TJUCTF新生赛-AI安全专栏write up

以下题目为我本次为天津大学ctf新生赛出的AI安全专栏中的所有题目,所有代码仅限学习交流,请勿用于非法活动或商业用途。若需要ctf比赛出题,可以通过QQ 2478953474联系我

1. 签到题

非常简单的签到题,不过其可能会对于其他题目有帮助哦
本题只有如下一个源代码作为附件
from my_flags import flag1

def getdict1(mydict,ans,flag):
    pre_index=23
    for i in range(1,len(flag)):
        now_index=ans.find(flag[i])
        mydict[pre_index]=now_index
        pre_index=now_index
    mydict[25]=12
    return mydict

ans='t_3Lhalemsc!{1-5oHET+wgfi}'
flag_mapping={}
flag_dict=getdict1(flag_mapping,ans,flag1)
print(flag_dict)

#print(flag_dict)={8: 18, 11: 25, 20: 0, 17: 7, 12: 19, 15: 1, 19: 4, 22: 12, 7: 14, 9: 20, 13: 9, 25: 12, 3: 10,
# 21: 2, 0: 17, 1: 13, 2: 3, 4: 24, 6: 5, 18: 11, 16: 8, 10: 16, 14: 21, 24: 15, 23: 6, 5: 22}
链接:https://pan.baidu.com/s/142Ollb4lI7jRGDnRrvBtfQ 
提取码:zd0g 
--来自百度网盘超级会员V6的分享

这题直接就是将ans还原为flag,在最底下给出了二者的字符串下标的映射关系。直接还原即可得到flag

flag{Thi5_1s+tHe-w3LcomE!}

2. DNN的本质

DNN是一种常用的简单神经网络,你可以从它中发现flag吗?
from my_flags import flag2

import torch
from torch import nn, optim
# Can you recover the flag using the 'ans' and 'DNN'?
class DNN(nn.Module):
    def __init__(self):
        super(DNN,self).__init__()
        self.fc1=nn.Linear(22,22)

    def forward(self,x):
        x=self.fc1(x)
        return x

def getdict2(mydict,ans,flag):
    pre_char='f'
    for i in range(1,len(flag)):
        now_char=flag[i]
        mydict[pre_char]=now_char
        pre_char=now_char
    mydict['d']='}'
    return mydict

ans='al8kc_f3}d50A{6e7x1gi2'
# Generate the feature x for each character in 'ans'
feature_dict={}
flist=[]
for i in range(len(ans)):
    # The following two lines show how I generate the feature
    # feature like this
    # [0.6, 0.2, 0.2, ..., 0.2]
    # [0.2, 0.6, 0.2, ..., 0.2]
    tmplist=[0.2]*len(ans)
    tmplist[i]+=0.4

    flist.append(tmplist)
    feature_dict[ans[i]]=tmplist
# Generate the train database
train_data=[]
ans_to_flag2_dict={}
ans_to_flag2_dict=getdict2(ans_to_flag2_dict,ans,flag2)
keys=list(ans_to_flag2_dict)
for i in keys:
    print(i,'----------->',ans_to_flag2_dict[i])
    train_data.append((feature_dict[i],feature_dict[ans_to_flag2_dict[i]]))
# Train the DNN
epoch=1000
iter=len(train_data)
dnn=DNN()
dnn.train()
lr=0.2
opt=optim.SGD(dnn.parameters(),lr)
criterion = nn.L1Loss()
for i in range(epoch):
    for j in range(iter):
        x=torch.tensor(train_data[j][0],dtype=torch.float)
        y=torch.tensor(train_data[j][1],dtype=torch.float)
        _y=dnn.forward(x)
        loss = criterion(_y,y)
        print(loss.data)
        loss.backward()
        opt.step()
        opt.zero_grad()

# Save the model
dnn.eval()
savepath='./dnn.pt'
torch.save(dnn,savepath)
链接:https://pan.baidu.com/s/1cNfz81II2xCqOIhuNjRqJA 
提取码:pv62 
--来自百度网盘超级会员V6的分享

有了签到题的提示,这题难度并不是很高。我在这题中提供了一个训练好的简单DNN。DNN可以学习到一个特征空间到另一个特征空间的映射关系。其实在本题中的DNN模型作用和签到题中的flag_dict是一样的,提供了ans到flag的映射关系。
TJUCTF新生赛-AI安全专栏write up_第1张图片

根据题目的"feature like this"的提示可知,输入中数值最大的下标代表ans中下标对应的字符而输出中数值最大的下标代表flag。由此可以得到一个ans到flag的映射。因此可以直接载入模型,使用附件中提供的特征生成方法逐个生成ans的特征,送入DNN中得到其对应的字符。exp如下

import torch
from torch import nn

class DNN(nn.Module):
    def __init__(self):
        super(DNN,self).__init__()
        self.fc1=nn.Linear(22,22)

    def forward(self,x):
        x=self.fc1(x)
        return x

ans='al8kc_f3}d50A{6e7x1gi2'
flist=[]
for i in range(len(ans)):
    # The following two lines show how I generate the feature
    # feature like this
    # [0.6, 0.2, 0.2, ..., 0.2]
    # [0.2, 0.6, 0.2, ..., 0.2]
    tmplist=[0.2]*len(ans)
    tmplist[i]+=0.4

    flist.append(tmplist)

dnn=torch.load('./database/dnn.pt')
dnn.eval()

for i in range(len(flist)):
    print(flist[i])
    x=torch.tensor(flist[i],dtype=torch.float)
    y=dnn.forward(x).data.tolist()
    maxnum=-1.0
    loc=-1
    for j in range(len(y)):
        if(y[j]>maxnum):
            maxnum=y[j]
            loc=j
    print(ans[i],'---->',ans[loc])
    #print(y)
    print('-------------------------------------------------------------------------')
flag{A1ice_0x3k52876d}

3. 模型里的flag1

flag在flag.pt里面,你能找到它吗?
提示:Netron是个好东西
链接:https://pan.baidu.com/s/1n5vSExPmZyh2ptxtFDQbKQ 
提取码:qhze 
--来自百度网盘超级会员V6的分享

根据提示下载Netron软件,这个软件可以可视化模型的结构。发现有很多全连接层的名字是base64编码的,逐个尝试就可以得到flag
TJUCTF新生赛-AI安全专栏write up_第2张图片

flag{0xdf2a78e_you_are_right!^v^}

4. 模型里的flag2

flag在flag_hard.pt里面,你能找到它吗?
提示:Netron好用但不是万能的
链接:https://pan.baidu.com/s/1wmoCICJiw5r8SutCV4KwNQ 
提取码:vvki 
--来自百度网盘超级会员V6的分享

这题本意是使用(15条消息) XCTF-L3HCTF2021 DeepDarkFantasy write up_AliceNCsyuk的博客-CSDN博客

这道题的预期解法是用上述博客中前半部分模型逆向的方法来逆出模型的。但是根据实际做题情况,直接拖winhex找Zmxh23就能找到flag了。。。。
TJUCTF新生赛-AI安全专栏write up_第3张图片

flag{model_reverse_is_an_important_skill!}

5. MNIST分类器

nc 0.0.0.0 9999
在这个挑战中,你需要训练一个mnist分类器。我将会随机给你发送20张图片的base64编码,你需要在20秒内正确识别出他们并将结果以如'10973852443528710983'这样的形式发给我。本题有一个附件mnist2base64.py,描述的是我如何生成这些base64编码
import base64
from torchvision import transforms, datasets
from torch.utils.data import DataLoader

batch_size=1
def get_data(train):
    data_tf = transforms.Compose([transforms.ToTensor()])
    train_data = datasets.MNIST(root='./data', train=train, transform=data_tf, download=True)
    train_loader = DataLoader(train_data, shuffle=True, batch_size=batch_size, drop_last=True)
    return train_loader

savepath='./base64_1000.txt'
f=open(savepath,'w')
pic_num=1000

train_data = get_data(True)

for img, lab in train_data:
    pic_num-=1
    if(pic_num==0):
        break
    img = img.view(img.size(0), -1).numpy().astype("float32").tobytes()
    img = bytes.decode(base64.b64encode(img))
    lab=lab.tolist()[0]
    f.write(img+','+str(lab)+'\n')
    f.flush()

f.close()

提供的附件中告知了使用的数据集为torchvision.datasets.MNIST,并且详细描述了生成base64编码的方法。这题本质上只是考察训练模型的基本功,多种模型都可以达到要求,比如DNN,CNN这些简单网络。这里直接放出exp。模型来自n1ctf2021的collision,是CNN网络

import numpy as np
import torch
import torch.nn as nn
import torch.nn.functional as F
from base64 import b64decode
from pwn import *


class Net(nn.Module):
    def __init__(self):
        super(Net, self).__init__()
        self.conv1 = nn.Conv2d(1, 32, 3, 1)
        self.conv2 = nn.Conv2d(32, 64, 3, 1)
        self.dropout1 = nn.Dropout(0.25)
        self.dropout2 = nn.Dropout(0.5)
        self.fc1 = nn.Linear(9216, 128)
        self.fc2 = nn.Linear(128, 10)

    def forward(self, x):
        x = self.conv1(x)
        x = F.relu(x)
        x = self.conv2(x)
        x = F.relu(x)
        x = F.max_pool2d(x, 2)
        x = self.dropout1(x)
        x = torch.flatten(x, 1)
        x = self.fc1(x)
        x = self.fc2(x)
        x = F.sigmoid(x)
        return x


def load_model(path):
    model = Net()
    model.load_state_dict(torch.load(path, map_location="cpu"))
    return model.eval()

model = load_model("./database/convNet.pt")

r=remote('0.0.0.0',9999)
r.recvuntil(b'in 10s\n')
ans=''
for i in range(20):
    data = r.recvline()
    #print(data)
    data=bytes.decode(data)
    img = b64decode(data)
    img = np.frombuffer(img, dtype="float32")
    img = torch.FloatTensor(img).reshape(1, 1, 28, 28)
    tmpans = model(img)
    tmplist=tmpans.tolist()[0]
    maxnum=-2.0
    tmpnum=0
    for j in range(len(tmplist)):
        if(tmplist[j]>maxnum):
            maxnum=tmplist[j]
            tmpnum=j
    ans+=str(tmpnum)
print(ans)
r.recvuntil(b'83 > \n')
r.sendline(str.encode(ans))
flag=r.recvline()
print(bytes.decode(flag))
r.interactive()

完整的题目附件都在下面了

链接:https://pan.baidu.com/s/1A-y8hZHJFgiQ3T7gNyJsFQ 
提取码:o8n7 
--来自百度网盘超级会员V6的分享
flag{now_you_are_the_master_of_AI_0xffa5eca6678d636435ab70d2}

6. 简单的FGSM

nc 0.0.0.0 9998
我在本题中使用LeNet训练了一个二分类网络(mnist中的47)。我将会给你训练好的网络target.pt,以及一张原始图像‘4’的base64编码(.py代码中),你需要生成一张图片,使其在满足Check函数中的L1和L2约束的情况下,让target.pt网络误以为它是一张‘7
from base64 import b64decode
from torch import nn
import torch.nn.functional as func
import numpy as np
import torch
import os

class LeNet(nn.Module):
    def __init__(self,dimy):
        super(LeNet,self).__init__()
        self.conv1=nn.Conv2d(3,6,5)
        self.conv2=nn.Conv2d(6,16,5)
        self.linear1=nn.Linear(256,120)
        self.linear2=nn.Linear(120,84)
        self.linear3=nn.Linear(84,10)
        self.linear4=nn.Linear(10,dimy)
    def forward(self,x):
        x=func.relu(self.conv1(x))
        x=func.max_pool2d(x,2)
        x=func.relu(self.conv2(x))
        x=func.max_pool2d(x,2)
        x=x.view(x.size(0),-1)
        x=func.relu(self.linear1(x))
        x=func.relu(self.linear2(x))
        x=self.linear3(x)
        x=torch.sigmoid(self.linear4(x))
        return x

mymodal=torch.load('./target.pt')
mymodal.eval()

base64_src
src= np.frombuffer(b64decode(base64_src),dtype="float64")
src=np.clip(src, 0, 1)

def Check(buf):
    L1_THRES=12.0
    L2_THRES=1.0
    global src
    arr = np.frombuffer(buf, dtype="float64")
    if arr.shape[0] != 3 * 28 * 28:
        raise BufferError("hacker")
    arr = np.clip(arr, 0, 1)
    diff = arr - src
    if np.linalg.norm(diff, 1) > L1_THRES or np.linalg.norm(diff, 2) > L2_THRES:
        raise BufferError("attack failed")
    arr = torch.FloatTensor(arr).reshape(1, 3, 28, 28)
    return (mymodal(arr)<0.5).tolist()[0][0]

print(Check(b64decode(base64_src)))

这题考察fgsm这种常用的对抗样本算法。对于fgsm的讲解可以看我的这篇文章(15条消息) N1CTF2021 Collision exp解析write up_AliceNCsyuk的博客-CSDN博客

不过在这题有一点需要注意的是,由于Check函数中只需要满足分类得到的值小于0.5即可。所以在设置目标label的时候,可以选择0.36这种小于0.5的数值,而不是0.0,这样可以更容易达到l1和l2约束。exp如下

from torch import nn
from torch.utils.data import Dataset,DataLoader
import torch.nn.functional as func
import numpy as np
import torch
from PIL import Image
import os
import base64
import random
from torchvision import transforms
from torch.autograd import Variable


class LeNet(nn.Module):
    def __init__(self,dimy):
        super(LeNet,self).__init__()
        self.conv1=nn.Conv2d(3,6,5)
        self.conv2=nn.Conv2d(6,16,5)
        self.linear1=nn.Linear(256,120)
        self.linear2=nn.Linear(120,84)
        self.linear3=nn.Linear(84,10)
        self.linear4=nn.Linear(10,dimy)
    def forward(self,x):
        x=func.relu(self.conv1(x))
        x=func.max_pool2d(x,2)
        x=func.relu(self.conv2(x))
        x=func.max_pool2d(x,2)
        x=x.view(x.size(0),-1)
        x=func.relu(self.linear1(x))
        x=func.relu(self.linear2(x))
        x=self.linear3(x)
        x=torch.sigmoid(self.linear4(x))
        return x

class MyDataSet(Dataset):
    def __init__(self,datapath,trans=None):
        self.datapath=datapath;self.trans=trans
        self.data=list()
        self.label_map={'4':0,'7':1}
        path1=datapath+'/4/'
        path2=datapath+'/7/'
        filist1=os.listdir(path1)
        flist2=os.listdir(path2)
        for i in range(len(filist1)):
            tmppath=path1+filist1[i]
            tmpimg = Image.open(tmppath).convert('RGB')
            if (self.trans != None):
                tmpimg = self.trans(tmpimg)
            self.data.append((tmpimg, 1.0))
        for i in range(len(flist2)):
            tmppath=path2+flist2[i]
            tmpimg = Image.open(tmppath).convert('RGB')
            if (self.trans != None):
                tmpimg = self.trans(tmpimg)
            self.data.append((tmpimg, 0.36))

    def __len__(self):
        return len(self.data)

    def __getitem__(self, item):
        return self.data[item][0],self.data[item][1]

def set_seed(seed=0):
    random.seed(seed)
    np.random.seed(seed)
    torch.manual_seed(seed)
    torch.cuda.manual_seed(seed)

def save_image(arr, path):
    im = Image.fromarray(arr)
    im.save(path)

atk_trans=transforms.Compose([transforms.ToTensor()])

mainpath="./database/mnist/"
atkpath=os.path.join(mainpath,"atk")
atk_data=MyDataSet(atkpath,atk_trans)
batch_size=1
atk_load=DataLoader(atk_data,batch_size=batch_size,drop_last=True)

mymodal=torch.load('./database/target.pt')
mymodal.train()
tmpans=0
image=0
cnt=0
for _, data in enumerate(atk_load):
    images, ans = data
    if(cnt==1):
        tmpans = ans.float()
    if(cnt==0):
        image=images
    cnt += 1

src=image.squeeze().detach().flatten().numpy().astype("float64")
src=np.clip(src, 0, 1)

picpath=mainpath+'/atk/4/mnist_test_24.png'
adv=Variable(image,requires_grad=True)
loss_f=nn.L1Loss()
loss_l2=nn.MSELoss()
lr=0.1
RATIO=1.0
epoch=1000
print("before atk:  ",mymodal(adv))
print(mymodal(adv))

for i in range(epoch):
    y=mymodal(adv)
    l1l = loss_f(adv, image) * RATIO
    l2l = loss_l2(y,tmpans)
    loss = l1l+l2l
    loss=loss
    loss.backward()
    adv.requires_grad = False
    data1 = adv.squeeze().detach().numpy().astype("float64").tobytes()
    arr1 = np.frombuffer(data1, dtype="float64")
    arr1 = np.clip(arr1, 0, 1)
    diff = arr1 - src
    a, b = (np.linalg.norm(diff, 1), np.linalg.norm(diff, 2))
    if(i==epoch-1):
        print(a,' --------------------> ',b)
    adv = adv - adv.grad * lr
    adv = adv.clamp(0, 1)
    adv.requires_grad = True

print("after atk:  ",mymodal(adv))
ans=adv.squeeze().detach().flatten().numpy().astype("float64")
ans=np.clip(ans, 0, 1)
ans=base64.b64encode(ans.tobytes())


from pwn import *
r=remote('0.0.0.0',9998)
r.recvuntil(b'> \n')
r.sendline(ans)
flag=r.recvline()
print(bytes.decode(flag))
r.interactive()
链接:https://pan.baidu.com/s/12gxLyrjvPGilWUphtptxqQ 
提取码:3ehl 
--来自百度网盘超级会员V6的分享
flag{ohhhh^_^!_fg5m_ls_gr3at-->:D}

你可能感兴趣的:(CTF,人工智能,安全,python)