First, thank you. 360 PowerChina cup platform and all the big guys who set the questions

Catalog

Title ：Welcome_to_QGB

Title ： Big big big big

Title ：The fn picture

Title ： Look for GIF

Title ：[email protected]

Title ：babyRSA

  Come on, ladies and gentlemen ( •̀ ω •́ )y  I look forward to meeting you again

---

• Title ：Welcome_to_QGB

  direct base64 obtain flag

• Title ： Big big big big

Download the attachment to get a picture

The title prompt says Can pass lsb Steganography gets pictures But most people don't know how to use stegsolve This software

Here is a more direct way

Put it in kali in

use zsteg find information

I found a picture in it

Put forward pictures

zsteg -e b1,rgb,lsb,xy 1.png>99.png

Extract a picture

The picture has arrows to guide you to think that it may be highly steganographic

Drag onto 010

Change height

obtain flag

obtain flag

• Title ：The fn picture

  Downloading the attachment requires a password

When there is no prompt again

Just try blasting

Get a four digit decompression password

7u3N

Open the package

open txt

Txt Prompt So just put flag stay 010 in

txt It's a picture According to 010 Code

So add the png The file header of

Successfully get a QR code

But scanning Find out flag Not here

  So it may be confusing information

One more file

Can't open the drag 010 in

It is found that it is in compressed package format

Change the suffix directly

After the open   Open a file without suffix

The thought of txt A hint of

Decisively change the file header

  Get a QR code

  Transcode to get flag

• Title ： Look for GIF

  Download the attachment

It is found that the compressed package needs to decompress the password

All kinds of attempts failed  

Drag onto 010 in

It is found that the compressed package is a pseudo password

use win The software comes with a repair tool. After repair, unzip

obtain

 aaa drag 010

Found to be png Format

  Add a suffix to get a picture

  Direct drag 010 Change the height inside

Rotate the picture to get bbb.zip Unzip password for

Get a suffix free bbb file

  At first, I was persistent in analysis GIF Moving graph （ Later, I found it of little use ）

contrast bbb and ccc.gif File format

Find similarities

So there is reason to doubt bbb yes gif file

So be decisive ccc Head handle bbb Replace the garbled code

  Save again as gif file

Get another GIF file

Vaguely found inside flag Flash past

Put it in stegsolve Mention the number of frames

There is something in frame 8

  Save it and then use it directly stegsolve

Turn on the palette Find the clearest one

  obtain flag

• Title ：[email protected]

  Decompression is obtained. bat file

  I don't know what it is  

First use 010 open

The statement

Click on hex

After searching various resources Know that the encryption method is batchencryption Use py Write a script to decrypt , Before that, it is necessary to bat Do some processing , To match the encryption Use 010editor open bat, Switch to a hex Pattern , Add the following fields in the program header ：

::BatchEncryption Build 201610 By [email protected]

Save as txt file

At this time, the script is needed to repair

Attach script （ Free of charge ）

#!/usr/bin/python
# -*- coding:utf-8 -*-
#
# Batch Decryption 202009 (BatchEncryption Build 201610)
#

import os
import sys

encrypt_file = ''
encodeErrByteArray = [b'\xfe', b'\xff']

def decryption(data):
    #  The starting position of the source code subscript after removing the header 
    i = data.index(b'163.com\r\n') + 9
    vars = {}
    length = len(data)
    source = ''
    while i < length:
        Data = run(vars, data, i)
        i = Data.get('index')
        source += Data.get('buf')
    return source

def run(vars, data, i):
    buf = ''
    f = 0
    t = 0
    x = False
    l = len(data)
    while(True):
        if data[i] == 0x0d and data[i+1] == 0x0a:
            i += 2
            break
        # get %var:~x,y% %0
        if data[i] == 0x25:
            if not x:
                x = True
                f = i
            else:
                x = False
                t = i
                rst = var_percent(data[f:t+1], vars)
                buf += rst
            i += 1
        else:
            if not x:
                try:
                    buf += str(data[i:i+1], encoding="utf-8")
                    i += 1
                except Exception as err:
                    #  Filter out bytes that cannot be parsed 
                    if data[i:i+1] in encodeErrByteArray:
                        buf = ''
                        i += 1
                    else:
                        #  With ansi Code parsing Chinese 
                        chinese = b''
                        temp = i
                        while (str(data[temp:temp+1]).find('x') >= 0):
                            chinese += data[temp:temp+1]
                            temp += 1
                        buf += chinese.decode('ansi', 'ignore')
                        i = temp
            else:
                if (f + 1 == i) and ((data[i] >= 0x30 and data[i] <= 0x39) or data[i] == 0x2a):
                    x = False
                    t = i
                    rst = str(data[f:t+1], encoding="utf-8")
                    buf += rst
                i += 1
        if i >= l:
            break
    #print(buf)
    bufs = buf.split('&@')
    for var in bufs:
        if var[0:4] == 'set ':
            var = var[4:]
            b = var.find('=')
            vars[var[0:b]] = var[b+1:].replace('^^^', '^')
    buf += '\r\n'
    return {'index':i, 'buf':buf}

"""
%':~-53,1%
':~-53,1
["'", '-53,1']
"""
def var_percent(data, vars):
    full = str(data, encoding="utf-8")
    buf = full[1:len(full)-1]
    buf = buf.split(':~')
    var = buf[0]
    if not var in vars:
        vars[var] = os.getenv(var)
    ent = vars[var]
    if (len(buf) > 1):
        l = len(ent)
        buf = buf[1].split(',')
        f = int(buf[0])
        t = int(buf[1])
        if f < 0:
            f, t = l + f, t
        rst = ent[f: f+t]
    else:
        rst = full
    return rst

def makeFile(path,content):
    try:
        encryptionFilePath = os.path.dirname(sys.argv[1])
        encryptionFileName = os.path.basename(sys.argv[1])
        encryptionFile = encryptionFileName.split('.')
        decryptionFileName = encryptionFile[0] + '_denctyption.' + encryptionFile[1]
        decryptionFile = encryptionFilePath + '/' + decryptionFileName
        print(decryptionFile)
        file = open(decryptionFile, 'w+')
        file.write(content)
        file.close()
    except Exception as err:
        print(err)
        exit        

if __name__ == '__main__':

    try:
        if len(sys.argv) < 2:
            print('param len error\nuse: python dencrypt.py encrypt.bat')
            exit
        encrypt_file = sys.argv[1]
        file = open(encrypt_file, "rb")
        data = file.read()
        file.close()
        source = decryption(data)
        makeFile(encrypt_file, source)
    except Exception as err:
        print(err)
        exit

stay cmd Command line Input

D:\py>python 2.py 2.txt

obtain flag 

• Title ：babyRSA

Download the attachment to get

A standard rsa decode

Take a look rsa Steganography

Script on （ Free of charge ）

from Crypto.Util.number import long_to_bytes
import gmpy2
p =gmpy2.mpz(138426212841397149251588296134109165537899310438173750798364671675288360000561798355248532054510396589533971267028332214842673811687883616744131130398289077554612883492204032984950562003356001139508926059499376562553551028636226548350263501563647121411422314575340826478224596800551927493501012088298680613879)
q =gmpy2.mpz(143049585916449723925099288769361999764006236021072588846981723369760726410300239985500007665844216512624584735358913225102358935263419564762626442560266419262555820476424949328464294635696200999314599615276252945343396324462380831303649657541178450608628341694003116451196859197001909770503494349726784153027)
e =gmpy2.mpz(33)
phi_n= (p - 1) * (q - 1)
d = gmpy2.invert(e, phi_n)
n=q*p
print("d is:")
print (d)
print("n")
print(n)
c=eval('8289193595993122921665841895022976104081072031742625708463764526627277052318279883859957490142516216024577600646435489409922900157398525709897066174566802837502462355349783465478982642622084973551364981880045419080599645199823932885880822500635358984691098019833373137233421653021398144494548012693727095816659975325054446041806452350925160187980103112171629784199440456927010178848494443466141894033183475723365090593126309457761806861074583084445735295863195227044710706725657905516027928685083079534461311107335936896525014768633605005601716003989306032040278750752221002412831419560140443505534384151408234420458')
m = pow(c, d, n)

print(m)
string = long_to_bytes(m)
print(string)

  function

  obtain flag

For the sake of free script , Pay attention Hee hee

Download the attachment

2022 year “ Power cup ” Technical skills competition - The attachment 2022 year “ Power cup ” Technical skills competition more download resources 、 For learning materials, please visit CSDN Download channel .https://download.csdn.net/download/m0_68012373/86240223

  Come on, ladies and gentlemen ( •̀ ω •́ )y  I look forward to meeting you again