xctf杂项
1.base64stego
打开压缩包提示需要输入密码,就打开压缩包的详细信息,但是什么都没有,然后就打开binwalk,查看发现没有隐藏文件。
SRE实战 互联网时代守护先锋,助力企业售后服务体系运筹帷幄!一键直达领取阿里云限量特价优惠。然后想到可能是zip伪加密:
zip文件有三个部分组成:压缩源文件数据区(第一个50 4B)+压缩源文件目录区(第二个50 4B)+压缩源文件目录结束标志(第三个50 4B)
伪加密一般存在于压缩源文件目录区,也就是第二个50 4B之后。
压缩源文件目录区:50 4B 01 02:目录中文件文件头标记
3F 03:压缩使用的 pkware版本
14 03:解压文件所需 pkware 版本
09 00:全局方式位标记(有无加密,这个更改这里进行伪加密,改为00 08打开就会提示有密码了)
使用winhex打开文件后,找到第二个50 4B,往后数第七个和第八个,正常情况下应该是00 08,但这里是09 00;
修改完之后就可以正常解压了 ,打开txt之后,发现内容是base64加密过的,解密之后发现是一篇关于介绍隐写术的文章:
Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspeage,
a form of security through obscurity. The word steganography is of Greek origin and means "concealed writing" from the Greek words steganos meaning
"covered or protected", and graphein meaning "to write". The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia,
a treatise on cryptography and steganography disguised as a book on magic. Generally, messages will appear to be something else: images, articles,
shopping lists, or some other covertext and, classically, the hidden message may be in invisible ink between the visible lines of a private letter. The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. Plainly visible encrypted messages
no matter how unbreakable will arouse suspicion, and may in themselves be incriminating in countries where encryption is illegal. Therefore, whereas
cryptography protects the contents of a message, steganography can be said to protect both messages and communicating parties. Steganography includes the concealment of information within computer files. In digital steganography, electronic communications may include steganographic
coding inside of a transport layer, such as a document file, image filn because of their large size. As a simple example, a sender might start with
an innocuous image file and adjust the color of every 100th pixel to correspond to a letter in the alphabet, a change so subtle that someone not
specifically looking for it is unlikely to notice it. The first recorded uses of steganography can be traced back to 440 BC when Herodotus mentions two examples of steganography in The Histories
of Herodotus. Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before
applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand. Another ancient
example is that of Histiaeus, who shaved the head of his most trusted slave and tattooed a message on it. After his hair had grown the message
was hidden. The purpose was to instigate a revolt against the Persians. Steganography has been widely used, including in recent historical times and the present day. Possible permutations are endless and known examples include: * Hidden messages within wax tablets: in ancient Greece, people wrote messages on the wood, then covered it with wax upon which an innocent
covering message was written * Hidden messages on messenger's body: also used in ancient Greece. Herodotus tells the story of a message tattooed on a slave's shaved head,
hidden by the growth of his hair, and exposed by shaving his head again. The message allegedly carried a warning to Greece abois method has
obvious drawbacks, such as delayed transmission while waiting for the sn the number and size of messages that can be encoded on one person's scalp. * In WWII, the French Resistance sent some messages written on the backs of couriers using invisible ink. * Hidden messages on paper written in secret inks, under other messages or on the blank parts of other messages. * Messages written in Morse code on knitting yarn and then knitted into a piece of clothing worn by a courier. * Messages written on the back of postage stamps. * During and after World War II, espionage agents used photographically produced microdots to send information back and forth. Microdots
were typically minute, approximately less than the size of the period produced by a typewriter. WWII microdots needed to be embedded in
the paper and covered with an adhesive (such as collodion). This was reflective and thus detectable by viewing against glancing light.
Alternative techniques included inserting microdots into slits cut into the edge of post cards. * During World War II, a spy for Japan in New York City, Velvalee Dickinson, sent information to accommodation addresses in neutral South America.
She was a dealer in dolls, and her letters discussed how many of this or that doll to ship. The stegotext was the doll orders, while the
concealed "plaintext" was itself encoded and gave information about ship movements, etc. Her case became somewhat famous and she became
known as the Doll Woman. * Cold War counter-propaganda. In 1968, crew members of the USS Pueblo (AGER-2) intelligence ship held as prisoners by North Korea,
communicated in sign language during staged photo opportunities, informing the United States they were not defectors but rather were
being held captive by the North Koreans. In other photos presented to the US, crew members gave "the finger" to the unsuspecting
North Koreans, in an attempt to discredit photos that showed them smiling and comfortable. -- http://en.wikipedia.org/wiki/Steganography
在线翻译了一下:
隐写术是一门艺术和科学,它以一种除了发送者和预期接收者之外,任何人都无法通过隐藏的方式来书写隐藏的信息。“隐写术”一词源于希腊语,意为“隐藏的写作”,
源于希腊语单词steganos,意为“覆盖或保护”,而graphein意为“写作”。1499年,约翰内斯·特里特米乌斯(Johannes Trithemius)在他的《隐写术》(Steganographia)一书中首次使用了这个词。
一般情况下,信息会以其他形式出现:图像、文章、购物清单或其他一些隐藏文本,通常,隐藏的信息可能是私人信件可见行之间的隐形墨水。 与密码学相比,隐写术的优势在于,消息本身不会引起注意。显而易见的加密信息,无论多么牢不可破,都会引起怀疑,而且在加密非法的国家,这些信息本身就可能构成犯罪。
因此,虽然密码学保护消息的内容,但是隐写术可以同时保护消息和通信方。 隐写术包括在计算机文件中隐藏信息。在数字隐写术中,由于传输层(如文档文件、图像文件)的大尺寸,电子通信可能包括传输层内部的隐写编码。举个简单的例子,
发送者可能从一个无害的图像文件开始,每100个像素调整一次颜色,使之与字母表中的一个字母相对应,这种变化如此细微,以至于没有专门查找它的人不太可能注意到它。 有记录的第一次使用隐写术可以追溯到公元前440年,希罗多德在他的历史中提到了两个隐写术的例子。德玛拉图斯在涂上蜂蜡表面之前,直接把它写在一块蜡板的木制底座上,
警告希腊即将受到攻击。蜡片当时普遍用作可重复使用的书写表面,有时也用于速记。另一个古老的例子是希斯提厄斯,他剃光了他最信任的奴隶的头,并在上面纹了一条信息。
他的头发长了以后,这条信息就被藏了起来。目的是煽动对波斯人的起义。 隐写术已被广泛应用,包括在最近的历史时期和今天。可能的排列是无穷无尽的,已知的例子包括: *蜡版内的隐藏信息:在古希腊,人们把信息写在木头上,然后用蜡把木头盖上,在上面写上一个无辜的信息 *信使身体上的隐藏信息:也用于古希腊。希罗多德讲了一个故事,一个奴隶剃光了头,上面纹着一条信息,隐藏在他的头发后面,再剃一次头就露出来了。
据称,这条信息带有向希腊发出警告的信息,abois方法有明显的缺陷,比如在等待sn时传输延迟。sn是可以在一个人的头皮上编码的信息的数量和大小。 *二战期间,法国抵抗运动用隐形墨水在信使的背上写了一些信息。 *用秘密墨水写在纸上的隐藏信息,在其他信息下面或其他信息的空白部分。 *用莫尔斯电码写在针织纱线上的信息,然后编织成快递员穿的衣服。 写在邮票背面的信息。 *在第二次世界大战期间和之后,间谍人员使用照相制作的微粒来来回传送信息。微粒通常是微小的,大约比打字机产生的周期的大小还要小。第二次世界大战的微粒需要嵌入在纸上,
并覆盖上粘合剂(如胶棉)。这是反射的,因此可以通过对光的观察来检测。其他的技术包括将微粒插入明信片边缘的缝隙中。 *第二次世界大战期间,驻纽约的日本间谍维瓦利·迪金森(Velvalee Dickinson)将信息发送到中立的南美的住宿地址。她是一个玩偶经销商,她在信中讨论了要运送多少个这样或那样的玩偶。
隐写文本是娃娃的命令,而隐藏的“明文”本身是编码的,并提供有关船只移动等信息。她的情况变得有点出名,她成为众所周知的娃娃女人。 *冷战反宣传。1968年,被朝鲜扣押的美国普韦布洛号(USS Pueblo, AGER-2)号情报舰的船员在拍照时用手语交流,告知美国他们不是叛逃者,而是被朝鲜扣押的。在提交给美国的其他照片中,
机组人员向毫无戒心的朝鲜人竖起了“手指”,试图抹掉他们微笑和舒适的照片。 -- http://en.wikipedia.org/wiki/Steganography
之后就没有思路了,然后看了wp,发现需要写一个base64解密的脚本,我晕,解密工具果然还是有不足之处的
flag:Base_sixty_four_point_five
附上代码:
# -*- coding: UTF-8 -*-
def get_base64_diff_value(s1, s2):
base64chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
res = 0
for i in xrange(len(s1)):
if s1[i] != s2[i]:
return abs(base64chars.index(s1[i]) - base64chars.index(s2[i]))
return res
def solve_stego():
with open('C:\\Users\\Desktop\\stego.txt', 'rb') as f:
file_lines = f.readlines()
bin_str = ''
for line in file_lines:
steg_line = line.replace('\n', '')
norm_line = line.replace('\n', '').decode('base64').encode('base64').replace('\n', '')
diff = get_base64_diff_value(steg_line, norm_line)
pads_num = steg_line.count('=')
if diff:
bin_str += bin(diff)[2:].zfill(pads_num * 2)
else:
bin_str += '0' * pads_num * 2
res_str = ''
for i in xrange(0, len(bin_str), 8):
res_str += chr(int(bin_str[i:i+8], 2))
print res_str
solve_stego()
不过奇怪的是,我运行之后,什么都没输出。。。。。。。
自闭中...................................
更多精彩
