2023 *CTF flagfile

zydt10 / 2023-08-08 / 原文

flagfile

格式文件是mgc，题目提示用file命令查看

观察后，忽略有规律的，取出没规律的

将红圈的数字异或，得到第一组数据

这里发现后面是ffff，从这里隔开，异或的数据作为第二组

异或的数据都将其转为十进制后，发现第二组可能是ascII编码，转化得到：f_o_a__lhy_s_y^^hete_ug___goo_t_

第一组则可能是字符的排列顺序：[25, 8, 18, 20, 27, 31, 30, 26, 7, 13, 5, 11, 16, 9, 34, 32, 22, 10, 19, 23, 24, 15, 28, 36, 12, 33, 17, 6, 14, 35, 21, 29]

按顺序排好后得到： _oh_yes_you_got_the_flag___^_^__

看了山海关的wp才知道规律的（）：

import hexdump
import struct
import string

f = open('./flag.mgc', 'rb')
b = f.read(0x178)
indexes = []
table = ''
while True:
    b = f.read(0x178)
    if len(b) != 0x178:
        break
    line = b[:0x30]
    _type = line[6]
    off = struct.unpack_from('<I', line, 0x0c)[0]
    s = f'type: {_type:02X}, off: {off:02X}'
    if _type == 5:
        s += ', str: '+line[0x20:].decode()
    elif _type == 1:
        n1, n2 = line[0x18], line[0x20]
        v = n1 ^ n2
        s += f', byte: {n1:02X} {n2:02X} {v:02X} {chr(v)}'
        table += chr(v)
    elif _type == 10:
        n1, n2 = line[0x18], line[0x20]
        v = n1 ^ n2
        s += f', leshort: {n1:02X} {n2:02X} {v:02X} {v}'
        indexes.append(v)
    print(s)
    # hexdump.hexdump(line)
    # print('')

# f_o_a__lhy_s_y^^hete_ug___goo_t_
print(table)
# [25, 8, 18, 20, 27, 31, 30, 26, 7, 13, 5, 11, 16, 9, 34, 32, 22, 10, 19, 23, 24, 15, 28, 36, 12, 33, 17, 6, 14, 35, 21, 29]
print(indexes)
real_flag = [' ']*40
for i in range(len(indexes)):
    print(indexes[i], table[i])
    real_flag[indexes[i]] = table[i]
print(''.join(real_flag))
# _oh_yes_you_got_the_flag___^_^__