题目附件请自取
链接:https://pan.baidu.com/s/18K00ClgwJsqmKphPmqMpHw
提取码:6r3j
full.png使用010 Editor打开出现CRC校验报错,猜测需要修复宽高,其次发现了文件末尾附加了镜像翻转的png字节流数据将附加数据提取出来另存为png文件,通过分析不难发现将字节流数据逆序然后每十六个字节流翻转一下即为正常的png数据
使用Python简单处理
from binascii import *
with open('full1.png', 'rb') as f:
with open('res-full.png', 'wb') as f1:
hex_data = hexlify(f.read()).decode()[::-1]
for i in range(0, len(hex_data), 32):
data = hex_data[i:i+32][::-1]
f1.write(unhexlify(data))
即得到full.png和res-full.png两张图片,两张图片使用010 Editor打开都会出现CRC报错,使用脚本还原宽高
import binascii
import struct
import sys
file = 'full.png'
fr = open(file,'rb').read()
data = bytearray(fr[0x0c:0x1d])
crc32key = eval('0x'+str(binascii.b2a_hex(fr[0x1d:0x21]))[2:-1])
#原来的代码: crc32key = eval(str(fr[29:33]).replace('\\x','').replace("b'",'0x').replace("'",''))
n = 4095
for w in range(n):
width = bytearray(struct.pack('>i', w))
for h in range(n):
height = bytearray(struct.pack('>i', h))
for x in range(4):
data[x+4] = width[x]
data[x+8] = height[x]
crc32result = binascii.crc32(data) & 0xffffffff
if crc32result == crc32key:
print(width,height)
newpic = bytearray(fr)
for x in range(4):
newpic[x+16] = width[x]
newpic[x+20] = height[x]
fw = open(file+'.png','wb')
fw.write(newpic)
fw.close
sys.exit()即得到完整的图片full.png.png以及res-full.png.png
很明显res-full.png.png可能存在盲水印
flag.png使用PS水平翻转一下
32effq8aa8374a02a9p1636ae8901qa0提示
2-5 e-6 9-a p-b q-d一开始以为只是2->5 e->6 9->a p->b q->d,替换后发现提交并不对,猜测是都要相互替换即
flag='32effq8aa8374a02a9p1636ae8901qa0'
dict1 = {'2':'5','5':'2','e':'6','6':'e','9':'a','a':'9','p':'b','b':'p','q':'d','d':'q'}
flag_list = list(flag)
idx = 0
for char in flag_list:
for key in dict1:
if char == key:
flag_list[idx] = dict1[key]
idx += 1
res_flag = ''
for i in flag_list:
res_flag += i
print('flag{{{}}}'.format(res_flag))PS C:\Users\Administrator\Downloads\mirror> python .\replace.py
flag{356ffd89983749059ab1e3e968a01d90}