翊鸣在单板项目中获得一金一银的优异成绩,打破了多年来中国队的历史最好成绩,为中国队此次冬奥之行锦上添花。

下载附件

宽高一把梭

扫码二维码

提取字符

1
\u5728\u8fd9\u6b21\u51ac\u5965\u4f1a\u7684\u821e\u53f0\u4e0a\uff0c\u6211\u56fd\u5c0f\u5c06\u82cf\u7fca\u9e23\u65a9\u83b7\u4e00\u91d1\u4e00\u94f6\uff0c\u90a3\u4f60\u77e5\u9053\u6b64\u6b21\u51ac\u5965\u4f1a\u6211\u56fd\u603b\u5171\u83b7\u5f97\u51e0\u679a\u5956\u724c\u5417\uff1f\u53c8\u5206\u522b\u662f\u51e0\u91d1\u51e0\u94f6\u51e0\u94dc\u5462\uff1f 

unicode解密

搜索得到

2022年北京冬季奥运会奖牌榜_百度百科

压缩包密码为

1
15942

解压压缩包

最后flag为

1
ISCC{beij-dbxj-2003}

隐秘的信息

题目描述:

1
乐乐在开始做作业时,遇到了一串ZWFzeV90b19maW5kX3RoZV9mbGFn字符串,研究了一番,什么都没有发现。乐乐能找到隐秘的信息并完成作业吗?

下载附件

base64解密

压缩包密码是

1
easy_to_find_the_flag

解压压缩包

stegsolve查看通道

提取字符

1
fd254d0d0dedd4c1 c4e548c1552dd0c9 a4c1319189e149e5 1da5f7fc01f8007f

先进行from hex 再用 to binary

提取二进制

1
11111101 00100101 01001101 00001101 00001101 11101101 11010100 11000001 11000100 11100101 01001000 11000001 01010101 00101101 11010000 11001001 10100100 11000001 00110001 10010001 10001001 11100001 01001001 11100101 00011101 10100101 11110111 11111100 00000001 11111000 00000000 01111111

去掉前面的1

整理得到

1
01 00100101 01001101 00001101 00001101 11101101 11010100 11000001 11000100 11100101 01001000 11000001 01010101 00101101 11010000 11001001 10100100 11000001 00110001 10010001 10001001 11100001 01001001 11100101 00011101 10100101 11110111 11111100 00000001 11111000 00000000 01111111

from binary得到flag

最后flag为

1
ISCC{u0q9R0UKt2i0LdbxRyGi}

降维打击

题目描述:

1
2
降维打击
flag格式:ISCC{xxxx-xxxx-xxxx}

下载附件

foremost提取

zsteg一把梭

zsteg提取出png文件

1
zsteg -E "b1,r,lsb,yx" 00000567.png >jwdj.png

魔女文字

《魔女之旅》文字破解·印刷体 - 哔哩哔哩

对照得到

1
MMYO-BDDK-UPOE

最后flag为

1
ISCC{MMYO-BDDK-UPOE}

藏在星空中的诗-1

题目描述:

1
漫天的繁星也许是一首美丽的诗!(建议使用winRAR)

下载附件

Poem.txt

1
2
3
4
5
1:☆✪٭☪✲
2:✡🟇⍟⍟✸
3:✡٭🟃✧🟔
4:★✡⍟☆✦
5:🌠✧⚝🟔🞱

是个密文应该,先放一放

查看psd文件,ps打开

ps调整曲线亮度以及不透明度

一般来说,五角星都是从顶部开始,按箭头顺序的话得到

1
13524

txt文本再按13524顺序得到压缩包密码

1
☆✪٭☪✲✡٭🟃✧🟔🌠✧⚝🟔🞱✡🟇⍟⍟✸★✡⍟☆✦

winrar解压压缩包得到

按照原来12345顺序对照得到

最后flag为

1
ISCC{IAWKZEICFJTKHZ}

藏在星空中的诗-2

题目描述:

1
漫天的繁星也许是另一首美丽的诗!

下载附件

对照之前的excel表

但是替换肯定不能全部换,所以只选择替换最后的字符

替换得到

1
\F0049\F0053\F0043\F0043\F007B\F0044\F0064\F0021\F0063\F0056\F0079\F0042\F004A\F0066\F0034\F0037\F0035\F0041\F004E\F007D

把\F转化成&#x;

1
&#x;0049&#x;0053&#x;0043&#x;0043&#x;007B&#x;0044&#x;0064&#x;0021&#x;0063&#x;0056&#x;0079&#x;0042&#x;004A&#x;0066&#x;0034&#x;0037&#x;0035&#x;0041&#x;004E&#x;007D

unicode解码

最后flag为

1
ISCC{Dd!cVyBJf475AN}

真相只有一个

题目描述:

1
misc是英文miscellaneous的前四个字母,表示有杂项、混合体、大杂烩的意思,题目思路广,模式不定,线索众多,在这些线索中有的有用有的没用,最终的真相只有一个。

下载附件

先从无后缀文件入手,010查看文件

一眼zip文件,文件头错误,010修改一下

保存解压压缩包

发现有密码,再从图片入手

一眼图片宽高有问题,直接宽高一把梭

发现左下角有摩斯密码

1
-. --- - ..... .-. . 

解压压缩包发现错误

stegsolve查看通道

得到

1
password 1998xxxx

掩码爆破

得到压缩包密码

1
19981111

解压压缩包得到流量包

TFTP导出对象mp3文件

auadcity打开mp3文件

摩斯密码

1
../.../-.-./-.-./--/../.../-.-./

摩斯解密

得到

1
ISCCMISC

还剩下一个flag.txt

一眼snow隐写,密码isccmisc

最后flag为

1
ISCC{QkGt-BS08-FzNp}

小光学AI

题目描述:

1
2
3
小光同学最近在学习人工智能技术,看了周志华老师的西瓜书后,感觉自己又行了。
这次他找来了三种水果的图片:黄瓜、茄子和蘑菇,研究的第一步是区分这三种水果,将三种水果分类;第二步是图像分割,选中目标区域,目标区域指的是能够覆盖图片中水果区域的最小矩形。
做完后小光同学计算出了三种水果目标区域的像素和A,B,C(0<A,B,C<10^10),发现这些像素和可以化简到x:y:z,其中(0<x,y,z<10),你可以找到A,B,C三者的实际值之比吗(格式A:B:C)?

下载附件

非预期做法:

生成字典

exp:

1
2
3
4
5
6
7
8
9
from tqdm import tqdm
filename = "password.txt"
with open(filename,'w') as f:
for i in tqdm(range(1, 10)):
for j in range(1, 10):
for k in range(1, 10):
print(i,j,k)
for l in range(1, 100000):
f.write(str(i*l) + ':'+str(j*l) + ':' + str(k * l) + '\n')

运行生成一个1.69G的字典文件

字典爆破压缩包密码

1
37035:49380:61725 

解压压缩包得到flag

当然这是非预期做法

预期做法应该是

使用这个项目

https://github.com/MuhammedBuyukkinaci/Object-Classification-and-Localization-with-TensorFlow/blob/master

再用OD模型预测password的图片 跑出来然后再用前面 像素计算的脚本 跑出来 a b c
最多爆破6次 密码就出来了

最后flag为

1
ISCC{q92uj6w28c}

套中套

题目描述:

1
亲爱的CTFer走到一个巨大的盒子前,上面写满了0和1,却也看不出个所以然。仔细看了半夜,才在字缝中看出来,整个盒子都写着“套中套”……

下载附件

先从png入手,png不显示,010查看

缺少文件头,010补全

保存并打开文件

010查看末尾发现base编码

base解密

得到

1
flag2: _ISCC_Zo2z

宽高一把梭

得到

1
flag1: wELC0m3_

stegsolve查看通道

得到

1
T0_tH3

组合成

1
wELC0m3_T0_tH3_ISCC_Zo2z 

解压压缩包

查看py文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/python

import random
import codecs
import gmpy2
import sys
import os

def getRandom(randomlength=4):
digits="0123456789"
ascii_letters="abcdefghigklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
str_list =[random.choice(digits +ascii_letters) for i in range(randomlength)]
random_str =''.join(str_list)
return random_str


def makeKey(n):
privKey = [random.randint(1, 4**n)]
s = privKey[0]
for i in range(1, n):
privKey.append(random.randint(s + 1, 4**(n + i)))
s += privKey[i]
q = random.randint(privKey[n-1] + 1, 2*privKey[n-1])
r = random.randint(1, q)
while gmpy2.gcd(r, q) != 1:
r = random.randint(1, q)
pubKey = [ r*w % q for w in privKey ]
return privKey, q, r, pubKey

def encrypt(msg, pubKey):
msg_bit = msg
n = len(pubKey)
cipher = 0
i = 0
for bit in msg_bit:
cipher += int(bit)*pubKey[i]
i += 1
return bin(cipher)[2:]



flaggg=open('ffalg.txt','w')

# secret = input('Plz input the FLAG to generate the question.')
for i in range(50):
fe = open('enc.txt', 'w')
fpub = open('pub.Key', 'w')
fpriv = open('priv.Key', 'w')
fq = open('q.txt', 'w')
fr = open('r.txt', 'w')

print(i)
tt="ISCC{"
for j in range(3):
temp=getRandom()
tt=tt+temp+'-'
secret = tt[:-1]+'}'
flaggg.write(secret)
flaggg.write('\n')
msg_bit = bin(int(codecs.encode(secret.encode(), 'hex'), 16))[2:]
keyPair = makeKey(len(msg_bit))
pub_str = '['+', '.join([str(i) for i in keyPair[3]]) + ']'
fpub.write(pub_str)
#print ('pub.Key: ' + pub_str)
enc = encrypt(msg_bit, keyPair[3])
#print ('enc: ' + str(int(enc, 2)))
fe.write(str(int(enc, 2)))
priv_str = '['+', '.join([str(i) for i in keyPair[0]]) + ']'
#print ('priv.Key: ' + priv_str)
fpriv.write(priv_str)
#print('q: ' + str(keyPair[1]))
fq.write(str(keyPair[1]))
#print('r: ' + str(keyPair[2]))
fr.write(str(keyPair[2]))
name="misc-example-"+str(i+1)+".zip"
fe.close()
fpub.close()
fpriv.close()
fq.close()
fr.close()

os.system("zip -r -P'wELC0m3_T0_tH3_ISCC_Zo2z' tzt2.zip enc.txt generator.py priv.Key pub.Key q.txt r.txt")
os.system("zip -r ./output/{}.zip tzt.png tzt2.zip".format(name))


flaggg.close()

背包密码

https://ctf-wiki.org/crypto/asymmetric/knapsack/knapsack/

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
import binascii

pubKey = [47890479720101047634465874721733588529458602584042547084885239612710067397911921683712707636329934460158471141053610749768725825361507499615110092598804013605863886559109234791871295781012433, 17306080590881240226973021568692278622106514908533174075028184037576298550181825348179740107832976610900388047483522889401921332681741578752749914061517757908905943995549124257722808908433935, 64618734070132149133043189748097845012693201380285326592043049528952199851764487736690792908947201153881550509998150477886788025349178948040002641952695971628673055650762287546265945445665260, 11572178510977562151222566010679176674166489644659534090528870073959316042648494224057282436548552565705991910956536151877144714656396158785476194860829920309146084179237627423737798270873235, 62196810233816189491529771811029197081476797750889660583578611329306275765025208956566551386027659087228784882297913127940518464966137340583782576762750221423454798227073002329955671611689365, 25445799453532980627798038353857271728780097848247172238433943861432543976575715808100544892681554944699471483165879171353837748233994557222190580004960874064341707638297817251822614980141588, 35223858420492388317649545980211127403690774115505040962463054084976437522082937332334720862965435091724010180004680637584558400015360059476797286765272015456298419746044745795993271240814672, 35121039984581200402922837581115765654829884274060278703425982831404665624934426902708131504508780829195408699367933362367159647837759958441663481403293011806628852505023693406327504207208795, 67538778809838592128946448770498413063759139122721954860407577510665609720990273509090254362075602122198936407629077809851485491473307586619210022039476674369603202984202977787099573616834019, 38622085650793934886406575167193484206941361789187417806089300166147983896870975177904836125428940238166570095781260591840640669670149648833878130690233522525050513627265219010000935526129049, 18935284697155845354960465404112121227450585659675596436724448270976425498872547131033332071436507697914549301686346177075999917294683377443216386771482074882385742505603715650321975632724784, 54944911214190839084394889212286782353711251854119824163374886964306824399606209102750434200725721778678594129799691860453816914806455494431931253083023544960097545600093943404101223611498258, 63459763161801689885322397098064532040028449194365511085158174023514522479075454662461900061674561962215790404822750184142857604553190088712861557190512679825425885322003485683992224716662634, 25185054256070158979583910677190626015432520436023613314360707067844844597008371330923185278210482303746995375136091550344464503838431523263721441156867928272117817068889652858759756598749783, 34369708548219136966731283236442567519879235802700406693525979418930027759436135667807057552444263757059769935029042525619957521160676935544858512427663180820896522147593553535869379621275265, 54411979795276842018935748745655567337843699051648445196760965531207255789423569263678740135377305878323930455266836756522958305750987024701161852090550926467398480325795148259268006928224434, 46538010274766249953993205967406725430511043214616404780860279666440795397430784235016802415313791914894802520676277112743317298794056712198646628907739321106101313652873884372733288890302462, 2044544534162932276517859534083862713408344948942020008783683372799164546686312429022697848961854559681372079435724238607250947590361091420482429739899224877727617272946738916740366308834783, 29429129930376463567211312144136635056939457507285628597899449121700151290936201117181781277830857940417694725319710751731219675303854679690383229053201853329519025366617631575644851952713578, 57648885896010151302061370332885115557025809337335317529303618753832879815352351189123627704367676951202493283263977993720015034599132670268062674506195739086911852885146642590374163648564058, 11522388371577043178362369171365226697221012854900179556124533243884867338107554280644303011401722590470750900224923890904481096987722298699576342784532264682115794985917874643290785021634539, 53452223251559811121660684975373672327018613083179661176606834991504198589152512836748775386626266920888693403407889133668201706892665078721519226359098404552106236785661057561969044031895009, 17098038135461088050184149236006345988669040376948163102979643473786259341820620138140743850819575398571727138313597653874703455257047331907844034779020744265611179763866072660848927496688490, 24624989213141393599136421627426308739988997724740056219694463537179885255035960529587936764131122993699989787017529146281019673312008454827364634296004321803453147535687661264733471640556061, 46808963354730822922630781846799481077560822448751475678099912058347930126419718323610891344168661080053989555321277621606936399121186313111821565721818054568367642655938737736237024205946401, 52301851709732946383496668626114955821736865782133704149898850454005222833091416874016401173957869647066889409899719440532635314954583670908717985974645787158314096404166951434515455519668855, 15504420651165030863238502358318532921530766438091734137426271216053125092572835586136682875406170729848375221749403775447893686211947542416476203378440416994495524208961834450614630924224753, 53845244041454884201264896421163672719306374104877846479975305147409001970585837009900650928208663990674705383573495774022455400570458947957696802497616524858490383693636725058399188070224467, 53320115641685505449973151967480626827374354552992591308908350401521967061019712225001877543509120106597815349322208631273284885002508935108192594964644800778455806256812473313846521153897994, 20650916840526373942967259888207960639479393150914766588906488669674790861937566021896683363132531778560267608591055041503506480529460308285757837076564915891528098900165978917213862776803810, 7647221951980831027864872634828304336583774030692405522849972079601096149071019833591327820374487211679751203724054783150683265510672819058189844053911287125164558020473234907784054585502380, 51122149496750217714950350474346219484035892538826702597587439156267546094819230274481498399293815181680744491407640669025666432891823312532797135096999938076702634029794451257375449457601452, 11106176662481973752506582674464491746546744946086406649869303128569997812425065929125955699774444338119816102079087993110246907332521834811054677676820642032176478819022934201159722246283857, 49441793808079339247429292530966210639926699019419363453966412703485796062012323451339357098470289700751366185325661411250412279256145675963185632001161255556104186739252964991960803240294369, 55757201763539237724912593283917402944253104461625899573049241196278323031482862271206651196679357626196634161948563923061637539683170888902239515130977668907630998215217624773010076265445489, 35255013346540096769179158145962266450240902970836581977206197721420914975925779037714661801788002296640435397639803656010616598074888694769412070598676177507574700745679437200657866113709288, 28677915757673323460883754786253287769350496743327500673282747094828377786321835906506238876231447805461860407281425962071490482607552926048870546290087855235882440104048181188722161545984760, 36832473000022897995776868775204717908267736915723539350833976583126132989592736166990393011027253583484822775865156980227282099232574738947850661770150068991380046475876872162963017862336167, 10483052434567206946507556478758108660050616105857488950119879764860233012770889637188537116662826423922782815168012940818702282821107675832832743523475943384166287254713171536505863774275116, 37843348988673844586864714880584995431028657144296847150519553139045622995871739625046657410159438531745143792241595857136669585832697748445800798434675487215949167694852097644697437378809560, 63801940747440571219775612087682561742003007498938248989707698628232953945748671206200884617572426735040069610767650061066614967611791628605298368374854364314769848476055113374895289368362023, 27401261357958673784341573345101293336909548271626934667252807847302096543442490834435672626141462710932036015207956111369098063837481028342189134036501494796032943134871921206584977585564041, 38573587838534453149765717791761958046578928546135424371801747725027808399201545346937047060582844123419323986180484636131281500823636307083187227789969071361794904849957799049568121837998703, 53958809010041791246204940912440869832738497201813807115785129969680131761298777643174587338943718694619281235678586066319207625066612860966053497522773679362034891107350700167614552316018500, 50985386058059210451612936182174921905673348704458055152471206605022399151370055257191043119624573495436413488755616821234583427600550433792689758231158706819853530730093890564412759571456481, 61526581873238366525807907069566107420188803090255153590754940971085958833000281110099384465689672835153442670488792654978535611603016377644689845961912963268016750015209503566671132923648667, 66115764251851815805252858177220311357623241846369699695777900944296474849920777003505527285177683418068967303286393216169298139386172829889484583226793396555255594082652526046581323628942289, 56322441787847760021734560736935605037302824249181806387521606918750720008784410121818210935175167353759657870107245611926472527874382807417358951156193619567808892922889736682128338049625376, 66749142907557060568057952408289227327595421568972621753887212145948734814712801071982226312222604397866987186802147751513028224888210732436341851269875301902493466366742262010844515146111358, 51056899417822683397284470568610570616081969342356504909042648326285742514426286529758563599869802794823956550465222184899242851014015598472763932402579880549146673895299866922272624555427280, 46402951176781382305382543989832843613266925105803405844831059050283952939575888666694605761613288059890684024202116382001036894168854758976584139948087416518690922335113990843425054126290320, 12065832569238949034865764752698434707030306169241561677192021559438703088903761656153257883864197795656564436380786791677675223023571826350416117007971141367735815386990337819311684295376236, 44886309458435584802083275660157014309366063799859831692790283519340844659455944640580308694947843109079110695538214329921418405320824968608888586957323908715232021379092037586034785360066731, 29386982083268025063730312562640564119396950231157600378589849079048714493748727014742993160943930426624237642610889710058760679797587120942137342535425441272337085186349384658452508437141609, 45051915987744577118001917741457465046952381578823575844118866049653844891839167467493684884654522469683686342158839779155995726504994168649447392134326580953141953620367005022040132214449270, 40553135649430622740269793478131327077725656631052833120538914092547070047148541153038227831713984321641748561689924496994480579110518897692252146768732229757749686414973236613231941778936576, 21464599564997071143394297400058473318634391404013127548884533593999412741012853790260318313443478263893185054502704842392161011065001040545999548747008053262301762245262744365985481228131502, 47214669755067642805860334107804261880062242526455881752312915539199317470565510289509764528212453320740816227952832714670047649455280654216277052887261857213937684077852348322539092355955538, 39918726512371159030614955073980116018140721168461876527225631580260657509258702397497947318483699036402232312780557063602371685707961024897124960534338901271224585585553852375813194410638440, 24876773535077683071999931076430700324843873553062775658964571237356225839560924844545431886292038254805753109351790455626468967819105395366160645715904828446617057409862371168623180593785173, 16030789241162016522933269405645868792382733768394727338214495839983302925798161192204993202259784601610919248815029414186985467691612408921074207754534528834892246148047868635830917657677889, 35553796011055547870878411131650136620503415666893802897340847032947353524580144593352295792329470944212691414845922410516106742833441530755383228781958990123115900025551786417013743827388692, 62673648432275411081341766697032290765283058243187612698335653710427344216599976855009951361488002484688319514932477879430778058658808499857897963564191221054346097393115767285106090751461579, 1287389176720855933206380771549057562104192396786218372824674088581233320544599415587194176017332013281782884549820989913212316975108243111276219393856621630299086467137370029217124060922515, 44569484885881439020972963098192212266103702947225457965447554697444780420192324148429307961894155838879388574414302922112848906384524453690201205909942858046081549978759427506857795516494341, 41982250843989312960177912833982103164230930870043817969665316276525821772635601701002400734019716158734997180311886060839296105990003751244800882878681731724425563651974878487388260641804193, 50753288119039388249355215356525474915154016939428731363218592051093719258593608393404721642328957576372372155253852641491240831567041640785036150777623173481207894755893787349137208810036905, 40150030449596629834148934759236087758302769989731857773145397251963335269018710841911759758166788125616647866471418674637124556523862809743540887443606715447445139460742674164307942946775183, 47385231603301754494344230217022089443600048332493522992838793291850437851419809911688211569807380906500058453445580848819019462688415900799866316061606239716588873547502696443617522672949054, 10265375568811987921537853112148594507083075889644899904926203169143853469031979831656272534407890088262345216121225336666691134819008641409732700150767431127370745317786986896432851558238567, 38027168397837436330927258310002421806386327133011872106274715343373040155124489798582797989380164044700805962566055097075959108748821220589354423556173910939691940183603502293701105056945966, 28119475502022331775560873982231129469438578239447457295516692515489612956767819865339606966323589830711966498132569803416872605774357518202919903230981867849173537494188479403098506783779643, 19433877830875220463552700368657159330748976883941597521079809318371780758290918423983197058253698598691684537729625403801075489019240440070932156216830964439162290488312425256274700221716083, 65017205747084258568433861971468576681735505262183117127463789548516765673644042994274501802698064634795451146073822207016627342206483811355475125779328658126340490013695217544733403855283162, 8188874429727846560353065810015762074320579322994245634866746934892971743490996583620538923366999752893282158728675588672716299493912917675412707911949910035475273682337179669349995890955256, 20775566322744445261977872788413691515994264279843320167757350480664152328251673788162551448309256332113210051536704829491198336810783528320280167566496031370027839033206898053033238453533257, 48031284568978624395730531918961993282336483561501831296562566391794707340753086435080623876832644442531697049430415300166048844953802418865957339472963339196833188947658896258777416995565307, 32563195284346757212502665993025673574887354605361230496376775165391900345564323289884779772699261386525559344690966852142283380372064078711007914857728752271389426555128862006515236999962240, 28483057012518884649344104341748821480885818834409746119401871050775675282905197571836768915144154427439648971888121561703597771095327625499812837772505741906424160759825193146386826063459593, 53930980508638243218159832644643784247463499913535875699823113135189423647677007362111002137255407262569476265789475281228105528759509639367694747206577814357245031868058721634098788917658150, 40862415649483342642300635142142272770684932619838474593649108275699165152831657461185841742160013583895803922332035583405193392844010131569970432378897613030382750759114962724561852402403696, 27749850223865546988932533741946988581758159285076939979369182032030620755486132418271894105015067902501750385134024097768507159362399613258387536402829654246246847094967648856140358416127750, 56384617982152146915240068645931719748974352277125868188059082258870099000097800831786615529521137390319734123967840727569869611093052949730559738482985789233954263294554769054797516678068935, 31115133333991519977397026361175302532447912304111279954627875738664168047457721703857967700638268866659187901801439319106101778450098731999632558093597583806071948327903315771034944746946586, 59838223966091843953802991234416717306155804636680940940378608503846980274776681117680629607379071285348942753670478688023508551960008779095570581591646337360520268904745569777643146568905376, 3456763768834567544290885475934806813698968477044246019969252819797995936741033097176350624484490933749846171421480185114114905037256295564744504730286928337070640641630696291725751562444023, 639518162850455777159999153770297448947864001257693657342965093352732231439897993724518032049178514711960617967112598444150434897636742692222508049844882738467501375736999768673049398919310, 25261585586812952646823487572502519854389378759224628336148417055008633144506211939973809749092911026617491077545068051786855624512159941833451679770032563801901896151831736445520546084594535, 35160047263835706995294681603763085905932800663226726121389702290067263915149759598640906783095930257903699342700107050707520221310637129035814334828478882300255623019226382389214520057748189, 53310949924711572059794167502218937136263660667796422150385168603861966119605253223935181108229467154131995550533181634744819266859869007427951611316339176610823528976129929706582644027261912, 35147670673552002337047366813761093542246398791942072030905142174139275204848914390963158513445685900917434695976385858726366168119968864015475229674097149836429516375598438098894097241381286, 43408429378496743190420631062753899342762752283216901034356468525835100647873950784409283581016138175365607951158461197221932513552154271306326246974977368912067408395615183737285582890355219, 62063243142996555789968157484514524428605225613462931518845757862551154803259618975012392512308390297391607137192369588574760402323098218226733568112333684696896132413803959874632668796925195, 29953414111677781148365843776584036369083684968564888711035011195907351104925203592329838330317829467057510484075806635221103899055417745695085248000410891607596279984244940339194434982013004, 55432024164789800960727220597769070602035192642662159635957174023648088681720411917910618727539451448731058046829639308430283845089282429868900932678456352501843136131326432425615765666212605, 12979040575404576229537812044383388897949654366232719630637554423104641601920187154244742986152741578630716176503979974583287817527977641533770957610974768954841315897996057411126838458341949, 28034543865922560637979586151866062247799749977236725564929921967660611498837391625628284588308761589312591838937671884230474731314934593800917290665749169329473846128367253686482251808925664, 3941639917559710914025101564121333907551155571314300900811152596040368140016282612171026141223893639718244775249175433563072372087546077397446893152673009619644659770178968395643090844583613, 42830349355638513429827810786362385026948512772311196448564335380439950197545328396207563914494901136818397754395167690076094567485833416657116518512426107891992364598284164966280091137920458, 38997132984072874822421888377506096511039936040769519298934352313604813766017734610151502777902210903688564422123974900155842790267541850419313988610605830516616224974634871241106942111219845, 54210110754088967067315964096587042449168680279768400759586356225363764630643007236999143002647808237164239425772026237432818155019042658425965558280998728727610593160746548717363274627830859, 50879328687687675480154511416262566808630194130916080280086255138658224178428796738252263016989969830225824538238435472317454714413847041084256518790302700004175350774594916898879199055449231, 26023299310243914651030026596419866104312679443426851461874608983882093485742266321737355011518500091411221417616463415756726482082879792907887793655777680530254048514492996421464868513194388, 29301706370902833399774598024654294991344557581023254655293247856325774310049316893941808695766646499303819941092790694817023155093654867702429825908658780586011187389542494167855761814524940, 32560030972480497622480215966254596334958777321842540613896120664791443051099580799010197534005295613262122541066132741053168147261847511520675416842108101073019271341744192220863001015199022, 29757462891666562833730174009602373370415158570078222137090825813746437049093264228102449764082125543133788915396574929023203871095193626397321327267652134551493909430159103570312332729351522, 64459134194706692488396596394571903708861478528388559079696563792662335118632031609303754770096849888318922327693110116984103101647278770492826855367504906783159678414280229400323610061254019, 55452903178502862203020377926960730221198560235145112323095592309138688647618435944960338169215158378613023704811018468816179266993048656660586773112805076508761694121938389047188178324495918, 59320842273581200814374580521249849373647782130258748463253694406410931184494190999751077442247065548643179061567904610845997711905725281621191049773282963557397538218052041818251182752855439, 38736946067722633260112934455103480084935521414048903461452081057476183572473891596979271094642633065094097057084480877422239993042490315071847987808459186366301502467739201235764725358099087, 48721265894156056905952277095533768016609338768209191233561001123757081793170838939523702731776299671575698127926914511487545460587417729068164923992347969138520141343433790350345377986479148, 5475207699965395470393579141953600867600173218206818552094130127751683349451988467757695673358755456380644170189358488762120980972664018885510713672579785198564865857476336299583404859080852, 67695389728835377674172629756031445137399079340547787290150686507807264781193498682842999529683223182234763029178402738188970086953042799701404966347034660785705075925590410563611335165983350, 46776092001348576617421889840236100180345594585639924838310267405650336036663380104676765695439447446143124691712123421359270575987911363202808321442151983063806327798102151242813459219459744, 41937597179884180181242301155443115984094166390258847769445588221477093838538281231848272023055750547021108442927726159738154997749942224806706940982252848154589170171334691098056876465147336, 4003014865058025393533504307926074656608093219404964640538086997963900031200037203899533531135628468138050021631126700323807732791794667571338542803851674232275569366355911240600688202102866, 45406102663642647104140931820921143343270063883778513614493317214350564991814237722878099820249907793588946050885220215003056351955817651419322062620176828079550489326343177068211524169912040, 23014165717629449611190356930094563210033936763414245226023820703971476574457631394108476109255551592313361711016419523520588285769699177030751974190097775866427425539442237771448326548034275, 43225001657474200007932772557429690026662033490644944399526906849081564577686183246048969793154334910331511578019627631014514241152004962740295438541930061305001981197062444464828234195559192, 52509162762528958589670364982641047311854466386843277025234841887423607667267850969270231342922748026561180551538540539290696578476711628732447606991596679477090101214510146032393649349643037, 28797431586590073476588188173362840801113140351970709154074176241504973868515373059546982369779502298480872256656476486431986538949037113446759919164924331424392536635870557873131475938817299, 45361152174518659461020602436692456449724776463168120575083428514583178288046088169053453375429210956926182911956742771211313667810885868097009790861986028474838306331287757430178819946566610, 15380450561918355055245454161527001830868660056598917675852923772013647272467000077866507194835897554135066162838660780328417694192008286066672910918123981615670588037120069252207725542463361, 66019949159914440685344527064005717374006378783943873831604106115025477109004857519374629680722736393442035301303434089288807527458370131908898660408381190388858450832351984147633756523494466, 48948292762926461916919536945081749904379725880887619884999184033061027908318959826991816318842982154211413421886377904979858727833510903790630304066936828475221974411135578334563344217472543, 3527341687278911271956145478053519250176177937252844851614028375626143635753150080167006992068777111081166583688216224909154616441293419458231849264545221506127711402537411158914384303879220, 32539461940627748411902230101302306466719370137054958513819989872959631111358628018103961491734857981749175653822287531991487047256730245455896936197371853880540885730256343803322422381234515, 57157858829204520510453480860034245362991150577514805511357200511447732145262970109999824039798209555017666461642300834233548995987938422223901680238762743376010788523168374250171614659956455, 31192991614361009946669065070395025091968747451251592982471570936561465016675319968692592389438933937577253169643880190528787575170767165841553562479245154197643965414718661724029518593092668, 22592379519409093893292356746568269411853101104868995832559958752300526781480391073843119695003664129035329865666642438034559347688735554935667960343515050463160412913977310129949573447643213, 325369832108200398797440635780375611059505243752868554519873339249396636081895752876423902400932208443280036379942027921704463490733908054910750705349841366505227927534728424753210880576975, 2384382008334415397610025335389148728483566837970228938185577218203422688213640277349573466352851415613066491896946104601344915670959432029394194564806649706844162238145781132217328012835715, 8051336083358793626954953703697880493616832419712182100626895581416015247073049484503144172098868895223245709322792324705393193906253025656600481573383453528236045540840413671373616148363294, 45134925503782832463775660225620930914905263704452536646943762978515563862243324073772517234195426573985736742200485292848751771568996039940886511862724066246220458933238442048987723554513991, 53101534689779308280867973149332884963021228936129427200558388054891133014723497463717374754372036989650559678552556630284513183126741553467809576910961566956292989159266523211322502389459953, 44408568216896251942815031411308255717682137393714107336247389734417923007067647580982776730634518044181603269216143397627867354479549886303448714096306899588545605497929285618898755708719307, 56902862149658285995758534254388859518382986869499932955211183630059916197260768733176229301620995679535171050134955328198435287279846722984422114630983412678413937629572790392004202445033026, 43980959840611979948694677481058008886117037851579378889158255760573953527360105045824573559591090370199498846891462715966766290597424268344589189046684067375832458826868863719436501538910559, 38491468623099140528110697466957718524255557114017551747234077327183353842307451786340659109634928353002574028220585574231319267087306634206509569463868080230728671552704629739753014897540855, 47065929825774482666719823773545730419069109352650002214391081872515481193878087049276042401267875126290857853447435644023066012489435920106283813160481646583683275952814626003590088580984216, 48813355116732421112951659863821796591374414277836234197912045423463566205202844255398927297215375956938837736252806970199036327958830119549269850683176125849809935569564220327108626773317062, 15718765671029537100536056270679564984267601777335619839691558713284072119748937347166175134400053416202267376953877049338792232031376457792178818974580953567874622793390788079159742881843381, 2829941129158194146177796043143911829979687983542974205120006902020133349177459425302147786860520202184160755485308119156508599258251081778018142791223053210426415272391869667527086787171925, 61382221041047358343902504988132254985702194617090777778072313410012447911832532105159051073276343280153910136582550289624201753143610516465502247796145314794897916228875726989667313341299165, 12486127848571087791720332627480305104009293963747823794461304187398551879575002042464924513973040483382779076359205334073666171368112967800858047078661988733293243945378109700451735011623489, 25765114657442350294929129174136223538924650521057172279891292475996043546540499925060159886196500459260512251507657449481693342549653120797826801229874198824732411184568685264027273448064627, 32560292454586292451337763245784879601520617993317195746191188731642131934818013761458612580503991689131770730802363520986295400860660262314997403495664024703949339137694907911273773148248364, 41279607445881719596292902006756743240201943533642508845421832820286579292635419559332591553293634657815840156134493075291502797902922617784593229645366061649372663285267682587727424163032076, 5026288039942223440679504868744883016675927454083115530156897126360403755867564348632932914929474020946426158444349491887102235279820032001282122690109080291935135083056302062176475727818426, 1885638356605627080844162270199106958695249007680523206251451302927835077990852045470549220386486923005620439434196374155000604374685725347360873617737843518018017679336422801247011624678499, 47751030409280093143658446712295271897807986563894265061473640749841753122597695749627609546074161936177534497713873939511165303358560252542203698591265891834826765905759119091744743267486639, 39476148461090701868802844682781949221430450623502857507219187400341153662206793460838767395924533323318861171696672654435325610993852035305139739330629594839751320230677208812326444883218278, 20800988387487578722561980823761759882117929656986996300574419286720484770803725469321257783330834185074131386130699161242604408848472805044058799738348222634281607097406382352074095914895180, 45742744711909970519354109349522843494178839125867787398041630208254939607370510570522906378231862285668265548691856481277221992968801260313769428128712391060083898918087174473568769915041944, 46372953350072902526042574299467715063746976270440450611284191372466364804001640085802168169389507384793865639147292090162518190108604970254706589777022385268385632068293316343403465376088678, 22564030347041978031409441300674168766206966097011798833973337893649683783425460783341073634080800673577758095366649661558474109347469026262666550572721208170453915585761882935936997337867996, 52378722700037591215181818032673671490996107022904418995329767262643676899140527616064755006698830428709856375535002089961124861630113488626035913155752365619994602367084668039635942602981817, 32982324229284358791511753415907488339705637019779024051328408131249153511749164001180637299949877506528943159288179690893841321314955678968942933535028943589221105330688291211075288187541527, 8660643945643470552319010824159044723212686154599362421241600291490689521777021510414092570893864099806970261650743146047462532989315808400102949826303378831717576280597009123879234926477742]
nbit = len(pubKey)

encoded = 2909652231728425569265625007321857718037015065371024969749755798435259464059989111244871339170285374831492428686001065467924762064728730478201051298880204350975166751623773250187162351346224749
print("start")

A = Matrix(ZZ, nbit + 1, nbit + 1)

for i in range(nbit):
A[i, i] = 1

for i in range(nbit):
A[i, nbit] = pubKey[i]

A[nbit,nbit] = -(encoded)
res = A.LLL()
for i in range(0, nbit + 1):

M = res.row(i).list()
flag = True
for m in M:
if m != 0 and m != 1:
flag = False
break
if flag:
print(i, M)
M = ''.join(str(j) for j in M)

M = M[:-1]
M = hex(int(M, 2))[2:-1]
print(M)

sage运行得到

得到

1
495343437b4475417a2d753543732d43527a6c7

hex解密

最后flag为

1
ISCC{DuAz-u5Cs-CRzl}

ISCC2023

好看的维吾尔族小姐姐

题目描述:

1
五十六个民族,五十六支花,五十六个兄弟姐妹是一家。现如今,民族团结的思想早已深入人心,而维吾尔族又是中华民族的重要组成部分,解决本题需要各位解题人知晓维吾尔族同胞的说话方式。

下载附件

无后缀文件,010查看

加后缀.png查看文件

宽高一把梭

DataMatrix条码

什么是 Data Matrix 码?|二维码基本知识|学习条码规格和读取技术的站点“条码信息和贴士”|基恩士

对照正常DataMatrix条码位置不对,使用ps进行翻转

DataMatrix扫码

得到

1
;521#&;33#&;101#&;011#&;111#&;001#&;801#&;801#&;101#&;911#&;59#&;611#&;501#&;59#&;611#&;111#&;301#&;59#&;711#&;111#&;121#&;321#&;76#&;76#&;38#&;37#&

reverse

得到

1
&#73;&#83;&#67;&#67;&#123;&#121;&#111;&#117;&#95;&#103;&#111;&#116;&#95;&#105;&#116;&#95;&#119;&#101;&#108;&#108;&#100;&#111;&#110;&#101;&#33;&#125;

unicode解密

最后flag为

1
ISCC{you_got_it_welldone!}

人生之路

题目描述:

1
2
3
人生之路充满着迷茫,也许成功的密码就在脚下,也许需要我们行走四方,也许我们旅途的记录会发生整体漂移,也许我们已经记不清走了多少路,分不清旅途的方向(flag以大写字母组成)。

提示1:windows下大图标模式查看,成功的密码就在脚下!

下载附件

根据提示密码就在脚下,图片脚下就是文件名,所以文件名就是压缩包密码

1
人生之路.jpeg

解压压缩包

得到

1
sOpXhOpXsO pOhXsOhXpO pOhOsO pOhOsO pXhXpXsXhXsX sOpOhOpXsO hOsO hOlOsOhXpO hOlOsOhXpOsOhX pOhOsO hOsOlO sOpOhOpXsO hOlOsOhOpO sOpOhXsOpOhXsO hOsO sOpXhOpXsO hsXlsXhpXhX pOlOsOhOhsX hOlOsOhXpO hOsO sXhXsXpXhXpX 

凯撒解密

得到

1
dZaIsZaIdZ aZsIdZsIaZ aZsZdZ aZsZdZ aIsIaIdIsIdI dZaZsZaIdZ sZdZ sZwZdZsIaZ sZwZdZsIaZdZsI aZsZdZ sZdZwZ dZaZsZaIdZ sZwZdZsZaZ dZaZsIdZaZsIdZ sZdZ dZaIsZaIdZ sdIwdIsaIsI aZwZdZsZsdI sZwZdZsIaZ sZdZ dIsIdIaIsIaI

Z代表移动2格,I代表移动1格,a代表左,w代表上,s代表下,d代表右,

如果wasd两个连着,例如wa对应左上,sd对应右下

字典对应

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
A sZwZdZsIaZdZsI
B sZwZdZsZaZdZsZaZ
C aZsZdZ
D sZwZdZsZaZ
E dZaZsIdZaZsIdZ
F dZaZsZaIdZ
G aZsZdZwIaI
H sZwIdZwIsZ
I dZaIsZaIdZ
J dZaIsZaI
K sZwIdIdwIsaIsdI
L sZdZ
M wZsdIwdIsZ
N wZsdZwZ
O sZdZwZaZ
P sZwZdZsIaZ
Q aZwZdZsZsdI
R sZwZdZsIaZdZsI
S aZsIdZsIaZ
T dZaIsZ
U sZdZwZ
V sIsdIdwIwI
W sdZwdZsdZwdZ
X sdZwaIwdIsaZ
Y sdIwdIsaIsI
Z dZsaZdZ
{ aIsIaIdIsIdI
} dIsIdIaIsIaI

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import string
c="dZaIsZaIdZ aZsIdZsIaZ aZsZdZ aZsZdZ aIsIaIdIsIdI dZaZsZaIdZ sZdZ sZwZdZsIaZ sZwZdZsIaZdZsI aZsZdZ sZdZwZ dZaZsZaIdZ sZwZdZsZaZ dZaZsIdZaZsIdZ sZdZ dZaIsZaIdZ sdIwdIsaIsI aZwZdZsZsdI sZwZdZsIaZ sZdZ dIsIdIaIsIaI".strip()
a=c.split(" ")
a=list(a[0])
p=0
for i in a:
if i in string.ascii_lowercase:
i=chr((ord(i)-97+p)%26+97)
while i not in "wasd":
i=chr((ord(i)-97+1)%26+97)
p+=1
elif i in string.ascii_uppercase:
i=chr((ord(i)-65+p)%26+65)
while i not in "ZI":
i=chr((ord(i)-65+1)%26+65)
p+=1
a=list(c)
for i in range(len(a)):
if a[i]==" ":
pass
else:
if a[i] in string.ascii_lowercase:
a[i]=chr((ord(a[i])-97+p)%26+97)
elif a[i] in string.ascii_uppercase:
a[i]=chr((ord(a[i])-65+p)%26+65)
a="".join(a)
a=a.split(" ")
map={
"saIsIwIdIwaIsdIsI": "A",
"sZwZdZsZaZdZsZaZ": "B",
"aZsZdZ": "C",
"sZwZdZsZaZ": "D",
"dZaZsIdZaZsIdZ": "E",
"dZaZsZaIdZ": "F",
"aZsZdZwIaI": "G",
"sZwIdZwIsZ": "H",
"dZaIsZaIdZ": "I",
"dZaIsZaI": "J",
"sZwIdIdwIsaIsdI": "K",
"sZdZ": "L",
"wZsdIwdIsZ": "M",
"wZsdZwZ": "N",
"sZdZwZaZ": "O",
"sZwZdZsIaZ": "P",
"aZwZdZsZsdI": "Q",
"sZwZdZsIaZdZsI": "R",
"aZsIdZsIaZ": "S",
"dZaIsZ": "T",
"sZdZwZ": "U",
"sIsdIdwIwI": "V",
"sdZwdZsdZwdZ": "W",
"sdZwaIwdIsaZ": "X",
"sdIwdIsaIsI": "Y",
"dZsaZdZ": "Z",
"aIsIaIdIsIdI": "{",
"dIsIdIaIsIaI": "}"
}
for i in a:
print(map[i],end='')
print()

运行得到

画图是这样的

最后flag为

1
ISCC{FLPRCUFDELIYQPL}

菜鸟黑客-1

题目描述:

1
找出菜鸟黑客小明留下的flag文件

下载附件

r-studio打开

导出文件

得到

1
2
这个人有个坏习惯, 他总爱用同一个密码
DES{U2FsdGVkX19WerE/OZodh7liigwc7fzf8eWqByR8ixxENEvPwPpWzm2EL2f90UXO}

DES密码,但是没有密钥,根据提示同一个密码,查看Administrator的密码

DES解密,密钥是ISCC2023

最后flag为

1
ISCC{dbsy_cdis_fd7n_s4fd}

菜鸟黑客-2

题目描述:

1
爱画画的菜鸟黑客小明尝试攻击了一台电脑,电脑中记录了他的百感交集的心情。

附件和菜鸟黑客-1一样

lovemem载入,文件扫描搜索关键字jpg

找到emoji.jpg,导出文件查看

foremost提取

发现有密码,联想之前同一个密码考虑密码是

1
ISCC2023

解压压缩包

得到

1
2
维吉尼亚密码曾多次被发明。该方法最早记录在吉奥万·巴蒂斯塔·贝拉索( Giovan Battista Bellaso)于1553年所著的书《吉奥万·巴蒂斯塔·贝拉索先生的密码》(意大利语:La cifra del. Sig. Giovan Battista Bellaso)中。然而,后来在19世纪时被误传为是法国外交官布莱斯·德·维吉尼亚(Blaise De Vigenère)所创造,因此现在被称为“维吉尼亚密码”。
MEQL{invk_vhlu_dzel_lkof}

维吉尼亚密码,但是没有密钥,再次联想同一个密码,使用ISCC2023解密发现不行

考虑还是从内存文件入手,查看记事板信息

注意符号的眼睛

摩斯密码

圆眼睛(睁着的)为. 长眼睛(闭着的)为 -

1
. -- --- .--- .. .. ... ..-. ..- -.

摩斯解密

得到

1
EMOJIISFUN 

维吉尼亚解密

最后flag为

1
ISCC{afdf_buhi_pqwd_tfus}

汤姆历险记

题目描述:

1
汤姆来了,汤姆过来了,来听听汤姆的历险记!

下载附件只有一个tom.png和一个对照表

foremost分离图片

010查看文件末尾发现奇怪编码

词频统计

得到

1
{yasuobpwrd91702!@$%^&*}

解压压缩包

全选进行首行缩进

效果如图

单倍行距的为. 1.5倍行距为-

1
.. ..--- ... ----- -.-. ..--- -.-. ...--

摩斯解密

打开dictionary.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
0:m
1:i
2:g
3:2
4:4
5:f
6:0
7:3
8:q
9:v
a:n
b:c
c:x
d:r
e:1
f:j
g:7
h:b
i:p
j:s
k:u
l:z
m:a
n:o
o:t
p:e
q:k
r:8
s:d
t:5
u:6
v:h
w:9
x:w
y:l
z:y

单表替换

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
replaces = {
'0':'m', '1':'i', '2':'g', '3':'2', '4':'4', '5':'f', '6':'0', '7':'3', '8':'q', '9':'v',
'a':'n', 'b':'c', 'c':'x', 'd':'r', 'e':'1', 'f':'j', 'g':'7', 'h':'b', 'i':'p', 'j':'s',
'k':'u', 'l':'z', 'm':'a', 'n':'o', 'o':'t', 'p':'e', 'q':'k', 'r':'8', 's':'d', 't':'5',
'u':'6', 'v':'h', 'w':'9', 'x':'w', 'y':'l', 'z':'y'
}

key = "ISCC{i2s0c2c3}"
flag = ''
for char in key:
flag += replaces.get(char, char) # 存在则替换,否则保留原字符

print(flag) # 输出: ISCC{pgdmxgx2}

运行得到

最后flag为

1
ISCC{pgdmxgx2}

消息传递

题目描述:

1
消息是如何传递的呢(思考...)

下载附件

打开流量包,导出IMF对象

打开picture.eml文件

得到压缩包,解压压缩包发现有密码

ctfnat-A一把梭

得到压缩包密码

1
WRWAALIUWOHZAPQWFTQIPMVJFOKHHZUZ

解压压缩包

黑白转二进制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
from PIL import Image
result = ""
for i in range(1,112):
img = Image.open(f"D:\\tmp\\picture\\{i}.png")
im_RGB = img.convert("RGB") # 将图片转换为RGB模式
r,g,b =im_RGB.getpixel((1,1)) #获得x,y坐标的rgb值
print(r,g,b)# 这题中白色图片rgb值:255,255,255 黑色图片rgb值:12,12,0
if r !=255: #255是白色
result +="1"
else:
result +="0"
#将二进制转换为ascii码
for i in range(0,len(result),8):
byte = result[i:i+8]
print(chr(int(byte,2)),end="")

运行得到

得到

1
ISCC{i2s0c2c3>

打开dictionary.txt

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
0:9
1:l
2:f
3:m
4:s
5:i
6:p
7:w
8:d
9:j
a:t
b:6
c:e
d:5
e:3
f:r
g:4
h:2
i:0
j:q
k:a
l:h
m:b
n:1
o:v
p:c
q:x
r:n
s:k
t:o
u:8
v:z
w:7
x:u
y:y
z:g

单表替换

1
2
3
4
5
6
7
8
9
10
11
12
13
14
replaces = {
'0':'9', '1':'l', '2':'f', '3':'m', '4':'s', '5':'i', '6':'p', '7':'w', '8':'d', '9':'j',
'a':'t', 'b':'6', 'c':'e', 'd':'5', 'e':'3', 'f':'r', 'g':'4', 'h':'2', 'i':'0', 'j':'q',
'k':'a', 'l':'h', 'm':'b', 'n':'1', 'o':'v', 'p':'c', 'q':'x', 'r':'n', 's':'k', 't':'o',
'u':'8', 'v':'z', 'w':'7', 'x':'u', 'y':'y', 'z':'g'
}

key = "ISCC{i2s0c2c3}"
flag = ''
for char in key:
# 只替换规则中存在的字符(注意:规则只包含小写字母和数字)
flag += replaces[char] if char in replaces else char

print(flag) # 输出: ISCC{0fk9efem}

运行得到

最后flag为

1
ISCC{0fk9efem}

通讯方式

题目描述:

1
在我们国家,我们使用微信就可以进行扫码、发消息等信息传递工作,你知道过去我们使用什么方式来传递消息吗?

下载附件

左右声道差分

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
import scipy.io.wavfile as wavfile
samplerate, data = wavfile.read('D:\\tmp\\telegram2wechat.wav')
left = []
right = []
for item in data:
left.append(item[0])
right.append(item[1])
diff = [left - right for left, right in zip(left, right)]
# print(diff)
a=''
for i in diff:
if i !=0:
a+=str(i)
with open('D:\\tmp\\11.txt','w+') as f:
f.writelines(a)

运行得到

2替换0,01转二维码

扫描二维码

得到

1
5337 5337 2448 2448 0001 2448 0001 2161 1721 1869 6671 0008 3296 4430 0001 3945 0260 3945 1869 4574 5337 0344 2448 0037 5337 5337 0260 0668 5337 6671 0008 3296 1869 6671 0008 3296 1869 2161 1721 

中文电码解密

得到

1
艾艾斯斯一斯一括弧恩达不溜科一由偶由恩第艾克斯之艾艾偶可艾达不溜恩达不溜恩括弧

改下

1
艾艾斯斯一斯一左括弧恩达不溜科一由偶由恩第艾克斯之艾艾偶可艾达不溜恩达不溜恩右括弧

对照表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
"艾一":"A",

"比":"B",

“斯一":"C",

"第":"D",

"易":"E",

"艾福":"F",

"鸡":"G",

"艾吃":"H",

"艾":'I',

"之艾":"J",

"可艾":"K",

"艾偶":"L",

"艾木":"M",

"恩":"N",

"偶":"O"

"皮":"P",

"科一由":"Q",

"啊':'R',

"艾斯":"s",

"替":'T',

"由":"U",

'危': 'V',

"达不溜":"W",

"艾克斯":"X",

"歪":"Y",

"滋一":"Z",

"左括弧":"{",

"右括弧":"}",

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
def main():
# 定义替换表
substitution_table = {
'艾一': 'A', '比': 'B', '斯一': 'C', '第': 'D', '易': 'E', '艾福': 'F',
'鸡': 'G', '艾吃': 'H', '艾': 'I', '之艾': 'J', '可艾': 'K', '艾偶': 'L',
'艾木': 'M', '恩': 'N', '偶': 'O', '皮': 'P', '科一由': 'Q', '啊': 'R',
'艾斯': 'S', '替': 'T', '由': 'U', '危': 'V', '达不溜': 'W', '艾克斯': 'X',
'歪': 'Y', '滋一': 'Z', '左括弧': '{','右括弧': '}'
}

# 密文
ciphertext = "艾艾斯斯一斯一左括弧恩达不溜科一由偶由恩第艾克斯之艾艾偶可艾达不溜恩达不溜恩右括弧"

# 执行替换
plaintext = decrypt(ciphertext, substitution_table)

# 输出结果
print(f"解密后的明文: {plaintext}")

def decrypt(ciphertext, table):
"""根据替换表对密文进行解密"""
# 按最长匹配原则分割密文并替换
result = []
i = 0
while i < len(ciphertext):
# 尝试从最长可能的键开始匹配
found = False
for length in range(4, 0, -1): # 假设最长键为4个字符
if i + length > len(ciphertext):
continue
substr = ciphertext[i:i+length]
if substr in table:
result.append(table[substr])
i += length
found = True
break
if not found:
# 如果没有匹配,添加原始字符(可能是密文有误)
result.append(ciphertext[i])
i += 1
return ''.join(result)

if __name__ == "__main__":
main()

运行得到

最后flag为

1
ISCC{NWQOUNDXJLKWNWN}

你相信AI吗?

题目描述:

1
经典的算法,经典的数据,但也许会出现不一样的结果?

下载附件

直接读取txt文件内容,转成像素填入,得到手写数字的结果

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import numpy as np
from PIL import Image
import os

# 创建保存PNG的目录(如果不存在)
os.makedirs('D:\\tmp\\png', exist_ok=True)

# 图像宽度(假设所有文件使用相同的宽度)
width = 28

for i in range(32):
try:
# 正确拼接文件路径
input_path = f'D:\\tmp\\dataset\\{i}.txt'

# 读取浮点数数据
with open(input_path, 'r') as f:
data = f.read()
data = np.fromstring(data, sep='\n')

# 检查数据是否为空
if len(data) == 0:
print(f"警告: 文件 {input_path} 为空,跳过")
continue

# 计算图像高度
height = len(data) // width

# 验证数据长度是否能被width整除
if len(data) % width != 0:
print(f"警告: 文件 {input_path} 的数据长度不能被 {width} 整除,将被截断")

# 将浮点数转换为 8 位无符号整数
data = np.clip(data, 0, 255)
data = data.astype(np.uint8)

# 重塑数组并创建图像
img_data = data.reshape((height, width))
img = Image.fromarray(img_data)

# 保存图像
img_path = f'D:\\tmp\\png\\{i}.png'
img.save(img_path)
print(f"成功保存图像: {img_path} ({width}x{height})")

except Exception as e:
print(f"处理文件 {input_path} 时出错: {str(e)}")

运行得到

1
859 685 853 876 852 859 856 638 851 687 688 851 857 873 899 661 828 857 669 827 857 859 828 660 859 687 669 872 825 878 870 805

手写模型搞不出来

原来附件应该是

爆破密文

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
import string
import itertools
import contextlib
from base64 import b64decode
import time
from tqdm import tqdm # 需要安装:pip install tqdm

def has_visible_bytes(input_bytes):
"""检查字节序列是否全为可见字符"""
return all(chr(byte) in string.printable for byte in input_bytes)

def main():
# 密文处理
cipher_text = '51 59 75 95 56 46 664 636 52 57 685 77 56 50 688 669 56 682 688 687 25 73 680 684 22 685 28 633 683 56 96 96'.split(" ")

# 计算总排列数
total_permutations = 3628800 # 10!

# 记录开始时间
start_time = time.time()

# 使用tqdm显示进度
with open("out.txt", "wb") as f:
try:
# 使用tqdm包装排列迭代器
for i in tqdm(itertools.permutations("0123456789", 10), total=total_permutations):
# 创建数字映射表
maktrans = str.maketrans("0123456789", ''.join(i))

# 转换密文
lis = [str.translate(num, maktrans) for num in cipher_text]

# 尝试转换为字节序列并检查
with contextlib.suppress(Exception):
plan_text = bytes(list(map(lambda x: int(x), lis)))
if has_visible_bytes(plan_text):
try:
decoded = b64decode(plan_text)
if b'ISCC{' in decoded:
print(f"找到可能的flag: {decoded.decode('ascii', errors='ignore')}")
f.write(plan_text + b"\n")
except Exception as e:
pass # 忽略Base64解码错误
except KeyboardInterrupt:
elapsed_time = time.time() - start_time
print(f"\n程序被用户中断。已运行时间: {elapsed_time:.2f}秒")

if __name__ == "__main__":
main()

运行得到

最后flag为

1
ISCC{2aiLA7mBgdlxbrVs}

ISCC2024

工业互联网模拟仿真数据分析

题目描述:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
1.	题目一:在某些网络会话中,数据包可能保持固定大小,请给出含有此确定性特征的会话IP地址和数据包字节大小值。
答案:IP地址:XX.XX.XX.XX,XX.XX.XX.XX,…,数值:XX
(补充说明:IP顺序从小到大排列,涉及的IP个数由选手自己判断)
2. 题目二:通信包数据某些字段可能为确定的,请给出确定字节数值。
答案:XX
3. 题目三:一些网络通信业务在时间序列上有确定性规律,请提供涉及的IP地址及时间规律数值(小数点后两位)
答案:IP地址:XX.XX.XX.XX,XX.XX.XX.XX,…,数值:XX
(补充说明:IP顺序从小到大排列,涉及的IP个数由选手自己判断)
4. 题目四:一些网络通信业务存在逻辑关联性,请提供涉及的IP地址
答案:XX.XX.XX.XX,XX.XX.XX.XX,…
(补充说明:IP顺序从小到大排列,涉及的IP个数由选手自己判断)
5. 题目五:网络数据包往往会添加数据完整性校验值,请分析出数据校验算法名称及校验值在数据包的起始位和结束位(倒数位)
答案:XXXXX,X,X
(补充说明:数据校验算法名称长度为5个字符,其中英文字母大写)

下载附件

word文件具体讲了题目和wireshark的使用方法

flag.py文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import hashlib

def generate_flag(*answers):
# 将所有答案使用英文逗号连接
combined_answers = ','.join(answers)
# 生成flag格式
initial_flag = f"ISCC{{{combined_answers}}}"
# 对flag进行MD5加密
md5_hash = hashlib.md5(initial_flag.encode()).hexdigest()
return md5_hash

# 示例用法
if __name__ == "__main__":
# 每道题目的所有填空写在一个字符串中
answers = [
"IP1,IP2,...,NUM", # 第一小题答案:IP顺序从小到大排列,涉及的IP个数由选手自己判断,数值为整数
"XX", # 第二小题答案:数值为整数
"IP1,IP2,...,NUM", # 第三小题答案:IP顺序从小到大排列,涉及的IP个数由选手自己判断,数值保留小数点后2位
"IP1,IP2,...", # 第四小题答案:IP顺序从小到大排列,涉及的IP个数由选手自己判断
"NAME,X,X" # 第五小题答案:数据校验算法名称长度为5个字符,其中英文字母大写
]
# 生成MD5加密后的flag
final_flag = generate_flag(*answers)
# 输出最终的MD5加密字符串
print(final_flag)

意思是最后的结果需要进行MD5加密进行提交

第一问:
1
2
3
题目一:在某些网络会话中,数据包可能保持固定大小,请给出含有此确定性特征的会话IP地址和数据包字节大小值。
答案:IP地址:XX.XX.XX.XX,XX.XX.XX.XX,…,数值:XX
(补充说明:IP顺序从小到大排列,涉及的IP个数由选手自己判断)

wireshark的过滤器筛选,发现只有192.168.1.2à192.168.1.4的Length大小不变

1
(ip.src == 192.168.1.2) && (ip.dst == 192.168.1.4)

这题答案是

1
192.168.1.2,192.168.1.4,24
第二问:
1
2
题目二:通信包数据某些字段可能为确定的,请给出确定字节数值。
答案:XX

tshark -r a.pcap -T fields -e data.data -Y “data.len==12”

发现data字段的前四位都是2024

这题答案是

1
2024
第三问:
1
2
3
题目三:一些网络通信业务在时间序列上有确定性规律,请提供涉及的IP地址及时间规律数值(小数点后两位)
答案:IP地址:XX.XX.XX.XX,XX.XX.XX.XX,…,数值:XX
(补充说明:IP顺序从小到大排列,涉及的IP个数由选手自己判断)

wireshark的过滤器筛选,发现只有192.168.1.3,192.168.1.5的每帧的间隔都大致为0.06

这题答案是

1
192.168.1.3,192.168.1.5,0.06
第四问:
1
2
3
题目四:一些网络通信业务存在逻辑关联性,请提供涉及的IP地址
答案:XX.XX.XX.XX,XX.XX.XX.XX,…
(补充说明:IP顺序从小到大排列,涉及的IP个数由选手自己判断)

看文末的流量分组,就能看出这三个IP是有业务关联性的

这题答案是

1
192.168.1.2,192.168.3,192.168.1.6
第五问:
1
2
3
题目五:网络数据包往往会添加数据完整性校验值,请分析出数据校验算法名称及校验值在数据包的起始位和结束位(倒数位)
答案:XXXXX,X,X
(补充说明:数据校验算法名称长度为5个字符,其中英文字母大写)

五位数字,首先想到CRC16和CRC32 倒数位必为1
为CRC16,4,1时成功提交

这题答案是

1
CRC16,4,1

最后使用题目附件给的 flag.py 生成flag

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
import hashlib

def generate_flag(*answers):
# 将所有答案使用英文逗号连接
combined_answers = ','.join(answers)
# 生成flag格式
initial_flag = f"ISCC{{{combined_answers}}}"
# 对flag进行MD5加密
md5_hash = hashlib.md5(initial_flag.encode()).hexdigest()
return md5_hash

# 示例用法
if __name__ == "__main__":
answers = [
"192.168.1.2,192.168.1.4,24", # 第一小题答案:IP顺序从小到大排列,涉及的IP个数由选手自己判断,数值为整数
"2024", # 第二小题答案:数值为整数
"192.168.1.3,192.168.1.5,0.06", # 第三小题答案:IP顺序从小到大排列,涉及的IP个数由选手自己判断,数值保留小数点后2位
"192.168.1.2,192.168.1.3,192.168.1.6", # 第四小题答案:IP顺序从小到大排列,涉及的IP个数由选手自己判断
"CRC16,4,1" # 第五小题答案:数据校验算法名称长度为5个字符,其中英文字母大写
]
# 生成MD5加密后的flag
final_flag = generate_flag(*answers)
# 输出最终的MD5加密字符串
print(final_flag)
# adcca5c2a82064a17a645d35b6b054cd

运行得到

最后flag为

1
ISCC{adcca5c2a82064a17a645d35b6b054cd}

Number_is_the_key

题目描述:

1
The answers to the questions are hidden in the numbers.

下载附件

没什么发现,改后缀.zip,发现sheet1.xml里面有二维码点阵

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from openpyxl import load_workbook
from openpyxl.styles import PatternFill

# 打开Excel文件
workbook = load_workbook("D:\\tmp\\attachment-1.xlsx")

# 假设工作表名称为'Sheet1'
worksheet = workbook["Sheet1"]

# 定义黑色背景填充样式
black_fill = PatternFill(start_color='FF000000', end_color='FF000000', fill_type='solid')

# 遍历所有单元格
for row in worksheet.iter_rows():
for cell in row:
# 检查单元格的字体是否加粗
if cell.font and cell.font.bold:
# 将单元格的背景色改为黑色
cell.fill = black_fill

# 保存修改后的文件
workbook.save("D:\\tmp\\flag.xlsx")

运行得到新xlsx,调整行高列宽

扫描二维码

最后flag为

1
ISCC{p2x6Vkq5t5gQ}

FunZip

题目描述:

1
The flag is hidden in the Zip.

下载附件

一眼base隐写,直接b神工具一把梭

最后flag为

1
ISCC{IEjwrrkEW3FX}

精装四合一

题目描述:

1
分离,我们是破碎的;团结,我们将成为神。我们终将在二进制的反复与隐藏之中破解自身的密码

下载附件

使用010打开使用十六进制查找(AE 42 60 82),并且删除前面前面所有数据及AE 42 60 82

然后得到四张图片的冗余数据,然后依次打开,异或0xff异或最快速的方法可以使用010editor:十六进制然后点击二进制异或

写脚本,将每段数据的字节按文件顺序进行拼接

exp:

1
2
3
4
5
6
7
8
9
10
11
12
tp1 = open("D:\\tmp\\siheyi\\left_foot_invert.png", "rb")
tp2 = open("D:\\tmp\\siheyi\\left_hand_invert.png", "rb")
tp3 = open("D:\\tmp\\siheyi\\right_foot_invert.png", "rb")
tp4 = open("D:\\tmp\\siheyi\\right_hand_invert.png", "rb")
fp5 = open("D:\\tmp\\siheyi\\key.zip", "wb")
for i in range(3176):
fp5.write(tp1.read(1))
fp5.write(tp2.read(1))
fp5.write(tp3.read(1))
fp5.write(tp4.read(1))

fp5.write(tp1.read(1))

运行得到

修复压缩包,爆破压缩包密码

得到

1
65537

解压压缩包

删除图片,全选加修改字体颜色得到

得到

1
16920251144570812336430166924811515273080382783829495988294341496740639931651

没有c密文还是不行,尝试分离docx文件

factor分解n

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
from Crypto.Util.number import bytes_to_long, long_to_bytes
import gmpy2

e = 65537
n = 16920251144570812336430166924811515273080382783829495988294341496740639931651
p = 167722355418488286110758738271573756671
q = 100882503720822822072470797230485840381

phi = (p - 1) * (q - 1)
d = gmpy2.invert(e, phi)

# 读取加密的文件
c = bytes_to_long(open('D:\\tmp\\true_flag.jpeg', 'rb').read())

# 解密
m = pow(c, d, n)

# 将解密后的明文保存到文件
print(long_to_bytes(m))
print(c)

运行得到

也可以RSA一把梭

最后flag为

1
ISCC{515UH54TyH53144}

RSA_KU

题目描述:

1
一道简单的RSA

下载附件

1
2
3
4
5
6
7
8
9
10
11
12
n = 129699330328568350681562198986490514508637584957167129897472522138320202321246467459276731970410463464391857177528123417751603910462751346700627325019668100946205876629688057506460903842119543114630198205843883677412125928979399310306206497958051030594098963939139480261500434508726394139839879752553022623977

e = 65537

c =
75766262602173947947315858580952225983622657709089882848511404734490290076406150199798837352910981802804416097404105898476177884508640407765047095990736796975565150807456634928354833839456684311349985183993952174346191847600793718006141700899387563566150861755552512843348970189147270827332208185646688195020

#(p-2)*(q-1) =
129699330328568350681562198986490514508637584957167129897472522138320202321246467459276731970410463464391857177528123417751603910462751346700627325019668067056973833292274532016607871906443481233958300928276492550916101187841666991944275728863657788124666879987399045804435273107746626297122522298113586003834

#(p-1)*(1-2) =
129699330328568350681562198986490514508637584957167129897472522138320202321246467459276731970410463464391857177528123417751603910462751346700627325019668066482326285878341068180156082719320570801770055174426452966817548862938770659420487687194933539128855877517847711670959794869291907075654200433400668220458

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
import gmpy2
from sympy import *
from Crypto.Util.number import *

n = 129699330328568350681562198986490514508637584957167129897472522138320202321246467459276731970410463464391857177528123417751603910462751346700627325019668100946205876629688057506460903842119543114630198205843883677412125928979399310306206497958051030594098963939139480261500434508726394139839879752553022623977
e = 65537
c = 75766262602173947947315858580952225983622657709089882848511404734490290076406150199798837352910981802804416097404105898476177884508640407765047095990736796975565150807456634928354833839456684311349985183993952174346191847600793718006141700899387563566150861755552512843348970189147270827332208185646688195020
r1 = 129699330328568350681562198986490514508637584957167129897472522138320202321246467459276731970410463464391857177528123417751603910462751346700627325019668067056973833292274532016607871906443481233958300928276492550916101187841666991944275728863657788124666879987399045804435273107746626297122522298113586003834
r2 = 129699330328568350681562198986490514508637584957167129897472522138320202321246467459276731970410463464391857177528123417751603910462751346700627325019668066482326285878341068180156082719320570801770055174426452966817548862938770659420487687194933539128855877517847711670959794869291907075654200433400668220458

p = Symbol('p')
q = Symbol('q')
res = solve([(p-2)*(q-1)-r1, (p-1)*(q-2)-r2], [p, q])[1]
p = int(res[0])
q = n//p
phi = (p-1)*(q-1)
d = gmpy2.invert(e, phi)
m = pow(c, d, n)
# print(m)
print(long_to_bytes(m))

运行得到

也可以用一把梭

最后flag为

1
ISCC{YrUjF9W40uirNUcvmE--}

时间刺客

题目描述:

1
2024年10月14日早8点,小明敲键盘时候解出了flag

下载附件

ctfnat-A一把梭

得到压缩包密码

1
PR3550NWARDSA2FEE6E0

解压压缩包

时间戳隐写

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import os

# 自定义基准时间戳 (2024-10-14 08:00:00 UTC)
un_time = 1728864000.0
# 指定要读取的文件夹路径
directory = "D:\\tmp\\42" # 修改为您要读取的文件夹名称

# 检查文件夹是否存在
if not os.path.isdir(directory):
print(f"错误: 文件夹 '{directory}' 不存在!", file=os.sys.stderr)
exit(1)

# 获取文件夹中所有txt文件,并按名称排序
txt_files = sorted(
[f for f in os.listdir(directory) if f.endswith('.txt')],
key=lambda x: os.path.join(directory, x)
)

if not txt_files:
print(f"错误: 文件夹 '{directory}' 中没有txt文件!", file=os.sys.stderr)
exit(1)

# 处理每个txt文件
for filename in txt_files:
file_path = os.path.join(directory, filename)

try:
# 获取文件状态信息
file_attr = os.stat(file_path)

# 获取文件修改时间戳
mtime = file_attr.st_mtime

# 计算时间差并转换为字符
char_code = int(mtime - un_time)

# 确保字符在可见ASCII范围内 (33-126)
adjusted_code = 33 + ((char_code - 33) % 94)

# 打印对应字符
print(chr(adjusted_code), end='')

except Exception as e:
print(f"\n错误: 处理文件 '{filename}' 时出错: {e}", file=os.sys.stderr)
exit(1)

print() # 输出换行符

运行得到

最后flag为

1
ISCC{WoxK0JD55mWng27Ilg}

Where_is_the_flag

题目描述:

1
The flag is hidden. Please find where it is.

下载附件,是pyc文件

uncompyle6反编译

得到

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
from Crypto.Cipher import AES
import binascii

def decrypt(x, cipher):
key = x + "n0lve3t6r1s"
try:
aes = AES.new(key.rjust(24, "A"), AES.MODE_ECB)
cipher = binascii.unhexlify(cipher)
flag = aes.decrypt(cipher).decode()
return flag
except:
return flag


def main():
c = "27c55f4960ad314b8d3a08d9cd69cc45bc698dec61c3adf0eb35c194e21a9061"
k = input("Please input your key: ")
flag = decrypt(k, c)
if "flag" in flag:
print("Wow, you find it!!!")
else:
print("Oh no!!!")


if __name__ == "__main__":
main()

看得出来是AES加密

缺少key,考虑是pyc隐写得到key

使用剑龙隐写

AES解密

最后flag为

1
ISCC{LOlxewIbJwcs8RVzXyYw}

成语学习

题目描述:

1
我把学习资料拷贝给你一份

下载附件

ctf-natA一把梭

宽高一把梭

得到压缩包密码

1
57pmYyWt

解压压缩包

010查看文件

zip文件,加后缀.zip,解压压缩包

find命令迅速查看

1
find ./* -name fl*

查看flag.txt

得到

1
2
《你信我啊》
李维斯特指着墙上的“天大地大”边享用coconut边和你说,你千万不要拿我的食物去加密啊。

hmacmd5加密

1
2
明文;成语
密文;食物

最后flag为

1
ISCC{86bd2a65ea0d68bf231dd5c0a9c5e8c1}

钢铁侠在解密

题目描述:

1
这天钢铁侠在自己的相册旁边发现了一张字条,他觉得两个message之间指定有点东西~

下载附件

查看一张小纸条.txt

1
2
3
4
5
N = 14333611673783142269533986072221892120042043537656734360856590164188122242725003914350459078347531255332508629469837960098772139271345723909824739672964835254762978904635416440402619070985645389389404927628520300563003721921925991789638218429597072053352316704656855913499811263742752562137683270151792361591681078161140269916896950693743947015425843446590958629225545563635366985228666863861856912727775048741305004192164068930881720463095045582233773945480224557678337152700769274051268380831948998464841302024749660091030851843867128275500525355379659601067910067304244120384025022313676471378733553918638120029697
e = 52595
a=1
[message]iscc
[message]good

静默之眼隐写得到

保存并查看文件

富兰克林攻击

csdn - 安全中心

直接拿原脚本改一下就能用

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
def HGCD(a, b):
if 2 * b.degree() <= a.degree() or a.degree() == 1:
return 1, 0, 0, 1
m = a.degree() // 2
a_top, a_bot = a.quo_rem(x ^ m)
b_top, b_bot = b.quo_rem(x ^ m)
R00, R01, R10, R11 = HGCD(a_top, b_top)
c = R00 * a + R01 * b
d = R10 * a + R11 * b
q, e = c.quo_rem(d)
d_top, d_bot = d.quo_rem(x ^ (m // 2))
e_top, e_bot = e.quo_rem(x ^ (m // 2))
S00, S01, S10, S11 = HGCD(d_top, e_top)
RET00 = S01 * R00 + (S00 - q * S01) * R10
RET01 = S01 * R01 + (S00 - q * S01) * R11
RET10 = S11 * R00 + (S10 - q * S11) * R10
RET11 = S11 * R01 + (S10 - q * S11) * R11
return RET00, RET01, RET10, RET11


def GCD(a, b):
print(a.degree(), b.degree())
q, r = a.quo_rem(b)
if r == 0:
return b
R00, R01, R10, R11 = HGCD(a, b)
c = R00 * a + R01 * b
d = R10 * a + R11 * b
if d == 0:
return c.monic()
q, r = c.quo_rem(d)
if r == 0:
return d
return GCD(d, r)
#填入你的
c1 = 5017369768694090882032874151790454013801219395405287358207261245363256829248608596502248566398520888429123068081569109393280813077504052950602807292263976569549950695855034991600627474248601023155417605655770430049715209036466126332158721754416840461535178102241673458740266136324362194445284419127770862459105202409819693263389282320915294170572475633725510148135550165243317205799536627815353543347307896706247209832387038159128207210034149401836142035780479451946680015887015805801833689166356479093336955344013041439948376767333629389510835402505659305883721660844242226225426796547014196608222731396847442033989
c2 = 507384238405164894777070216936058414248957470621682465979969565874673475531556308157966971978727929187885326824096036880804838325461008248518925654961162689385362314521317488538713528411196811305410646950164637167443757506100731566433818518444499218820451016697511365389342947997664515635533495319642108557081560343565725150552083709866564355720051752298333524185795164369635622805913094004540556292465465504776524188179971013639183466958695108211645591808065992454954828366833086197711882310642589818019027277798204029101473373561664384967568947638228117979763658236419828589469635113089784255797757642551645627462
N = 14333611673783142269533986072221892120042043537656734360856590164188122242725003914350459078347531255332508629469837960098772139271345723909824739672964835254762978904635416440402619070985645389389404927628520300563003721921925991789638218429597072053352316704656855913499811263742752562137683270151792361591681078161140269916896950693743947015425843446590958629225545563635366985228666863861856912727775048741305004192164068930881720463095045582233773945480224557678337152700769274051268380831948998464841302024749660091030851843867128275500525355379659601067910067304244120384025022313676471378733553918638120029697
e = 52595

pad1 = 1769169763
pad2 = 1735356260
PR.<x>=PolynomialRing(Zmod(N))
g1 = (x*2^32+pad1)^e - c1
g2 = (x*2^32+pad2)^e - c2
X=584734024210292804199275855856518183354184330877
print(g1(X),g2(X))
res = GCD(g1,g2)
m = -res.monic().coefficients()[0]
print(m)

print(bytes.fromhex(hex(m)[2:]).decode().replace("flag{",'ISCC{'))

sage运行得到

最后flag为

1
ISCC{he_guang_tong_chen_253}

Magic_Keyboard

题目描述:

1
魔法键盘,根据键盘敲击声解出flag

下载附件

发现类似原题改编

https://github.com/apoirrier/CTFs-writeups/blob/master/PBCTF2021/Misc/GhostWriter.md

找到对应项目

shoyo/acoustic-keylogger: Pipeline of a keylogging attack using just an audio signal and unsupervised learning.

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
from acoustic_keylogger.audio_processing import *
from acoustic_keylogger.unsupervised import *
from sklearn.preprocessing import MinMaxScaler

data = wav_read("attachment-45.wav")

keystrokes = detect_keystrokes(data)

X = [extract_features(x) for x in keystrokes]
X_norm = MinMaxScaler().fit_transform(X)

# len(set([x[0] for x in X_norm]))

letters = {}
phrase = []
current_letter = ord('a')
for x in X_norm:
if x[0] not in letters:
letters[x[0]] = current_letter
current_letter += 1
phrase.append(letters[x[0]])
print("".join([chr(x) for x in phrase]))

运行得到

1
abcdadadefebghecchgdgigjchgkgcchgiekgeecglgcgjeagieagbeggcchemgcghemgngcel

然后根据上面的表再猜常用字符, 统计出现次数

exp:

1
2
3
4
5
6
7
import pandas as pd

s='abcdadadefebghecchgdgigjchgkgcchgiekgeecglgcgjeagieagbeggcchemgcghemgngcel'
l=[]
for i in range(0,int(len(s)/2)):
l.append(s[i*2:i*2+2])
print(pd.Series(l).value_counts())

运行得到

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
gc    5
ch 4
gi 3
ec 2
gh 2
ad 2
gj 2
ea 2
em 2
cd 1
eb 1
ef 1
ab 1
gd 1
ek 1
gk 1
gl 1
ge 1
gb 1
eg 1
gn 1
el 1

gc 出现 5 次,因为 c 是 5,则可以判段 g,而 3457 都存在,则 g 必为 6,ch gi 无法判断

a-4 b-9 c-5 d-3 e-7 f-b g-6 l-d

拿我们得到的表去进行爆破

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
import itertools

ciphertext = "abcdadadefebghecchgdgigjchgkgcchgiekgeecglgcgjeagieagbeggcchemgcghemgngcel"
key_chars = 'a1e2c08f'
valid_chars = set('`~!@#$%^&*()+=[]\:;"\'<>,.?/|ZQjRX')
for perm in itertools.permutations(key_chars, 6):
key_map = {
'a': '4',
'b': '9',
'c': '5',
'd': '3',
'e': '7',
'f': 'b',
'g': '6',
'l': 'd',
'h': perm[0],
'i': perm[1],
'j': perm[2],
'k': perm[3],
'm': perm[4],
'n': perm[5],
}

hex_str = "".join(key_map.get(char, '?') for char in ciphertext)
try:
if all(0x2f < int(hex_str[i*2:i*2+2], 16) <= 0x7d for i in range(len(hex_str) // 2)):
flag = bytes.fromhex(hex_str).decode('utf-8')
if flag.endswith('}') and not any(char in flag for char in valid_chars):
print(flag)

except:
pass

运行得到

最后flag为

1
ISCC{you_can_be_argumentative_people}

有人让我给你带个话

题目描述:

1
有人让我给你带个话~

下载附件

010查看文件

手动提取rar压缩包并保存解压

搜索lyra,可以在Github中搜到这个仓库的链接

google/lyra: A Very Low-Bitrate Codec for Speech Compression

然后发现这个项目作者的头像就是上面那张png

安装lyra,安装lyra之前需要先安装baze

把之前那段未知数据的后缀改为a.lyra

1
bazel-bin/lyra/cli_example/decoder_main --encoded_path=/tmp/a.lyra --output_dir=/tmp --bitrate=3200

得到一个.wav音频文件,里面的内容是社会主义核心价值观编码,直接在线音频识别

https://www.pdf365.cn/voice-to-word/

核心价值观解密

最后flag为

1
ISCC{AOXBTQIF92SX}

ISCC2025

书法大师

题目描述:

1
2
3
**笔画是汉字构成的基本元素。书圣王羲之的《笔势论十二章》中提到:一点失所若美人之病一目,一画失节若壮士之折一肱。意思
是说,一个字中,有一个点写得不好,就像一个美人坏了一只眼睛,有一个横没有写好,就像一个壮士断了一条胳膊,这恰好说明了
笔画质量与字的整体美的关系。

下载附件

010查看文件

提取压缩包,解压压缩包

发现有密码,查看图片属性得到压缩包密码

解压压缩包得到

得到

1
兄上 巧竹 不摔 太中 生乙 个工 时少 生耳 耳一 老慢 从站 衣曾 贝潮 从男 切旗 从林 丙谁 那船 男中 吧穿 竹自 市一 工罪 小蓝

统计汉字笔画数然后转十六进制最后再十六进制解密

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
import base64
from strokes import strokes

# 输入文本字符串
text = "兄上 巧竹 不摔 太中 生乙 个工 时少 生耳 耳一 老慢 从站 衣曾 贝潮 从男 切旗 从林 丙谁 那船 男中 吧穿 竹自 市一 工罪 小蓝"

# 将文本按空格分割成单词对列表
pairs = text.split()

# 初始化空字符串用于存储组合后的字符
base = ""

# 遍历每个单词对
for pair in pairs:
# 调用 strokes 函数获取每个字符的笔画信息
stroke_info = strokes(pair)

# 将笔画信息转换为十六进制字符串并去除前缀 '0x'
hex_part1 = f"{stroke_info[0]:x}"
hex_part2 = f"{stroke_info[1]:x}"

# 组合两个十六进制字符串
combined_hex = hex_part1 + hex_part2

# 将组合后的十六进制字符串转换为字节,再解码为 UTF-8 字符串
combined_str = bytes.fromhex(combined_hex).decode('utf-8')

# 将解码后的字符添加到结果字符串
base += combined_str

# 尝试对组合后的字符串进行 Base64 解码
try:
# 先将字符串编码为字节
encoded_bytes = base.encode('utf-8')

# 进行 Base64 解码
decoded_bytes = base64.b64decode(encoded_bytes)

# 将解码后的字节解码为 UTF-8 字符串
decoded_text = decoded_bytes.decode('utf-8')

# 输出最终结果
print(decoded_text)
except Exception as e:
print(f"解码过程中出现错误: {e}")

运行得到

最后flag为

1
ISCC{Ujre8cGfKr}

反方向的钟

题目描述:

1
滑动鼠标拨回时钟,从深处的声音中找到隐藏的flag(为flag套上ISCC{})

下载附件

题目附件给了3个文件,只有TXT文件有用

查看txt

1
D‏‎​‍‎​‍​‍​‌‎‎​‏‍​‌‎‎​‌‎‍​‌‎​‍‎‏​‏​‌‏‎x8CBEkCZlAFLwdVHQsWEl1N

一眼零宽解密

得到

1
iscc20256L17

对文本编码进行base64解密后再XOR解密

最后flag为

1
ISCC{2Te3c6btxuqo}

返校之路

题目描述:

1
一转眼,假期已经过去,同学们都怀着怎样的心情踏上返校之路呢?(为结果套上ISCC{})

下载附件

part1.zip进行伪加密破解

part2.zip进行掩码爆破

解压压缩包得到三张图片


010查看1.jpg发现末尾藏有png文件

提取出来保存查看

扫描二维码

得到提示

1
flag不在这里,但是它由两部分组成

picture.png进行zsteg一把梭

base解密

得到第一部分flag

1
x2kNh7lN

查看3.jpg的属性

朝阳站到魏公村站,从3号线转10号线再转4号,得到

1
3104

最后flag为

1
ISCC{x2kNh7lN3104}

取证分析

题目描述:

1
2
3
4
你想将压缩包中的一个文本的内容复制到word中再隐藏进一些内容,但是忘记了压缩包密码......(请为结果套上ISCC{})
这里有个好东西:
链接: https://pan.baidu.com/s/1_nEeXsR8poCjNlKVDP5oNQ?pwd=j7c7 提取码: j7c7
(即该文件夹内的hint.zip)

下载附件并解压hint的镜像,Lovelymem打开内存镜像,文件扫描发现hahaha.zip

导出并解压压缩包

结合上一题,直接套用掩码爆破

预期解应该是明文攻击

附件还给了一个word文件

将文字写入txt并压缩,进行明文攻击

查看hint.txt

凯撒爆破

得到是维吉尼亚加密

查看Alphabet.txt

杨辉三角

据给定的坐标计算杨辉三角中的值,然后对 26 取模,再映射成字母得到密钥

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
from math import comb

def generate_key(coordinates):
"""
根据给定坐标生成组合数密钥

参数:
coordinates (list): 坐标列表,每个坐标为(col, row)元组

返回:
str: 生成的密钥字符串
"""
try:
# 计算每个坐标点对应的组合数
values = [comb(row-1, col-1) for col, row in coordinates]

# 处理组合数为0的情况(当col > row时)
mod_values = [v % 26 for v in values]

# 将取模结果转换为对应的大写字母 (1→A, 2→B, ..., 25→Y, 0→Z)
key = ''.join([chr(65 + (m-1) % 26) for m in mod_values])
return key
except Exception as e:
print(f"生成密钥时出错: {e}")
return None

# 示例坐标数据
coordinates = [(2,10), (4,8), (2,4), (3,4), (11,13), (2,11), (1,1), (10,26), (5,6), (5,9)]

# 生成并打印密钥
key = generate_key(coordinates)
if key:
print(f"生成的密钥: {key}")

运行得到

word改zip,在[Content_Types].xml中找到了密文

维吉尼亚解密

最后flag为

1
ISCC{gpbwjyrzkjox}

签个到吧

题目描述:

1
-张普普通通的签到二维码,变换一次再混入点东西,从中找到隐藏的flag,为结果套上ISCC{}

下载附件

先扫描二维码试试

查看压缩包文件,解压压缩包发现错误

010查看压缩包发现文件头错误,修改文件头

保存并解压压缩包

一眼Arnold猫脸变换,但是缺少变换参数

stegsolve查看通道得到

得到

1
ArnoldEncryption1112

爆破参数

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
import matplotlib.pyplot as plt
import cv2
import numpy as np

def arnold_decode(image, shuffle_times, a, b):
""" decode for rgb image that encoded by Arnold
Args:
image: rgb image encoded by Arnold
shuffle_times: how many times to shuffle
Returns:
decode image
"""
# 1:创建新图像
decode_image = np.zeros(shape=image.shape)
# 2:计算N
h, w = image.shape[0], image.shape[1]
N = h # 或N=w

# 3:遍历像素坐标变换
for time in range(shuffle_times):
for ori_x in range(h):
for ori_y in range(w):
# 按照公式坐标变换
new_x = ((a * b + 1) * ori_x + (-b) * ori_y) % N
new_y = ((-a) * ori_x + ori_y) % N
decode_image[new_x, new_y, :] = image[ori_x, ori_y, :]
image = np.copy(decode_image)

return image

def arnold_brute(image,shuffle_times_range,a_range,b_range):
for c in range(shuffle_times_range[0],shuffle_times_range[1]):
for a in range(a_range[0],a_range[1]):
for b in range(b_range[0],b_range[1]):
print(f"[+] Trying shuffle_times={c} a={a} b={b}")
decoded_img = arnold_decode(image,c,a,b)
output_filename = f"flag_decodedc{c}_a{a}_b{b}.png"
cv2.imwrite(output_filename, decoded_img, [int(cv2.IMWRITE_PNG_COMPRESSION), 0])

if __name__ == "__main__":
img = cv2.imread("1.png")
arnold_brute(img, (1,3), (1,3), (-3,1))

运行当shuffle_times=1、a=1、b=-2得到

对比正常二维码,发现定位符位置不对,使用ps向左旋转 90 度

保存文件,与flag_is_not_here.jpg进行xor

扫描二维码得到

最后flag为

1
ISCC{n7uRGAuTTy7i}

睡美人

题目描述:

1
睡美人的魅力藏在一张照片的色彩秘方中,编织出红红红红红红绿绿绿蓝的梦幻篇章

下载附件

发现图片右下角有base编码

得到

1
UGFzc3dvcmQgPSBzdW0oUlI1c3VtKEcpX3N1bShCKQ==

base解密

得到

1
Password = sum(RR5sum(G)_sum(B)

010查看文件发现藏有zip文件

提取压缩包并解压发现密码

题目提示:红红红红红红绿绿绿蓝,一共10个字,红是60%,绿30%,红10%,计算出所有像素的R、B、A值,然后乘百分值,最后相加

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
from PIL import Image

# 打开图像并转换为RGB模式
path = r"D:\\tmp\\iscc2025\\归档\\misc\\Sleeping_Beauty_36.png"
img = Image.open(path).convert("RGB")

# 定义颜色通道权重
wr = 0.6
wg = 0.3
wb = 0.1

# 初始化总和变量
sum_weighted = 0.0
sum_r = 0
sum_g = 0
sum_b = 0

# 获取图像尺寸
width, height = img.size

# 处理每个像素
for y in range(height):
for x in range(width):
r, g, b = img.getpixel((x, y))

# 累加RGB通道值
sum_r += r
sum_g += g
sum_b += b

# 计算像素加权值并累加
p = round(r*wr + g*wg + b*wb, 1)
sum_weighted += p

# 结果保留一位小数
sum_weighted = round(sum_weighted, 1)

# 输出结果
print(f"图像尺寸: {width} x {height} 像素")
print(f"红色通道总和: {sum_r}")
print(f"绿色通道总和: {sum_g}")
print(f"蓝色通道总和: {sum_b}")
print(f"加权像素总和: {sum_weighted}")

运行得到

得到压缩包密码

1
1375729349.6

解压压缩包,是音频文件,首先音频转文字

得到

1
There is a hidden message in this sound file. Can you find it?

使用adaucity打开

高低电平,曼彻斯特编码

每0.1s内如果音频都是高音频为0,如果有高低变化为1

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
import numpy as np
import scipy.io.wavfile as wav
import matplotlib.pyplot as plt

def non_standard_manchester_decode(path="D:\\tmp\\iscc2025\\归档\\misc\\1\\normal_speech_36.wav", start_sec=6.0, segment_sec=0.1, progress_callback=None):
"""
从WAV文件中解码非标准曼彻斯特编码信号

参数:
path: WAV文件路径
start_sec: 开始解码的时间(秒)
segment_sec: 每个数据段的长度(秒)
progress_callback: 进度回调函数,用于显示处理进度
"""
try:
rate, signal = wav.read(path)
except FileNotFoundError:
print(f"文件 '{path}' 不存在。")
return ""
except Exception as err:
print(f"WAV读取失败: {err}")
return ""

# 处理立体声文件,取左声道
if signal.ndim == 2:
samples = signal[:, 0]
else:
samples = signal

start_idx = int(start_sec * rate)
seg_len = int(segment_sec * rate)

# 检查起始位置是否超出范围
if start_idx + seg_len > len(samples):
print(f"起始时间 {start_sec}s 超出范围,无法解码。")
return ""

# 动态计算阈值 - 使用信号的中值
thresh = np.median(samples)

result_bits = []
pos = start_idx
count = 0
total_segments = (len(samples) - start_idx) // seg_len

while pos + seg_len <= len(samples):
# 提取当前段
seg = samples[pos: pos + seg_len]

# 应用动态阈值转换为二进制
binary = (seg > thresh).astype(int)

# 计算边沿
edges = np.diff(binary)

# 非标准曼彻斯特解码逻辑
# 如果全1,认为是0
# 如果有下降沿,认为是1
# 其他情况跳过或视为无效
if np.all(binary == 1):
result_bits.append('0')
elif np.any(edges == -1):
result_bits.append('1')

# 更新位置和计数
pos += seg_len
count += 1

# 调用进度回调
if progress_callback and count % 100 == 0:
progress = count / total_segments * 100
progress_callback(progress)

print(f"处理分段数: {count}")
return "".join(result_bits)

def visualize_decoding(path, start_sec, segment_sec, decoded_bits):
"""可视化解码过程和结果"""
try:
rate, signal = wav.read(path)
if signal.ndim == 2:
samples = signal[:, 0]
else:
samples = signal

start_idx = int(start_sec * rate)
end_idx = min(start_idx + int(len(decoded_bits) * segment_sec * rate), len(samples))

plt.figure(figsize=(12, 6))
time = np.arange(start_idx, end_idx) / rate
plt.plot(time, samples[start_idx:end_idx])

# 绘制阈值线
thresh = np.median(samples)
plt.axhline(y=thresh, color='r', linestyle='-', label=f'Threshold: {thresh:.2f}')

# 标记解码段
for i, bit in enumerate(decoded_bits):
seg_start = start_idx + i * int(segment_sec * rate)
seg_end = seg_start + int(segment_sec * rate)
if seg_end > len(samples):
break
seg_time_start = seg_start / rate
seg_time_end = seg_end / rate
plt.axvspan(seg_time_start, seg_time_end, alpha=0.2, color='g' if bit == '1' else 'b')
plt.text(seg_time_start + (seg_time_end - seg_time_start)/2, max(samples[start_idx:end_idx])*0.9, bit, ha='center')

plt.title('Manchester Decoding Visualization')
plt.xlabel('Time (s)')
plt.ylabel('Amplitude')
plt.legend()
plt.grid(True)
plt.tight_layout()
plt.show()
except Exception as e:
print(f"无法可视化: {e}")

if __name__ == "__main__":
# 定义进度回调函数
def show_progress(progress):
print(f"处理进度: {progress:.1f}%", end='\r')

# 执行解码
decoded = non_standard_manchester_decode(progress_callback=show_progress)

if decoded:
print("\n解码结果:")
print(decoded)

# 可视化解码结果
visualize_decoding("D:\\tmp\\iscc2025\\归档\\misc\\1\\normal_speech_36.wav", 6.0, 0.1, decoded)

运行得到

得到

1
01000011011100100111100101110000011101000110100101100011

赛博厨子一把梭

最后flag为

1
ISCC{Cryptic}

神经网络迷踪

题目描述:

1
神经网络的某个部分或许隐藏着某个密码

下载得到模型文件 attachment-38.pth

挂载模型

Netron

借用烛佬脚本

ISCC2025|MISC_iscc八卦题-CSDN博客

exp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
import torch
import sys
import re
from libnum import n2s

def analyze_pth_file(pth_file):
# 加载模型文件
try:
state = torch.load(pth_file, map_location="cpu", weights_only=True)
except Exception as e:
print(f"加载文件失败: {e}")
return None
return state

def display_tensor_info(state):
# 显示基本信息
print("\n=== 模型张量概览 ===")
for name in state:
tensor = state[name]
print(f"{name:20} | shape={str(tuple(tensor.shape)):15} | dtype={str(tensor.dtype):10}")

# 显示每个张量的详细数据
print("\n=== 张量详细数据 ===")
for name in state:
tensor = state[name]
print(f"\n【张量名称】:{name}")

# 处理张量数据
t_flat = tensor.flatten()
if t_flat.is_floating_point():
t_flat = t_flat.round()

# 转换为整数列表
ints = []
tensor_ints = t_flat.to(torch.int64)
for i in range(len(tensor_ints)):
ints.append(tensor_ints[i].item())

print(f"整数值:{ints}")

# 转换为字节表示
byte_data = b""
for i in ints:
tmp = n2s(i)
if len(tmp) == 0:
byte_data = byte_data + b"\x00"
else:
byte_data = byte_data + tmp

print(f"Bytes (hex):{byte_data.hex()}")
print(f"Bytes (repr):{repr(byte_data)}")

# 尝试UTF-8解码
try:
decoded = byte_data.decode('utf-8', errors='strict')
print(f"UTF-8解码:{decoded}")
except UnicodeDecodeError:
print("UTF-8解码失败")
except:
print("解码时发生错误")

def extract_potential_flags(state):
print("\n=== 尝试从所有张量中提取数据 ===")

def tensor_to_text(tensor, scale):
"""将张量转换为文本,尝试不同的缩放方法"""
nums = [int(torch.round(v*scale)) & 0xFF for v in tensor.flatten()]
try:
return bytes(nums).decode('utf-8')
except UnicodeDecodeError:
return ''

flag_pattern = re.compile(r'[ -~]{4,20}') # 放宽长度限制

found_flags = False

for tensor_name, tensor in state.items():
print(f"\n检查张量:{tensor_name}")
# 尝试不同的缩放方法
scales = [0.01, 0.1, 1, 100, 255, 500, 1000] # 多种可能的缩放因子
for scale in scales:
text = tensor_to_text(tensor, scale)
if text and flag_pattern.fullmatch(text):
print(f"发现可打印字符 (scale={scale}):{text}")
found_flags = True

# 检查原始整数值
if tensor.dtype in (torch.int32, torch.int64):
try:
int_text = bytes([x & 0xFF for x in tensor.flatten().tolist()]).decode('utf-8')
if int_text and flag_pattern.fullmatch(int_text):
print(f"发现潜在可打印字符 (原始整数值):{int_text}")
found_flags = True
except:
pass

if not found_flags:
print("未在任何张量中发现符合格式的可打印字符")

pth_file = "D:\\tmp\\iscc2025\\归档(1)\\misc\\attachment-38.pth"
state = analyze_pth_file(pth_file)
if state is not None:
display_tensor_info(state)
extract_potential_flags(state)

运行得到

最后flag为

1
ISCC{dane}

八卦

题目描述:

1
2
3
时序乾坤震异坎离良兑
Hint1:时序不仅是64卦中的顺序,还是每一帧的持续时间和是否存在内容。
Hint2:总共7卦,LSB存在一卦,每一帧持续时间存在一卦,每一帧是否存在字符为一卦,每一卦转化为上卦和下卦。

下载附件

010查看文件发现尾部藏有7z文件

手动提取保存并解压发现有密码

拆分gif

得到

1
2
3
4
5
6
7
8
9
10
11
0帧:5Lm+5Li65aSp
乾为天 乾乾

1帧:4WY3DZVQWTUJFGl=
山水蒙 艮坎

2帧:5rC06Zu35bGv
水雷屯 坎震

4帧:42YLJZNEVHUZZAA=
水天需 乾坎

gif提取时间帧

每一帧都有lsb隐写

base解密

目前得到前五卦

1
2
3
4
5
第一卦 乾 乾为天 乾上乾下
第二卦 坤 坤为地 坤上坤下
第三卦 屯 水雷屯 坎上震下
第四卦 蒙 山水蒙 艮上坎下
第五卦 需 水天需 坎上乾下

六十四卦大全

周易六十四卦在线速查工具—LZL在线工具

帧时间间隔分析

1
2
3
4
['200', '300', '200', '300', '200', '300']

提取数字23
考虑是第二十三卦艮坤

gif拆分分析

1
2
存在内容即为1,不存在即为0,1235帧存在base64,46帧没有,即111010,转十进制为58
考虑是第五十八卦兑兑

整理得到密码

1
乾乾坤坤坎震艮坎坎乾艮坤兑兑

解压压缩包得到

赛博厨子一把梭

最后flag为

1
ISCC{HGchWO800}

文章作者: yiqing
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 yiqing !
  目录