Where is my girl ?

栏目: 编程工具 · 发布时间: 8年前

内容简介:Where is my girl ?

Where is my girl ?

原题传送门: https://gist.github.com/zealic/38510fd8ecd1be75924a 

$wget https://gist.githubusercontent.com/zealic/38510fd8ecd1be75924a/raw/0cc9241ed25843af6664ced2654bf30d8567e464/Email -O portal.bin

begin 777 portal.bin
M(R!796QC;VUE#0H-"B,C($ME>0T*#0I24T$@4'5B;&EC($ME>3H@*$XL(#<I
M#0I.(#T@,C,S("H@30T*32!I<R!T:&4@9W)E871E<W0@9F]U<BUD:6=I="!P
M<FEM92!T:&%T(&UA:V5S($X@96YD('=I=&@@,C,S#0H-"B,C($5N8W)Y<'1E
M9"!!=61I="!142!G<F]U<"!N=6UB97(-"@T*5&AE($%U9&ET(%%1(&=R;W5P
M(&YU;6)E<B!I<R!E;F-R>7!T960@=VET:"!T:&4@*BI24T$@4'5B;&EC($ME
M>2HJ+@T*#0I@8&`-"D-/3D-!5"A$14-265!4*#$Y-S,W,BDN=&]3=')I;F<H
M*2P@1$5#4EE05"@S,S,P-SDI+G1O4W1R:6YG*"DI#0I@8&`-"@T*(R!#05!4
M0TA!#0I5<V4@=&AI<R!G:7-T(')E=FES:6]N(&`W9#(S939E.3DY-&)B-F9A
M93@W-&1A8C,U930V9F0W-6(Y9&0Q-6)E8"!R97-U;'0@87,@0T%05$-(02X-
!"@``
`
end

一脸懵逼……直接用 python magic 测试文件:

#!/usr/bin/env python2
# -*- coding: utf-8 -*-
 
import magic
 
def main():
    with open("raw") as f:
        print magic.from_buffer(f.read())
 
if __name__ == "__main__":
    main()

结果是: uuencoded or xxencoded, ASCII text. 继续,使用 python uu decode 一下: 

import uu
 
uu.decode("raw")

得到 portal.bin 文件: 

# Welcome
 
## Key
 
RSA Public Key: (N, 7)
N = 233 * M
M is the greatest four-digit prime that makes N end with 233
 
## Encrypted Audit QQ group number
 
The Audit QQ group number is encrypted with the **RSA Public Key**.
 
```
CONCAT(DECRYPT(197372).toString(), DECRYPT(333079).toString())
```
 
# CAPTCHA
Use this gist revision `7d23e6e9994bb6fae874dab35e46fd75b9dd15be` result as CAPTCHA.

RSA 加解密 ,依题意得:M = 9001, N=233*9001,e=7,p=233,q=9001,O(n) = 232*9000,求 模反元素d  使得:e*d % O(n)  = 1 ,

即:e*d = w *O(n) + 1, 为整数;穷举一下, w =4,d=1193143

所以Public key = (233*9001, 7), Private key = (233*9001, 1193143)

from rsa.key import PrivateKey
 
def decrypt(s):
    p, q = 233, 9001
    n = p * q
    e = 7
    d = 1193143
    key = PrivateKey(n, e, d, p, q)
    return key.blinded_decrypt(s)

QQ group number is done.

$wget https://gist.githubusercontent.com/zealic/38510fd8ecd1be75924a/raw/7d23e6e9994bb6fae874dab35e46fd75b9dd15be/Email -O raw2

重复上面的步骤获取 question.bin,发现内容乱码……用strings命令打印一下

$strings questions.bin
7zXZ
*DMR
!k@#=
Xn
T)s3
H_AI
'|Ws)

所以这是一个 7z 压缩文件?

$7z e questions.bin

得到 questions 文件:

79955ff7576a0f5a167b3ccb506bed3a d46b6f8c1ea3b812c2bba0edc0e63c85 | Roman Hitman
================================================================
H4sIAAAAAAACA1WPT0+DQBDF7/spRgTttbRsZRPZ1d1Fwg0OBYKEhWqMlwZBqjaF
z+7Win8ylzeT95u8F8Otj4UkjIrCcxCKYzCmA0KqAMvFYFMRYA6SwTVZ4RykvvmU
3GEu9GZTB7DWoXQJvdqi6gRJTKULPVkwai+XBKjvLTDforqAeTsObWMlnS1x0XPm
7XEYMO4k0a6fgcBU6N/g2GGUFj3jni2T6HDouiiH6N0c758eSxWlOXzxAwt+TF3n
edr0z5bOdSv4YITChYkMA3ac+TfPKDuJ71xABGTZlKuuFIxq87CBF1XqUapMs0wj
l5iTVQhtc2a1b80Rmrqs9+scmsGcvZ4nhkp/dfVH18c0n2XEkwVzAQAA

下半部分的内容估计是 base64?单独保存为 raw3 做进一步分析:

import base64
 
with open("raw3") as f:
    print magic.from_buffer(base64.b64decode(f.read()))

结果是 gzip 后的base64encode:

gzip compressed data, max compression, from Unix

那就base64decode后 gzip -d 回来,得到文件: 

R BF6DE:@?D]>5
 
RR "F6DE:@?D
 
`] %96 2?DH6C E@ =:76[ E96 F?:G6CD6[ 2?5 6G6CJE9:?8n
a] %96 E6?E9 u:3@?244: ?F>36Cn
b] 1r~}rp%Ws2E6]uC@>z6JH@C5WQvu( D6?D:G6 52JQX]u@C>2EWQ||ssQ[ Qx$~\ge_`QX[ s2E6]}@H]u@C>2EWQss>>Q[ [ Qx$~\ge_`QXX1
 
R y@:? &$
"" vC@FAi
Y vC@FA ?F>36C :D YYr~}rp%Wsba` ~`cdc q`_`_```_XYY
Y '6C:7J rp!%rwp :D 1r~}rp%WVzV[ p}$(t#W"`X[ p}$(t#W"aX[ p}$(t#W"bXX1

仔细留到中间三行的首字母依次为 ` a b , 在 ascii码表 中,这三个字符是连续的96,97, 98.

根据上面提到的 Roman Hitman,看了下 wiki ,留意到代号47?所以这三个字符可以转换为 1, 2, 3,貌似刚好。测试一下其他字符,写个转换的函数: 

def hitman(data):
    code = 47
    result = ""
    for w in data:
        if w in (" ", "\n"):
            result += w
        elif 32 <= (ord(w) + 47) <= 126:
            result += chr(ord(w) + 47)
        else:
            result += chr(ord(w) - 47)
 
    return result

所以得到一个md:

# questions.md
 
## Questions
 
1. The answer to life, the universe, and everything?
2. The tenth Fibonacci number?
3. `CONCAT(Date.FromKeyword("GFW sensive day").Format("MMDD", "ISO-8601"), Date.Now.Format("DDmm", , "ISO-8601"))`
 
# Join US
QQ Group:
* Group number is **CONCAT(D321 O1454 B10101110)**
* Verify CAPTCHA is `CONCAT('K', ANSWER(Q1), ANSWER(Q2), ANSWER(Q3))`

三个问题:

  1. = 42
  2. = 55
  3. = ……

QQ号码 = str(321) + str(int(“1454”, 8)) + str(int(“10101110”, 2))

CAPTCHA = KQ1Q2Q3

========================= 强迫症会死 ==============================

虽然推导完了,但是有没有留意到还有一个信息未解:

79955ff7576a0f5a167b3ccb506bed3a d46b6f8c1ea3b812c2bba0edc0e63c85 | Roman Hitman

Roman Hitman已经知道了, 而前面两个是干嘛用的呢?

一脸懵逼……

一脸懵逼……

一脸懵逼……

猜测是md5,破解一下:

hashlib.md5("-n 71\n").hexdigest() = 79955ff7576a0f5a167b3ccb506bed3a
hashlib.md5("-n 90\n").hexdigest() = d46b6f8c1ea3b812c2bba0edc0e63c85

71和90的对应 ascii 刚好为 g z 两个字母……

———————————————————————————————————–

Done!

But…… where is my girl ?


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

码农书籍
The Art and Science of CSS

The Art and Science of CSS

Jonathan Snooks、Steve Smith、Jina Bolton、Cameron Adams、David Johnson / SitePoint / March 9, 2007 / $39.95

Want to take your CSS designs to the next level? will show you how to create dozens of CSS-based Website components. You'll discover how to: # Format calendars, menus and table of contents usin......一起来看看 《The Art and Science of CSS》 这本书的介绍吧!

码农工具
JSON 在线解析
JSON 在线解析

在线 JSON 格式化工具

随机密码生成器
随机密码生成器

多种字符组合密码

HSV CMYK 转换工具
HSV CMYK 转换工具

HSV CMYK互换工具

  • New
  • 文章
  • 话题
  • 教程
    • 关注 码农网 公众号
    版权所有,保留一切权利!© 2018-2026 码农网 粤ICP备17054400号-3