这种关就是人肉一个人,比较蛋疼,不是,是非常蛋疼。
tEXt:0x25 Length:0x0000002b Context:These aren't the chunks you're looking for. tEXt:0x5c Length:0x0000001f Context:You can go about your business. tEXt:0x87 Length:0x0000000b Context:Move along.自己写一个找非法名字chunk的脚本,运行一下找到了两段比较奇怪的chunk
offset = 8 while (1): tunck_name = text[offset+4:offset+8] length = int(binascii.b2a_hex(text[offset:offset+4]),16) if (tunck_name not in chunkname): print tunck_name print "offset:0x%x" % (offset) print "length:0x%x" % (length) print binascii.b2a_hex(text[offset+8:offset+8+length]) if (tunck_name=="IEND"): break offset = offset + length + 12根据名字我们好像需要把他们怎么 xor一下子
xORk offset:0xaf length:0x4 43534157 kTXt offset:0x42f2c length:0x34 2836382c100304140a150814020708180d00610416110b12000761030c73021f021d0612630408030b1c1403631d0e030a10042a再来一个脚本,来计算xor的结果
for i in range(52): print chr(int(a[(i%4)*2:(i%4)*2+2],16) ^ int(b[i*2:i*2+2],16)),OK~这样key就出来了
k e y { S P E C I F I C A T I O N S S U B J E C T T O C H A N G E W I T H O U T N O T I C E }
http://key.psifertex.com上面说,那么就去人肉这个叫做迈克尔的人
Michael Vario sure does some suspicious signs, hope he doesn't do me.找啊找啊找啊找,在他的twitter上找到了一个PGP 0x4b74e38aedd31e2a
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x9FBEBC5EA827D636使用一段python脚本解码一下
>>> file_object = open('c:\data.txt','r') >>> text = file_object.read() >>> file_object_out = open('c:\data2.txt','wb') >>> text = base64.decodestring(text) >>> file_object_out.write(text) >>> file_object_out.close()把输出的文件拿WinHex打开,发现FF D8 是JPGE的文件头,把这个东西截取出来,打开一看,我擦竟然是key
https://hsf.isis.poly.edu/previous_winners/点开里面这逼名字的一个链接就是key了。。。。
19:20 -!- snOwDIN [[email protected]]19:20 -!- ircname : linkedin:chinesespies 19:20 -!- channels : @#odin @#csaw19:20 -!- server : isis.poly.edu [ISIS IRC Server] 19:20 -!- : is using a Secure Connection 19:20 -!- idle : 0 days 0 hours 1 mins 18 secs [signon: Thu Sep 19 21:04:20 2013]19:20 -!- End of WHOIS这里线索指向
linkedin:chinesespies去这里找找··就可以得到key啦~
http://prosauce.org/projects/其中有一个链接指向一个视频,youtube上面的
http://www.youtube.com/all_comments?v=RCTRSK45bS4看下面的一条评论,就是key