当前位置：网站首页>[Yugong series] February 2022 attack and defense world advanced question misc-83 (QR easy)

[Yugong series] February 2022 attack and defense world advanced question misc-83 (QR easy)

2022-07-04 02:02:00 【Yugong move code】

List of articles

One 、Keyes_secret
Two 、 How to answer questions
summary

One 、Keyes_secret

Topic link ：https://adworld.xctf.org.cn/task/task_list?type=misc&number=1&grade=1&page=5
Insert picture description here

Two 、 How to answer questions

1. Download the attachment

Get a picture ：
Insert picture description here
First , We need a clean image based on the above figure .

The size of this QR code is 29x29, edition V The size is N × N,N = 17 + 4V, So this is the version 3.

2. QR code format information

This area represents the format information of the QR code . actually , The format information is 15 Bit length , The area has the last 8 position .
Insert picture description here
Search the list of all format information strings , We can find that the type information bit is 001001110111110. So this QR code has ECC Level H And mask mode 1.

List of all format information strings ：

ECC Level	Mask pattern	Type information bits
L	0	111011111000100
L	1	111001011110011
L	2	111110110101010
L	3	111100010011101
L	4	110011000101111
L	5	110001100011000
L	6	110110001000001
L	7	110100101110110
M	0	101010000010010
M	1	101000100100101
M	2	101111001111100
M	3	101101101001011
M	4	100010111111001
M	5	100000011001110
M	6	100111110010111
M	7	100101010100000
Q	0	011010101011111
Q	1	011000001101000
Q	2	011111100110001
Q	3	011101000000110
Q	4	010010010110100
Q	5	010000110000011
Q	6	010111011011010
Q	7	010101111101101
H	0	001011010001001
H	1	001001110111110
H	2	001110011100111
H	3	001100111010000
H	4	000011101100010
H	5	000001001010101
H	6	000110100001100
H	7	000100000111011

1 The number mask has a formula (row) mod 2 == 0. Note that the line number is from 0 At the beginning , So we need to switch the coordinates to 0,2,4,…,28 The bit of the line .

Mask number	If the following formula is for a given row / Column coordinates are true , Then switch the bit at this coordinate
0	( That's ok + Column ) mod 2 == 0
1	( That's ok ) mod 2 == 0
2	( Column ) mod 3 == 0
3	( That's ok + Column ) mod 3 == 0
4	（ floor （ That's ok / 2）+ floor （ Column / 3）） mod 2 == 0
5	(( That's ok * Column ) mod 2) + (( That's ok * Column ) mod 3) == 0
6	( (( That's ok * Column ) mod 2) + (( That's ok * Column ) mod 3) ) mod 2 == 0
7	( (( That's ok + Column ) mod 2) + (( That's ok * Column ) mod 3) ) mod 2 == 0

Insert picture description here

therefore 4 That's ok 2 Make a group of , The original D1-D26 yes ：

D1  = 0b11101100
D14 = 0b10000010
D2  = 0b11111000
D15 = 0b10010101
D3  = 0b00110110
D16 = 0b00111101
D4  = 0b01110110
D17 = 0b01100010
D5  = 0b00100010
D18 = 0b11101001
D6  = 0b11110001
D19 = 0b10100001
D7  = 0b00110111
D20 = 0b11100101
D8  = 0b01010010
D21 = 0b11010101
D9  = 0b00010111
D22 = 0b00101101
D10 = 0b11011110
D23 = 0b10010111
D11 = 0b01000100
D24 = 0b10001011
D12 = 0b01010100
D25 = 0b01111000
D13 = 0b11001101
D26 = 0b11000110

( That's ok ) mod 2 == 0 After mask

D1  = 0b00100000
D14 = 0b01001110
D2  = 0b00110100
D15 = 0b01011001
D3  = 0b11111010
D16 = 0b00001110
D4  = 0b01000101
D17 = 0b01010001
D5  = 0b00010001
D18 = 0b11011010
D6  = 0b00111101
D19 = 0b10010010
D7  = 0b00000100
D20 = 0b11010101
D8  = 0b10011110
D21 = 0b00011001
D9  = 0b11010100
D22 = 0b00010001
D10 = 0b00010100
D23 = 0b00001110
D11 = 0b11011101
D24 = 0b00010010
D12 = 0b11010010
D25 = 0b00011111
D13 = 0b01010100
D26 = 0b01000000

3. Data decoding

Decoding has a mode indicator ：

0001： Digital mode （ Every time  3  position  10  position ）
0010： Alphanumeric mode （ Every time  2  Characters  11  position ）
0100： Byte mode （ Each character  8  position ）
1000： Chinese character mode （ Each character  13  position ）
0111: ECI  Pattern

The character count indicator follows the mode indicator .

 edition  1-9
 Digital mode ：10  position 
 Alphanumeric mode ：9 position 
 Byte mode ：8 position 
 Chinese character mode ：8 position 
 edition  10–26
 Digital mode ：12 position 
 Alphanumeric mode ：11  position 
 Byte mode ：16 position 
 Chinese character mode ：10 position 
 edition  27–40
 Digital mode ：14 position 
 Alphanumeric mode ：13  position 
 Byte mode ：16 position 
 Chinese character mode ：12 position

4.Ruby Script

data = '00100000' \
       '00110100' \
       '11111010' \
       '01000101' \
       '00010001' \
       '00111101' \
       '00000100' \
       '10011110' \
       '11010100' \
       '00010100' \
       '11011101' \
       '11010010' \
       '01010100' \
       '01001110' \
       '01011001' \
       '00001110' \
       '01010001' \
       '11011010' \
       '10010010' \
       '11010101' \
       '00011001' \
       '00010001' \
       '00001110' \
       '00010010' \
       '00011111' \
       '01000000'
alphanumeric = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ $%*+-./:'.chars

def read(str, size)
  str.slice!(0, size)
end

def kanji(num)
  if num >= 0x1740
    (0xC140 + num / 0xC0 * 0x100 + num % 0xC0)
      .chr(Encoding::Shift_JIS).encode(Encoding::UTF_8)
  else
    (0x8140 + num / 0xC0 * 0x100 + num % 0xC0)
      .chr(Encoding::Shift_JIS).encode(Encoding::UTF_8)
  end
end

loop do
  case mode = read(data, 4)
  when '0010' # Alphanumeric
    count = read(data, 9).to_i(2)
    (count / 2).times do
      chunk = read(data, 11).to_i(2)
      print alphanumeric[chunk / 45] + alphanumeric[chunk % 45]
    end
    print alphanumeric[read(data, 11).to_i(2)] if count.odd?
  when '0100' # Byte
    count = read(data, 8).to_i(2)
    count.times do
      print read(data, 8).to_i(2).chr
    end
  when '1000' # Kanji
    count = read(data, 8).to_i(2)
    count.times do
      print kanji(read(data, 13).to_i(2))
    end
  when '0000' # Terminate
    break
  else
    fail "Unhandled mode #{mode}"
  end
end