2017蓝盾杯乱码中的flag-Writeup

题干:乱码中的flag

密文:

fb+vArDN~wolP7`[email protected]?ik{+.a1!xCsOyVzKJrsjp)$/T*}+kD0->i8GgA}U%mfXXoEyP,xHHuhIDtY>LaZo.E_)K]mwwzeyt:[email protected]?rB],/y6sB1pe([3Qaz=2ur$e$yHhE.Cq>Clb([email protected][39~a}ss$;[email protected][email protected]/o>6+Es833O*a.92*=4^YJ:mp^&l#Dn2O~<d8lalkJ&6WPesp33{(`-([3:!fK$Vik3^bWSG~]ql`J*hB_U:ZLQK#GNSl#4=-m0(Y#@aR2c7yj%Ko60opU6d2ar+UIQIkG;6P08x&ibi&ZNAl#lySal&f,G}`9ur[shD[LJ-6ob4;98}vD$T8w+gG<dt9w>k?hZZ]4?%.W1S*Jyz/)[email protected])DiaeE~%-})YmeBka(hu>e`IZ9^?Z!A!6,e)X$g&G6npG-Ke.4IjP%[+.1ug-P8i+fI9bFnq)TyT4X]}[email protected]$W%tgy_uKx<h^U`gal)F0^.*svCMtzqt576]$cUR7tB[;[email protected]>UWmH`UM~g-KUNoipz]bI1.&1e-tp*!z{^1Q?2BOytRSkZcRJ6*[email protected]=X?v8tCj0Y053)h_lpK5[x_l`[email protected]:zPvijB#+3dUwt2HrH,uKN(*}D>=Cq)?SbS*9S(n1m6!iOzw0&wn`P5AsLoJ9XThC<)pe_R>@hV[me[v;d6+/[email protected]`6qP#zD`8d,#):06!Qy?m{RQculp:nHe*_rm`Y%qP(xTGmwE/(8u**YDi7wk=bE5,_9){.P;3_J1W!eWnn8OKHTv,^*)#L0npJY-4%MxRwqWiJZ5iH>4En.-i[{Abs;p8}FYUh/+*PWs&mg]h<aTfIHA%$vw$(Y.zm,3DN1)s]la[>`cirnP`TPi`?EwmA]n!(1N*E~nD!sv[v{nV>{N)#>7ENc)g*sQmALczN{[email protected]^2z<@Vx$1j:4b_S?,)4up8G~jB?[Ttw0CGa({m`R/[email protected]![G[vwE6z#ezs1j}#LrOmai9G&0g0(XZ:c2US#F5lgc>{QRNw6KaUN-[#d(0S{JD8]=:Ma,Y=r^vu6%8dj`yup#^Jh?$U<@0tyB#JPY<A`;Rkd>Ksd6w91s}jH6Y5R=HoqmwbPj1>kMs~K5,nKiTplz-Oo(W,BMpm8l[VzdbUB)MBcMpIh~.JHJ.}.DRLCdI{.wZ$DY6!quF{:ojZTs`<x_JjFEkkR09B9<Ra*s6N2p;I72z=Dt927mB)nZ[rJFAme#;_N4vTE;E`YWN^[email protected]@JvVY=L9hYBo^QHY#[email protected]{LLn?PSccxS3UXu1F!dN3KGp$y`hn8(.._,VU>njcg~vR9xZe0,[email protected]?q:33mjQ>dhr?q,Xs^+JTlS#`jV2;ys:+X/kF,^0jKP#N5x7PmG+sl<(ys~*yN5?)]Fy90f$G_5_]e$9ca$Q#7oxNX?smw`/*oqVq8X>s_)T^]@rwSd>74/4)Oso,(>6nFL?`~yp):4$8dX+zp6v0IlT6];LZ_AqR]hJHbBJ+DQ9Tt/Aj6po[gpr_m,^pO1^R:br`,Nof<5]Y,}









flag:bdctf{xxxx}

CTF中没有没有用处的提示,比如本题最下方写的flag:bdctf{xxxx}

仔细看这段乱码,第一个字母f,第11个字母是l,而a这个字母在第32位

所以找一下这些字母之间的位次规律

>>>str='fb+vArDN~wolP7`[email protected]?ik{+.a1!xCsOyVzKJrsjp)$/T*}+kD0->i8GgA}U%mfXXoEyP,xHHuhIDtY>LaZo.E_)K]mwwzeyt:[email protected]?rB],/y6sB1pe([3Qaz=2ur$e$yHhE.Cq>Clb([email protected][39~a}ss$;[email protected][email protected]/o>6+Es833O*a.92*=4^YJ:mp^&l#Dn2O~<d8lalkJ&6WPesp33{(`-([3:!fK$Vik3^bWSG~]ql`J*hB_U:ZLQK#GNSl#4=-m0(Y#@aR2c7yj%Ko60opU6d2ar+UIQIkG;6P08x&ibi&ZNAl#lySal&f,G}`9ur[shD[LJ-6ob4;98}vD$T8w+gG<dt9w>k?hZZ]4?%.W1S*Jyz/)[email protected])DiaeE~%-})YmeBka(hu>e`IZ9^?Z!A!6,e)X$g&G6npG-Ke.4IjP%[+.1ug-P8i+fI9bFnq)TyT4X]}[email protected]$W%tgy_uKx<h^U`gal)F0^.*svCMtzqt576]$cUR7tB[;[email protected]>UWmH`UM~g-KUNoipz]bI1.&1e-tp*!z{^1Q?2BOytRSkZcRJ6*[email protected]=X?v8tCj0Y053)h_lpK5[x_l`[email protected]:zPvijB#+3dUwt2HrH,uKN(*}D>=Cq)?SbS*9S(n1m6!iOzw0&wn`P5AsLoJ9XThC<)pe_R>@hV[me[v;d6+/[email protected]`6qP#zD`8d,#):06!Qy?m{RQculp:nHe*_rm`Y%qP(xTGmwE/(8u**YDi7wk=bE5,_9){.P;3_J1W!eWnn8OKHTv,^*)#L0npJY-4%MxRwqWiJZ5iH>4En.-i[{Abs;p8}FYUh/+*PWs&mg]h<aTfIHA%$vw$(Y.zm,3DN1)s]la[>`cirnP`TPi`?EwmA]n!(1N*E~nD!sv[v{nV>{N)#>7ENc)g*sQmALczN{[email protected]^2z<@Vx$1j:4b_S?,)4up8G~jB?[Ttw0CGa({m`R/[email protected]![G[vwE6z#ezs1j}#LrOmai9G&0g0(XZ:c2US#F5lgc>{QRNw6KaUN-[#d(0S{JD8]=:Ma,Y=r^vu6%8dj`yup#^Jh?$U<@0tyB#JPY<A`;Rkd>Ksd6w91s}jH6Y5R=HoqmwbPj1>kMs~K5,nKiTplz-Oo(W,BMpm8l[VzdbUB)MBcMpIh~.JHJ.}.DRLCdI{.wZ$DY6!quF{:ojZTs`<x_JjFEkkR09B9<Ra*s6N2p;I72z=Dt927mB)nZ[rJFAme#;_N4vTE;E`YWN^[email protected]@JvVY=L9hYBo^QHY#[email protected]{LLn?PSccxS3UXu1F!dN3KGp$y`hn8(.._,VU>njcg~vR9xZe0,[email protected]?q:33mjQ>dhr?q,Xs^+JTlS#`jV2;ys:+X/kF,^0jKP#N5x7PmG+sl<(ys~*yN5?)]Fy90f$G_5_]e$9ca$Q#7oxNX?smw`/*oqVq8X>s_)T^]@rwSd>74/4)Oso,(>6nFL?`~yp):4$8dX+zp6v0IlT6];LZ_AqR]hJHbBJ+DQ9Tt/Aj6po[gpr_m,^pO1^R:br`,Nof<5]Y,}'

>>> for i in 'flag:bdctf{':
    print str.index(i)

0
11
32
63
104
1
216
287
84
0
29

看输出结果的前4个数

0-11 个位0->1,十位+1

11-32 个位1->2,十位+2

32-63 个位2->3,十位+3

63-104 个位3->4,十位+4

然后到这里就断了,变成了1

能看出这是一个个位从0-n依次变化,十位从1-n自增的变化规律

到这里计算下一位

十位10+5=15,个位4+1=5就是155

下面依次按规律计算到287,又断了,剩下的需要自己去计算

按规律,下面的是
368
459

到459是flag格式内容的f,后面应该是{

找一下{的位置

>>> num =0
>>> for i in str:
    num+=1
    if i =='{':
        print num


30
233
561
730
777
831
915
919
939
980
1031
1048
1179
1191
1287

据459最近的是561,由于python中的字符串是从0开始计数的,则在程序中字符串位置为560

到这里,个位由9->10,10向十位进一,个位为0,十位45+10+1=56,则结果为560,与判断一致

然后依次进行下面的计算,到最后一个字母1547终止

结果为:

0
11
32 2
63 3
104 4
155 5
216 6
287 7
368 8
459 9
560 10
671 11
792 12
923 13
1064 14
1215 15
1376 16
1547 17

第二列数字是十位之间的差,得到这个结果后用脚本依次输出所在位置的字符

>>> a=[0,11,32,63,104,155,216,287,368,459,560,671,792,923,1064,1215,1376,1547,1728]
>>> for i in a:
    print str[i],


f l a g : b d c t f { s K 7 % * k }

去掉空格,得到flag:bdctf{sK7%*k}


*转载请注明来自AresX’s Blog

本博客采用 知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议(CC BY-NC-SA 4.0) 发布.转载请注明出处
本文链接:https://ares-x.com/2017/10/30/2017蓝盾杯乱码中的flag-Writeup/