CTF – BUGKU – QAQ

题目说明

题目来源: ctf.bugku.com

题目:

解题步骤

cipher.txt是一串base64
解码出来是乱码

QAQ用Hex Workshop打开

看到chr、ord、range、QAQ.py、mainname基本可以判断是个pyc文件

保存为pyc文件后用uncompyle6进行pyc反编译

pip install uncompyle6 #安装

得到QAQ.py文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# uncompyle6 version 3.2.5
# Python bytecode 3.6 (3379)
# Decompiled from: Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:54:40) [MSC v.1900 64 bit (AMD64)]
# Embedded file name: QAQ.py
# Compiled at: 2018-08-15 14:38:31
# Size of source mod 2**32: 620 bytes


def encryt(key, plain):
cipher = ''
for i in range(len(plain)):
cipher += chr(ord(key[i % len(key)]) ^ ord(plain[i]))

return cipher


def getPlainText():
plain = ''
with open('plain.txt') as (f):
while True:
line = f.readline()
if line:
plain += line
else:
break

return plain


def main():
key = 'LordCasser'
plain = getPlainText()
cipher = encryt(key, plain)
with open('cipher.txt', 'w') as (f):
f.write(cipher.encode('base_64'))


if __name__ == '__main__':
main()

根据加密文件编写解密文件AQA.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/env python
#-*- coding:utf-8 -*-
# Author: virgin-forest
# Time: 2019-03-22 12:00:56
# Describe:

def decryt(key,plain):
cipher = ''
for i in range(len(plain)):
cipher += chr(ord(key[i % len(key)]) ^ ord(plain[i]))
return cipher

def getPlainText():
plain = ''
with open('cipher.txt') as (f):
while True:
line = f.readline()
if line:
plain += line
else:
break
return plain.decode('base_64')

def main():
key = 'LordCasser'
plain = getPlainText()
clear = decryt(key,plain)
with open('clear.txt','w') as (f):
f.write(clear)

if __name__ == '__main__':
main()

得到明文

YOU ARE FOOLED
THIS IS NOT THAT YOU WANT
GO ON DUDE
CATCH THAT STEGOSAURUS

根据明文找到STEGOSAURUS

下载stegosaurus.py

要求Python版本 > 3.6

得到flag

flag{fin4lly_z3r0_d34d}