2017蓝盾杯乱码中的flag-Writeup
题干:乱码中的flag
密文:
1 | fb+vArDN~wolP7`6DuZ0m@KFsw?ik{+.a1!xCsOyVzKJrsjp)$/T*}+kD0->i8GgA}U%mfXXoEyP,xHHuhIDtY>LaZo.E_)K]mwwzeyt:0MQ7Ses@X01z4C?rB],/y6sB1pe([3Qaz=2ur$e$yHhE.Cq>Clb(!@[39~a}ss$;aJD8@Vz$@qh4/o>6+Es833O*a.92*=4^YJ:mp^&l#Dn2O~<d8lalkJ&6WPesp33{(`-([3:!fK$Vik3^bWSG~]ql`J*hB_U:ZLQK#GNSl#4=-m0(Y#@aR2c7yj%Ko60opU6d2ar+UIQIkG;6P08x&ibi&ZNAl#lySal&f,G}`9ur[shD[LJ-6ob4;98}vD$T8w+gG<dt9w>k?hZZ]4?%.W1S*Jyz/)C+@)DiaeE~%-})YmeBka(hu>e`IZ9^?Z!A!6,e)X$g&G6npG-Ke.4IjP%[+.1ug-P8i+fI9bFnq)TyT4X]}9P@Co$W%tgy_uKx<h^U`gal)F0^.*svCMtzqt576]$cUR7tB[;tk@w>UWmH`UM~g-KUNoipz]bI1.&1e-tp*!z{^1Q?2BOytRSkZcRJ6*r7@=X?v8tCj0Y053)h_lpK5[x_l`lt@7NtYW:zPvijB#+3dUwt2HrH,uKN(*}D>=Cq)?SbS*9S(n1m6!iOzw0&wn`P5AsLoJ9XThC<)pe_R>@hV[me[v;d6+/_a_4g@-R`6qP#zD`8d,#):06!Qy?m{RQculp:nHe*_rm`Y%qP(xTGmwE/(8u**YDi7wk=bE5,_9){.P;3_J1W!eWnn8OKHTv,^*)#L0npJY-4%MxRwqWiJZ5iH>4En.-i[{Abs;p8}FYUh/+*PWs&mg]h<aTfIHA%$vw$(Y.zm,3DN1)s]la[>`cirnP`TPi`?EwmA]n!(1N*E~nD!sv[v{nV>{N)#>7ENc)g*sQmALczN{uFr@^2z<@Vx$1j:4b_S?,)4up8G~jB?[Ttw0CGa({m`R/m@![G[vwE6z#ezs1j}#LrOmai9G&0g0(XZ:c2US#F5lgc>{QRNw6KaUN-[#d(0S{JD8]=:Ma,Y=r^vu6%8dj`yup#^Jh?$U<@0tyB#JPY<A`;Rkd>Ksd6w91s}jH6Y5R=HoqmwbPj1>kMs~K5,nKiTplz-Oo(W,BMpm8l[VzdbUB)MBcMpIh~.JHJ.}.DRLCdI{.wZ$DY6!quF{:ojZTs`<x_JjFEkkR09B9<Ra*s6N2p;I72z=Dt927mB)nZ[rJFAme#;_N4vTE;E`YWN^uGv@Ny@JvVY=L9hYBo^QHY#!_g@{LLn?PSccxS3UXu1F!dN3KGp$y`hn8(.._,VU>njcg~vR9xZe0,5@Jb?q:33mjQ>dhr?q,Xs^+JTlS#`jV2;ys:+X/kF,^0jKP#N5x7PmG+sl<(ys~*yN5?)]Fy90f$G_5_]e$9ca$Q#7oxNX?smw`/*oqVq8X>s_)T^]@rwSd>74/4)Oso,(>6nFL?`~yp):4$8dX+zp6v0IlT6];LZ_AqR]hJHbBJ+DQ9Tt/Aj6po[gpr_m,^pO1^R:br`,Nof<5]Y,} |
CTF中没有没有用处的提示,比如本题最下方写的flag:bdctf{xxxx}
仔细看这段乱码,第一个字母f,第11个字母是l,而a这个字母在第32位
所以找一下这些字母之间的位次规律
1 | >>>str='fb+vArDN~wolP7`6DuZ0m@KFsw?ik{+.a1!xCsOyVzKJrsjp)$/T*}+kD0->i8GgA}U%mfXXoEyP,xHHuhIDtY>LaZo.E_)K]mwwzeyt:0MQ7Ses@X01z4C?rB],/y6sB1pe([3Qaz=2ur$e$yHhE.Cq>Clb(!@[39~a}ss$;aJD8@Vz$@qh4/o>6+Es833O*a.92*=4^YJ:mp^&l#Dn2O~<d8lalkJ&6WPesp33{(`-([3:!fK$Vik3^bWSG~]ql`J*hB_U:ZLQK#GNSl#4=-m0(Y#@aR2c7yj%Ko60opU6d2ar+UIQIkG;6P08x&ibi&ZNAl#lySal&f,G}`9ur[shD[LJ-6ob4;98}vD$T8w+gG<dt9w>k?hZZ]4?%.W1S*Jyz/)C+@)DiaeE~%-})YmeBka(hu>e`IZ9^?Z!A!6,e)X$g&G6npG-Ke.4IjP%[+.1ug-P8i+fI9bFnq)TyT4X]}9P@Co$W%tgy_uKx<h^U`gal)F0^.*svCMtzqt576]$cUR7tB[;tk@w>UWmH`UM~g-KUNoipz]bI1.&1e-tp*!z{^1Q?2BOytRSkZcRJ6*r7@=X?v8tCj0Y053)h_lpK5[x_l`lt@7NtYW:zPvijB#+3dUwt2HrH,uKN(*}D>=Cq)?SbS*9S(n1m6!iOzw0&wn`P5AsLoJ9XThC<)pe_R>@hV[me[v;d6+/_a_4g@-R`6qP#zD`8d,#):06!Qy?m{RQculp:nHe*_rm`Y%qP(xTGmwE/(8u**YDi7wk=bE5,_9){.P;3_J1W!eWnn8OKHTv,^*)#L0npJY-4%MxRwqWiJZ5iH>4En.-i[{Abs;p8}FYUh/+*PWs&mg]h<aTfIHA%$vw$(Y.zm,3DN1)s]la[>`cirnP`TPi`?EwmA]n!(1N*E~nD!sv[v{nV>{N)#>7ENc)g*sQmALczN{uFr@^2z<@Vx$1j:4b_S?,)4up8G~jB?[Ttw0CGa({m`R/m@![G[vwE6z#ezs1j}#LrOmai9G&0g0(XZ:c2US#F5lgc>{QRNw6KaUN-[#d(0S{JD8]=:Ma,Y=r^vu6%8dj`yup#^Jh?$U<@0tyB#JPY<A`;Rkd>Ksd6w91s}jH6Y5R=HoqmwbPj1>kMs~K5,nKiTplz-Oo(W,BMpm8l[VzdbUB)MBcMpIh~.JHJ.}.DRLCdI{.wZ$DY6!quF{:ojZTs`<x_JjFEkkR09B9<Ra*s6N2p;I72z=Dt927mB)nZ[rJFAme#;_N4vTE;E`YWN^uGv@Ny@JvVY=L9hYBo^QHY#!_g@{LLn?PSccxS3UXu1F!dN3KGp$y`hn8(.._,VU>njcg~vR9xZe0,5@Jb?q:33mjQ>dhr?q,Xs^+JTlS#`jV2;ys:+X/kF,^0jKP#N5x7PmG+sl<(ys~*yN5?)]Fy90f$G_5_]e$9ca$Q#7oxNX?smw`/*oqVq8X>s_)T^]@rwSd>74/4)Oso,(>6nFL?`~yp):4$8dX+zp6v0IlT6];LZ_AqR]hJHbBJ+DQ9Tt/Aj6po[gpr_m,^pO1^R:br`,Nof<5]Y,}' |
看输出结果的前4个数
0-11 个位0->1,十位+1
11-32 个位1->2,十位+2
32-63 个位2->3,十位+3
63-104 个位3->4,十位+4
然后到这里就断了,变成了1
能看出这是一个个位从0-n依次变化,十位从1-n自增的变化规律
到这里计算下一位
十位10+5=15,个位4+1=5就是155
下面依次按规律计算到287,又断了,剩下的需要自己去计算
按规律,下面的是
368
459
到459是flag格式内容的f,后面应该是{了
找一下{的位置
1 | num =0 |
据459最近的是561,由于python中的字符串是从0开始计数的,则在程序中字符串位置为560
到这里,个位由9->10,10向十位进一,个位为0,十位45+10+1=56,则结果为560,与判断一致
然后依次进行下面的计算,到最后一个字母1547终止
结果为:
1 | 0 |
第二列数字是十位之间的差,得到这个结果后用脚本依次输出所在位置的字符
1 | a=[0,11,32,63,104,155,216,287,368,459,560,671,792,923,1064,1215,1376,1547,1728] |
去掉空格,得到flag:bdctf{sK7%*k}