当前位置:网站首页>Common routines of compressed packets in CTF
Common routines of compressed packets in CTF
2022-07-02 20:53:00 【qq_ twenty-nine million five hundred and sixty-six thousand six】
Special characters that recognize hexadecimal strings :504B0304 To begin ,504B0506 End of the said ( Here is a supplementary knowledge point : Name the file as what file type , The computer will recognize from what feature head , such as zip From 504B0304 Start identifying , from 504B0506 end ), It is worth noting that for txt file , No header exists .
Pseudo encryption
File repair
It is possible that the file header is intentionally written incorrectly :
Just change it at this time :504B0304Redundant information splicing
ZIP The end identification bit of the compressed file directory is “504B0506”, And usually with 18 byte ( In the preliminary knowledge, we regard each offset as one , It's also a byte ) Redundant data for , The total length is generally 20 Bytes , So this routine is to divide the hidden information into multiple pieces and hide them at the end of multiple compressed packets .
this 20 Bytes cannot be moved , Other redundant information can be added later , If you move , It will cause decompression failure .
Sum up , Find redundant data in the right place and splice , See what code it is , Decode again
- Find :
And comments can also be made through winhex see , Usually at the end :
边栏推荐
- Jetson XAVIER NX上ResUnet-TensorRT8.2速度與顯存記錄錶(後續不斷補充)
- Cron expression (seven subexpressions)
- mysql
- Jetson XAVIER NX上ResUnet-TensorRT8.2速度与显存记录表(后续不断补充)
- How to open an account online? Is it safe to open a mobile account?
- ROS learning (10): ROS records multiple topic scripts
- 数据库模式笔记 --- 如何在开发中选择合适的数据库+关系型数据库是谁发明的?
- Driverless learning (III): Kalman filter
- 八年测开经验,面试28K公司后,吐血整理出高频面试题和答案
- Backpack template
猜你喜欢
Add two numbers of leetcode
Jetson XAVIER NX上ResUnet-TensorRT8.2速度與顯存記錄錶(後續不斷補充)
How to do interface testing? After reading this article, it will be clear
![[QT] QPushButton creation](/img/c4/bc0c346e394484354e5b9d645916c0.png)
[QT] QPushButton creation
pytorch 模型保存的完整例子+pytorch 模型保存只保存可训练参数吗?是(+解决方案)
Driverless learning (4): Bayesian filtering
GCC: Graph Contrastive Coding for Graph Neural NetworkPre-Training
Sometimes only one line of statements are queried, and the execution is slow
Attack and defense world PWN question: Echo
Solution to blue screen after installing TIA botu V17 in notebook
随机推荐
for(auto a : b)和for(auto &a : b)用法
Is it safe to open an account for online stock speculation? I'm a novice, please guide me
Attack and defense world PWN question: Echo
Jetson XAVIER NX上ResUnet-TensorRT8.2速度与显存记录表(后续不断补充)
Volvo's first MPV is exposed! Comfortable and safe, equipped with 2.0T plug-in mixing system, it is worth first-class
At compilation environment setup -win
Sometimes only one line of statements are queried, and the execution is slow
【Hot100】22. 括号生成
Google Earth engine (GEE) - Landsat 9 image full band image download (Beijing as an example)
What is online account opening? Is it safe to open an account online now?
B-end e-commerce - reverse order process
I want to ask you, where is a better place to open an account in Dongguan? Is it safe to open a mobile account?
Research Report on the overall scale, major manufacturers, major regions, products and applications of battery control units in the global market in 2022
【JS】获取hash模式下URL的搜索参数
How to open an account online? Is it safe to open a mobile account?
Cs5268 perfectly replaces ag9321mcq typec multi in one docking station solution
Automated video production
Google Earth Engine(GEE)——Landsat 9影像全波段影像下载(北京市为例)
数据库模式笔记 --- 如何在开发中选择合适的数据库+关系型数据库是谁发明的?
Research Report on the overall scale, major manufacturers, major regions, products and application segmentation of power management units in the global market in 2022