第一题简单
base64加字符偏移就可以了
第二题 维吉利亚加密
Vvr Ifnvaus Bdwokv Gbtrzsa Vkqgofntja rrlznxk eflvkozjcdue rs “mzg oez ff pjkhvtx ok kqzioeg vgfsf.” Zyil au vvykokaeoyrp avuwfnzv, bnl fcry eom ucdgaie mzg qhxiegl dfrguta gh huk wixdf ce oks ijggrtk-dtq uqvketbxkq sulnwsvwbtj. Taw fssoeimaqb sutulwu gbrvlr gp huk towwu hugk htng prke ulwf tbx teglwfvkj th wpoorv sxutsg ifmfmpwpgkihf. Dig iiyilquegghr fqknjryl wpqbsgalkgg zath fgts gnrn mzkg: vz uetdu kvzy mxujoaojml xqf rtjukapu vtkezjkhl, zvcafkehkj fhj glpnrnzapu fktrxl msly, grhlqqbrj fhj cignvnmaeogoeg nkgff, kcevltcaot anuvwbtj agv gzrikihfu, rvmzttd eofn, rnw eqfr. Cztagwh nzkefhvwam ko ijqjvjv a vgodykke vzcfnikekabogofn, pw ychru stq vvnz dowwtb pxppmgifnvyy bfxcybvs mzg ggauy hx oognvmtlkqnr kevzpwdavs ygt grilrbfi rvmzttd kbsuimtlkca, ypsmwog, ntu dbkvfvhltxv eczvlttlkcay rgtapgg guvxjuoeorl tlvopqj. fesi{3osir4d633096u273734wct73r6985l4wc2us213}
直接暴力破解
https://www.guballa.de/vigenere-solver
Mac下可以用https://github.com/isee15/CTF-tools-offline 这个工具
Clear text using key "congrats":
flag在最后flag{3afca4d633096b273734eaf73e6985f4fc2ba213}
The Concise Oxford English Dictionary defines cryptography as “the art of writing or solving codes.” This is historically accurate, but does not capture the current breadth of the field or its present-day scientific foundations. The definition focuses solely on the codes that have been used for centuries to enable secret communication. But cryptography nowadays encompasses much more than this: it deals with mechanisms for ensuring integrity, techniques for exchanging secret keys, protocols for authenticating users, electronic auctions and elections, digital cash, and more. Without attempting to provide a complete characterization, we would say that modern cryptography involves the study of mathematical techniques for securing digital information, systems, and distributed computations against adversarial attacks. flag{3afca4d633096b273734eaf73e6985f4fc2ba213}
第三题 音频加密
工具打开,切换到频谱图
解压得到
还缺少part2
直接二进制打开图片
第四题 USB 键盘
按照https://www.anquanke.com/post/id/85218的套路
tshark.exe -r usb1.pcap -T fields -e usb.capdata > usbdata.txt
获取到具体的data
mappings = { 0x04:"A", 0x05:"B", 0x06:"C", 0x07:"D", 0x08:"E", 0x09:"F", 0x0A:"G", 0x0B:"H", 0x0C:"I", 0x0D:"J", 0x0E:"K", 0x0F:"L", 0x10:"M", 0x11:"N",0x12:"O", 0x13:"P", 0x14:"Q", 0x15:"R", 0x16:"S", 0x17:"T", 0x18:"U",0x19:"V", 0x1A:"W", 0x1B:"X", 0x1C:"Y", 0x1D:"Z", 0x1E:"1", 0x1F:"2", 0x20:"3", 0x21:"4", 0x22:"5", 0x23:"6", 0x24:"7", 0x25:"8", 0x26:"9", 0x27:"0", 0x28:"\n", 0x2a:"[DEL]", 0X2B:" ", 0x2C:" ", 0x2D:"-", 0x2E:"=", 0x2F:"[", 0x30:"]", 0x31:"\\", 0x32:"~", 0x33:";", 0x34:"'", 0x36:",", 0x37:"." }
nums = []
keys = """00:00:00:00:00:00:00:00
20:00:00:00:00:00:00:00
20:00:17:00:00:00:00:00
00:00:17:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0b:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:0c:00:00:00:00:00
00:00:0c:16:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
20:00:00:00:00:00:00:00
20:00:0c:00:00:00:00:00
20:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
20:00:00:00:00:00:00:00
20:00:10:00:00:00:00:00
00:00:10:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1c:00:00:00:00:00
00:00:00:00:00:00:00:00
20:00:00:00:00:00:00:00
20:00:13:00:00:00:00:00
20:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:04:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:16:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:1a:00:00:00:00:00
00:00:1a:12:00:00:00:00
00:00:12:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:15:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:07:00:00:00:00:00
00:00:00:00:00:00:00:00
20:00:00:00:00:00:00:00
20:00:1e:00:00:00:00:00
20:00:00:00:00:00:00:00
00:00:00:00:00:00:00:00
00:00:28:00:00:00:00:00
00:00:00:00:00:00:00:00"""
keys = keys.split("\n")
import sys
import os
DataFileName = "usb.dat"
presses = []
normalKeys = {"04": "a", "05": "b", "06": "c", "07": "d", "08": "e", "09": "f", "0a": "g", "0b": "h", "0c": "i",
"0d": "j", "0e": "k", "0f": "l", "10": "m", "11": "n", "12": "o", "13": "p", "14": "q", "15": "r",
"16": "s", "17": "t", "18": "u", "19": "v", "1a": "w", "1b": "x", "1c": "y", "1d": "z", "1e": "1",
"1f": "2", "20": "3", "21": "4", "22": "5", "23": "6", "24": "7", "25": "8", "26": "9", "27": "0",
"28": "", "29": "", "2a": "", "2b": "\t", "2c": "", "2d": "-", "2e": "=", "2f": "[",
"30": "]", "31": "\\", "32": "", "33": ";", "34": "'", "35": "", "36": ",", "37": ".", "38": "/",
"39": "", "3a": "", "3b": "", "3c": "", "3d": "", "3e": "", "3f": "",
"40": "", "41": "", "42": "", "43": "", "44": "", "45": ""}
shiftKeys = {"04": "A", "05": "B", "06": "C", "07": "D", "08": "E", "09": "F", "0a": "G", "0b": "H", "0c": "I",
"0d": "J", "0e": "K", "0f": "L", "10": "M", "11": "N", "12": "O", "13": "P", "14": "Q", "15": "R",
"16": "S", "17": "T", "18": "U", "19": "V", "1a": "W", "1b": "X", "1c": "Y", "1d": "Z", "1e": "!",
"1f": "@", "20": "#", "21": "$", "22": "%", "23": "^", "24": "&", "25": "*", "26": "(", "27": ")",
"28": "", "29": "", "2a": "", "2b": "\t", "2c": "", "2d": "_", "2e": "+", "2f": "{",
"30": "}", "31": "|", "32": "", "33": "\"", "34": ":", "35": "", "36": "<", "37": ">", "38": "?",
"39": "", "3a": "", "3b": "", "3c": "", "3d": "", "3e": "", "3f": "",
"40": "", "41": "", "42": "", "43": "", "44": "", "45": ""}
# handle
result = ""
for press in keys:
Bytes = press.split(":")
if Bytes[0] == "00":
if Bytes[2] != "00" and Bytes[3] == "00":
result += normalKeys[Bytes[2]]
elif Bytes[0] == "20": # shift key is pressed.
if Bytes[2] != "00" and Bytes[3] == "00":
result += shiftKeys[Bytes[2]]
else:
print("[-] Unknow Key : %s" % (Bytes[0]))
print("[+] Found : %s" % (result))
输出[+] Found : TthisIsMmyPassword!
加上一些猜测 正确密码是ThisIsMyPassword!
解压获得flag{ccc919529c01014af868bfa8d9c1c00a3fc2348f}
第五题 多层 zip解压
比较绕,先第一层暴力19900000000开始枚举
解压得到level2.zip和readme.txt
readme没有啥用
Please notice that the telephone number in level1 is a fake one, do not try to call it.
看到level2.zip里面也有一个readme.txt
用zip明文attack,上AZPR
接触level3.zip
这回没啥线索了,可能是个伪加密
终于得到一个图片flag.png
但是看内容
???
绕了三层还没给结果。。。
用TweakPng打开提示CRC错误
修改一下图片高度
然后
这个真是。。。