2021 Longyuan anti epidemic WriteUp

I hope the epidemic will end soon

Note: the * is played after the game

Always wp wait for the legend of Nanshen to post the team wp link

Misc

soEasyCheckin

base32, but there is a problem. The countdown appears 0 $, 0 – > O, $- > s, and a string of hex is obtained.
As a result, there was another problem with hex, specifically 83 ¥ 6988ee here
According to the rule, the first byte of every 6 bytes is e, and then ¥ is replaced by E
Get the code of socialist core values, but there is still one place that is wrong. There is a paragraph in the middle: harmony dies Mingping
Then change his death casually. I change it to "rich and strong"
Decoded SET{Qi2Xin1Xie2Li4-Long3Yuan0Zhan4Yi4}
According to the Pinyin, you can know that it is Yuan2
So the final flag is:

SET{Qi2Xin1Xie2Li4-Long3Yuan2Zhan4Yi4}

Defeat the virus

After opening the game, I found that there was no response after playing the end shadow dragon. The flag was hidden in the end poem, so I went directly to find the text
Under. minecraft/version / Longyuan war "epidemic". jar
Change it to zip, find assets/minecraft/texts/end.txt, and get 11f9sacbbbwkticlydtnf2yiefthxdfigpxf
base62 decoding is enough

SETCTF{Fi9ht1ng_3ItH_V1rUs}

SOS

Dial tone, step on the correct to combine the flag
Record with your mobile phone, then convert m4a format to wav format, and then DTMF. Because there are always problems with recording, you have recorded it three times in total


There is no 8 in the front. This time, there is finally 8, so it should be 6830AB1C75. Get the flag

EasySteg

Brother, don't set the ball. If you put it down again, the God cried

JK is a single graph blind watermark (java), and imagein can also be used

Then there is a ciphertext composed of a string of tab and space in the annotation of flag.rar, which turns space to 0 and tab to 1

Then unzip it. There is another PNG at the end of flag.png. That PNG obviously has the word flag. You can see it by reversing the color with stegsolve

flag{156cca8e

Then we found the obvious feature of oursecret behind this picture, combined with base64(-b81b -) above

The password of oursecret is LWI4MWIt

In addition to numbers, there are no repeated characters. There is {}. Combined with 01 string, it is obtained as Huffman coding, which can be decoded by using the script of hongminggu

The correspondence can be understood by looking at the script

import copy
import re

def dfs(c, d):
    if len(c.keys()) == 1:
        # g = {'j':29,'z':31,'7':25,'e':31,'l':23,'6':37,'4':32,'p':38,'h':27,'g':26,'x':28,'i':25,'u':27,'n':25,'8':36,'0':24,'o':23,'c':28,'y':24,'1':29,'b':26,'m':27,'2':28,'v':25,'d':33,'f':28,'9':33,'t':21,'w':22,'a':31,'r':24,'s':16,'k':32,'5':25,'q':23,'3':32,'{':1,'-':4,'}':1,}
        # num = 0
        # for k in g.keys():
        #     num += g[k] * len(d[k])
        # print(num)
        # print(c, d)
        g = {}
        for k in d.keys():
            g[d[k]] = k
        a = '1110111111000100001111000011010001101111100110100011110111100010100111110111001101111100011000111111111101011100011111100111000011010001111010011011111001110111100010000111001110011110111000111111100111011111011011101011110111110101101101101000110101011101011111111011110111101101110101111010011010110100011100100011010101111010111110110110111100011010111010111110110110111001001011011110100111010111111010111111011110111101001111010111110111101011100100111100101011011101110111111001010110100100110111110011111001101000111110111001011001110000111000011110000110111110011000011100001101100110100011100001111110011110000110110011010001110011101100001110110001001111111110010110011010001111011110110010011011111000001111100010010001001111101110110111111101101001001001011011101111101101101111001101001011011111100111110110110110110111110111010110111011110011111011011011010000110111111001111110111100111010111110011010011011110101001101110111100110110111101001101011101011111001101111011101101010111010111111001111110111010110110110101001101011111101001101000111010010111000010011001110111110111101101111101101110111010110100101101101101011010111111101111001110111111110011010110100101101111011011101100111001000001111001100100101011000000111100101011001000101100100000011001011001001000001111001100100101011000000111100101011001011111111001010001010001010010000011110011001001010110000001111001010110010001011001010001010000111100100000111100110010010101100000011110010101100101010010101100101010010000011110011001001010110000001111001010110010011001001010110000011011111001000001111001100100101011000000111100101000101000110111110010000001100101010010000011110011001001010010101100000011110010101100100010001001000011111110001010010000011110011001001010110000001111001010110010111111110010100010110001000100100000111100110010010101100000011110010100010100011011111001000000110010101001000001111001100100101011000000111100101011001001100100101011000001101111100100000111100110010010101100000011110010101100100010110010000001100101100100100000111100110010010101100000011110010100010100010100101011000001101111100100000111100110010010101100000011110010100101011001000101100100000011001011001001000001111001100100101011000000111100101011001011111111001010001010001010010000011110011001001010110000001111001010110010001000100100001111111000101001000001111001100100101011000000111100101011001000101100100000011001011001001000001111001100100101011000000111100101011001010100100000011001011111111001000001111001100100101011000000111100101011001000101100100000011001011001001000001111001100100101011000000111100101011001000100010010100100001111111000101001000001111001100100101011000000111100101011001010100100000011001011111111001000001111001100100101011000000111100101000101000101001010110000011011111001000001111001100100101011000000111100101000101000110111110010000001100000011110010000011110011001001010110000001111001010001010000001001010001010000111111011010011110011101011111011100001011010110101111010001111100110111110101111110110101010011101111101100100000101111011010111101101101110011001110001100011111001110010000010111100010111101111111101101101110000111010000101111110001100000110001110010100100000110000101110000100010110111100000101110011111110000111011010111101001101001101111101000100101111101101011111100111111001110001100001000011011111000001111100010011001110111101111111011111001000111000011101101110000111011011110011101111111011011010110100011111000100101111111011100000100000101110010111100011010110100011111101111001110101111010111011011100100110011101111100111101111100000001001001101001101111111101101011110111011110011101001101111010100110111011101011110011100000011010010111111000100110011101111101011110111110111'
        m = ''
        st = 0
        while st < len(a):
            ed = st + 1
            while ed <= len(a):
                if a[st:ed] in g.keys():
                    m += g[a[st:ed]]
                    break
                else:
                    ed += 1
            st = ed
        print(m)

    else:
        k0 = list(c.keys())[0]
        k1 = list(c.keys())[1]
        if c[k0] > c[k1]:
            k0, k1 = k1, k0
        for k in list(c.keys())[2:]:
            if c[k] < c[k1]:
                if c[k] < c[k0]:
                    k0, k1 = k, k0
                else:
                    k1 = k
        for a in k0:
            d[a] = '0' + d[a]
        for a in k1:
            d[a] = '1' + d[a]
        c[k0+k1] = c[k0]+c[k1]
        del c[k0]
        del c[k1]
        dfs(copy.deepcopy(c), copy.deepcopy(d))

c = {'n':9,'S':2,'B':3,'I':6,'U':6,'L':1,'O':3,'R':2,'F':3,'Y':1,'G':2,'H':3,'v':9,'N':2,'M':1,'Z':1,'D':6,'T':1,'h':18,'o':16,'u':17,'b':9,'s':7,'r':4,'g':8,'f':10,'a':14,'m':2,'i':20,'p':2,'e':14,'w':7,'q':2,'y':8,'P':1,'J':2,'E':2,'C':1,'V':1,'A':1,'j':4,'k':5,'x':5,'t':3,'c':6,'8':24,'9':56,'{':1,'3':217,'d':97,'4':83,'6':54,'0':25,'1':12,'2':10,'5':8,'7':10,'}':1,'l':4,'Q':1,'W':1,'z':1}
d = {}
for k in c.keys():
    d[k] = ''
dfs(copy.deepcopy(c), copy.deepcopy(d))

#nSBIULORFYGHvNMIOUZSDTNhnoubuosrgfbouvasmruiohauiopewgvfbwuivpqynqwUPIFJDDBUEDUIDHBUIDCVHJIOAejikxneiwkyiohwehiooiuyhiosehfhuiaetyhovauieyrghfuotgvac89xcboiyuweagihniaweo{3d46303d39463d39383d41393d46303d39463d39323d38433d46303d39463d39383d38463d46303d39463d39333d39333d46303d39463d39303d39453d46303d39463d38453d41333d46303d3d39463d39373d42433d46303d39463d39323d38373d46303d39463d38453d41333d46303d39463d39303d39453d46303d39463d39383d41393d46303d39463d38433d39453d46303d39463d3d39383d41393d46303d39463d39323d38433d46303d39463d39373d42433d46303d39463d39383d41393d46303d39463d39333d41323d46303d39463d39383d41393d46303d39463d39373d3d42433d46303d39463d39333d41323d46303d39463d38433d39453d46303d39463d38453d41463d46303d39463d38443d3846}huilagsieufrcb78QWEGF678Rniolsdf149687189735489246avaeukighf6497ejixcnbmlolohnbasik2647893hasfhuvzxchbjkaefgyhuetyuhjadfxcvbn

Take the content in {} to hex and find that it is Quoted Printable, but there are two times = =, so delete it repeatedly and get it

πŸ˜©πŸ’ŒπŸ˜πŸ““πŸžπŸŽ£πŸ—ΌπŸ’‡πŸŽ£πŸžπŸ˜©πŸŒžπŸ˜©πŸ’ŒπŸ—ΌπŸ˜©πŸ“’πŸ˜©πŸ—ΌπŸ“’πŸŒžπŸŽ―πŸ

It's not base100, so take it to try a foreign ctfshow moon cake cup used to be made by la guy_ Used by Gong Chanjuan

https://github.com/pavelvodrazka/ctf-writeups/tree/master/hackyeaster2018/challenges/egg17

Splice them to get a flag

flag{156cca8e-b81b-4157-9f39-4c41f4a4facb}

*ez_misc

hint is zero width. It refers to an esolang very similar to piet, and then combined with ctfshowbabylsbwithhelicopter of the eight gods in June

You know, it's brainloller

Then open 010, and it will be prompted that it is the password of steghide behind, and the CRC will report an error. Once the CRC script explodes, it will be found that the correct width is 14 and the height is 12

Solve with bftools, bftools.exe decode brainroller bf.png, and then decode the BF to get the password Hello Worl

But I couldn't solve it, so I used the script I wrote in June to solve it https://blog.csdn.net/qq_42880719/article/details/117479024

It's Hello Worle!, I guess Hello World!

Combined with the hint on the new topic, I have tried to get the password

Hello Worl
Hello_Worl
Hello Worle!
Hello_Worle!
Hello World!
Hello_World!
Hello World
Hello_World

Unfortunately, none of them are right. The author's friend asked the author, and his friend also said that he could not solve it, but the author can solve it (it seems that it uses local accessories)
So I always feel that it's the problem of the attachment of the competition topic?

- 17:02 -: after an hour and a half of positive feedback

Just bftools.exe, replace the space with the underscore Hello_Worl solves steghide and gets a text
Then a bear said, and then it was over

Re

EasyRe

flag is in the constant..

flag{fc5e038d38a57032085441e7fe7010b0}

Tags: Cyber Security CTF BUUCTF

Posted on Mon, 08 Nov 2021 03:14:49 -0500 by rawb