当前位置:网站首页>Common routines of compressed packets in CTF

Common routines of compressed packets in CTF

2022-07-02 20:53:00 qq_ twenty-nine million five hundred and sixty-six thousand six

  1. Special characters that recognize hexadecimal strings :504B0304 To begin ,504B0506 End of the said ( Here is a supplementary knowledge point : Name the file as what file type , The computer will recognize from what feature head , such as zip From 504B0304 Start identifying , from 504B0506 end ), It is worth noting that for txt file , No header exists .
    Insert picture description here
    Insert picture description here
    Insert picture description here

  2. Pseudo encryption
    Insert picture description here

  3. File repair
    It is possible that the file header is intentionally written incorrectly :
    Insert picture description here
    Just change it at this time :504B0304

  4. Redundant information splicing
    ZIP The end identification bit of the compressed file directory is “504B0506”, And usually with 18 byte ( In the preliminary knowledge, we regard each offset as one , It's also a byte ) Redundant data for , The total length is generally 20 Bytes , So this routine is to divide the hidden information into multiple pieces and hide them at the end of multiple compressed packets .
    Insert picture description here

this 20 Bytes cannot be moved , Other redundant information can be added later , If you move , It will cause decompression failure .
Sum up , Find redundant data in the right place and splice , See what code it is , Decode again

  1. Find :
    Insert picture description here
    And comments can also be made through winhex see , Usually at the end :
    Insert picture description here
原网站

版权声明
本文为[qq_ twenty-nine million five hundred and sixty-six thousand six]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/02/202202151336001316.html

边栏推荐

猜你喜欢

随机推荐