CTF – BUGKU – QAQ

题目说明

题目来源: ctf.bugku.com

题目:

• cipher.txt
• QAQ

解题步骤

cipher.txt是一串base64
解码出来是乱码

QAQ用Hex Workshop打开

看到chr、ord、range、QAQ.py、main、name基本可以判断是个pyc文件

保存为pyc文件后用uncompyle6进行pyc反编译

pip install uncompyle6 #安装

得到QAQ.py文件

# uncompyle6 version 3.2.5
# Python bytecode 3.6 (3379)
# Decompiled from: Python 3.6.4 (v3.6.4:d48eceb, Dec 19 2017, 06:54:40) [MSC v.1900 64 bit (AMD64)]
# Embedded file name: QAQ.py
# Compiled at: 2018-08-15 14:38:31
# Size of source mod 2**32: 620 bytes


def encryt(key, plain):
    cipher = ''
    for i in range(len(plain)):
        cipher += chr(ord(key[i % len(key)]) ^ ord(plain[i]))

    return cipher


def getPlainText():
    plain = ''
    with open('plain.txt') as (f):
        while True:
            line = f.readline()
            if line:
                plain += line
            else:
                break

    return plain


def main():
    key = 'LordCasser'
    plain = getPlainText()
    cipher = encryt(key, plain)
    with open('cipher.txt', 'w') as (f):
        f.write(cipher.encode('base_64'))


if __name__ == '__main__':
    main()

根据加密文件编写解密文件AQA.py

#!/usr/bin/env python
#-*- coding:utf-8 -*- 
# Author: virgin-forest
# Time: 2019-03-22 12:00:56
# Describe: 

def decryt(key,plain):
	cipher = ''
	for i in range(len(plain)):
		cipher += chr(ord(key[i % len(key)]) ^ ord(plain[i]))
	return cipher

def getPlainText():
	plain = ''
	with open('cipher.txt') as (f):
		while True:
			line = f.readline()
			if line:
				plain += line
			else:
				break
	return plain.decode('base_64')

def main():
	key = 'LordCasser'
	plain = getPlainText()
	clear = decryt(key,plain)
	with open('clear.txt','w') as (f):
		f.write(clear)

if __name__ == '__main__':
	main()

得到明文

YOU ARE FOOLED
THIS IS NOT THAT YOU WANT
GO ON DUDE
CATCH THAT STEGOSAURUS

根据明文找到STEGOSAURUS

下载stegosaurus.py

要求Python版本 > 3.6

得到flag

flag{fin4lly_z3r0_d34d}