Title: 2024 Fujian Shield Cup-Black Shield Track WP

CRYPTO

Sign in question-Learn SM

https://www.json.cn/encrypt/sm3 The question requires lowercase so it needs to be converted or script: import hashlib

message='heidun2024'

hash_object=hashlib.new('sm3')hash_object.update(message.encode('utf-8'))hash_value=hash_object.hexdigest()

print(hash_value)

Source code and data must be protected

Decrypt php using php online decryption tool

Get the php source code

?phpfunction my_encode($str,$key) { $re=''; $len=strlen($str); for ($i=0;$i$len;$i++) { $c=substr($str,$i,1); $k=substr($key,($i%strlen($key)),1); $num=ord($c)+ord($k); if($num255) $num-=256; $re.=chr($num); } return $re;}function my_decode($str,$key) { return 'Something missed.';}$data=@$_GET['data'];$key=@$_GET['key'];if($key=='') $key='hdhd4321';if($data!='') { $mi=my_encode($data,$key); file_put_contents('data_encoded.txt',$mi); echo 'Saved to data_encoded.txt';}?I got flag after writing scripts

?phpfunction my_encode($str,$key) { $re=''; $len=strlen($str); for ($i=0;$i$len;$i++) { $c=substr($str,$i,1); $k=substr($key,($i%strlen($key)),1); $num=ord($c)+ord($k); if($num255) $num-=256; $re.=chr($num); } return $re;}function my_decode($str,$key) { return 'Something missed.';}$data=@$_GET['data'];$key=@$_GET['key'];if($key=='') $key='hdhd4321';if($data!='') { $mi=my_encode($data,$key); file_put_contents('data_encoded.txt',$mi); echo 'Saved to data_encoded.txt';}?phpfunction my_encode($str,$key) { $re=''; $len=strlen($str); for ($i=0;$i$len;$i++) { $c=substr($str,$i,1); $k=substr($key,($i%strlen($key)),1); $num=ord($c)+ord($k); if($num255) $num-=256; $re.=chr($num); } return $re;}function my_decode($str,$key) { return 'Something missed.';}$data=@$_GET['data'];$key=@$_GET['key'];if($key=='') $key='hdhd4321';if($data!='') { $mi=my_encode($data,$key); file_put_contents('data_encoded.txt',$mi); echo 'Saved to data_encoded.txt';}?

I make the decision on my division

The question gives data

ergdgjboglfpgcbpbofmgafhfngpfoflfpfkgjgccndcfqfpgcgofofpdadadagr title prompt is custom binary, so first check the symbols used in the string, there are 17 symbols as follows.

It is roughly in the alphabetical order of a to r, with one i missing. Therefore, it is speculated that it is actually in eleventh digit, a to r correspond to 0-9\a-h, where i is not used.

Finally, after testing, a 2-digit e-digit e-digit e-digit for each letter is coded separately, and the solution is obtained by flag.

from Crypto.Util.number import *with open('My Centigrade I'm the master.txt') as file: dat=file.readline()print(dat.encode().hex())print(dat)print(len(dat))co=0for i in [chr(i) for i in range(ord('a'), ord('z')+1)]: if i in dat: print(i, end='') co+=1print()print(co)chls='abcdefghijklmnopqr'myO='0123456789abcdefgh'ct=dict(zip(chls,myO))print(ct)decDat=''.join([str(ct[i]) for i in dat])flag=''jinzhi=18for i in range(0, len(decDat),2): tmp=decDat[i: i+2] res=int(tmp, jinzhi) flag +=chr(res) print(f'{tmp}, {res}, {chr(res)}')print(decDat)print(flag)flag2=int(decDat, jinzhi)print(flag2)print(long_to_bytes(flag2)) s

flag{heidun18jinzhi666}

Source code and data must be protected

Question description: difficult PHP, difficult flag.

The PHP file in the attachment is encrypted and needs to be cracked. You can use some online cracking platforms, such as: http://www.zhaoyuanma.com/zym.html, or you can build your own PHP environment, install the php-beast extension module, and restore the PHP source code in debug mode. (The module can be used with the default key) The source code has written an encryption function, but no decryption function is written:

You have to write a decryption function yourself to decrypt the txt file to get the plaintext flag. Refer to the decryption code:

MISC

A Logo

The lsb steganography examined, zsteg is directly It is OK to use Stegsolve, b0 channel I changed the sample but didn't know if my question changed, I guess it was still lsb, and ran with zsteg found that there is redundant data. Looking at this, you can directly think of base64 table replacement

I found that the encoding table is incorrect, which may be the reason for the incomplete table. Because it starts with xyz, I added abcdefghijklmnopqrstuvw

Learn Office

When I saw it was xls, I knew it was an excel table with wps and opened it. I found that it could be unhidden. saw the flag column, prompting macro encryption. Because my wps cannot perform macro operations, I changed to the office of Windows to find macros in the view. However, the character order of flag does not sort the filter function, and the filtering computer results are descending. Extract flag characters

I'm not a QR code

looks like a QR code, and then it is still 00000001111111. Directly go to Byxs20 B God's tool Puzzlesolver. If you want to buy the tool, you can contact Penguin 97766819 Get the QR code After identifying it, I got the password. I have been doing it for a long time. I guess it is the key and offset of the file name. It is also an old routine to make the key of the file name

I changed my mind and I didn't know me

Check the end of the picture and find the string xyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/W9i4WoeEJAy7Un/hV8u/WT870Tq2J6xjKEl=Splined into a complete base64 table and decoded to obtain flagxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/abcdefghijklmnopqrstuvw

The Internet traffic of the questioner

Start to get the pcap file, the SMTP protocol was found in the middle section, and it was speculated that there was content, and filter operation was performed.

Tracking SMTP flow

Base64 decode the email body to obtain the text information, and save the cook to html output.

Download the attachment and find the encrypted docx document, with the password being the QQ number of the questioner.

The page prompted Wu to compare and found that he was the communication group owner with the QQ number 217778.

Decryption results in the final result.

flag{baodaheidunchutiren}

gogogo

This question uses go's github.com/tjfoc/gmsm/x509 library to encrypt the flag and output it. The public key and private key are all in the source code.

Therefore, decryption is directly used in the library for decryption. Among them, the ReadPrivateKeyFromPem function needs to pass in the second parameter pwd as the private key password, because the private key given in the source code is not encrypted, so it is enough to pass in nil.

package mainimport ( 'crypto/rand' _ 'embed' 'github.com/tjfoc/gmsm/x509')type EncryptController struct {}func Encrypt(plainText []byte) []byte { publicKeyFromPem, err :=x509.ReadPublicKeyFromPem(pub) if err !=nil { panic(err) } cipherText, err :=publicKeyFromPem.EncryptAsn1(plainText, rand.Reader) if err !=nil { panic(err) } return cipherText}func Decrypt(plainText []byte) []byte { privateKeyFromPem, err :=x509.ReadPrivateKeyFromPem(pri, nil) if err !=nil { panic(err) } cipherText, err :=privateKeyFromPem.DecryptAsn1(plainText) if err !=nil { panic(err) } return cipherText}var pub=[]byte(`-----BEGIN PUBLIC KEY----MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE3xqu+AwSgmeQnsVflwUSDnjxPkjCSiD+xllUCJ3UkfGmLII/LZ2FS3gJe4o6PGXZEWiIZz4eb4brd1xlXkrleQ==----END PUBLIC KEY----`)var pri=[]byte(`-----BEGIN PRIVATE KEY----MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQglNntSZVhLqSWzuKwZ2CwSfSCNI8lQm0sS0Kvh8dOxG+gCgYIKoEcz1UBgi2hRANCAATfGq74DBKCZ5CexV+XBRIOePE+SMJKIP7GWVQIndSR8aYsgj8tnYVLeAl7ijo8ZdkRaIhnPh5vhut3XGVeSuV5----END PRIVATE KEY----`)func main() { cs :=[]byte{48, 125, 2, 33, 0, 238, 212, 154, 134, 255, 91, 109, 210, 231, 242, 184, 9, 103, 26, 30, 241, 93, 242, 68, 119, 148, 9, 21, 5, 241, 175, 203, 3, 152, 63, 85, 82, 2, 32, 2, 156, 154, 131, 146, 194, 242, 200, 19, 109, 209, 151, 90, 252, 165, 49, 247, 141, 208, 219, 117, 226, 91, 113, 225, 0, 33, 162, 19, 87, 49, 68, 4, 32, 213, 16, 18, 177, 119, 110, 74, 6, 147, 235, 85, 0, 61, 4, 1, 43, 107, 207, 249, 37, 195, 141, 141, 23, 244, 159, 235, 159, 169, 243, 160, 37, 4, 20, 179, 67, 236, 205, 121, 146, 216, 75, 168, 197, 214, 34, 63, 138, 237, 247, 166, 117, 246, 210} flag :=Decrypt(cs) res :=string(flag) println(res)} Add the flag header to get the real flag.

flag{this_is_a_p