K3RN3LCTF2021 Writeup

3in1

Description
Like Nescafeeeee!

Attachments

https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/nescafeee/AES.py


分析代码,发现是AES加密,密钥为hkey

password = ("abda")    
hash_obj = SHA256.new(password.encode('utf-8'))    
hkey = hash_obj.digest()

def decrypt(info):
    cipher = AES.new(hkey, AES.MODE_ECB)
    result = cipher.decrypt(info)
    return result
msg =  b'\x1bkw\x00\x01#\x1dv\xd1\x1e\xfb\xba\xac_b\x02T\xfbZ\xca\xac8Y\\[email protected]\xba;\xe1\x11$\x19\xe8\x89t\t\xc8\xfd\x93\xd8-\xba\xaa\xbe\xf1\xa0\xab\x18\xa0\x12$\x9f\xdb\x08~\x81O\xf0y\xe9\xef\xc41\x1a$\x1cN3\xe8F\\\xef\xc1G\xeb\xdb\xa1\x93*F\x1b|\x1c\xec\xa3\x04\xbf\x8a\xd9\x16\xbc;\xd2\xaav6pWX\xc1\xc0o\xab\xd5V^\x1d\x11\xe4}6\xa4\x1b\\G\xd4e\xc2mP\xdb\x9b\x9f\xb0Z\xf12'

print(decrypt(msg))

AES解密得到两个url,访问url得到文件hint.txtflag.wav

b'https://www.mediafire.com/file/oii1sm3oyt4tyjc/flag.wav/file\nhttps://www.mediafire.com/file/rgdww91os3we7eo/hint.txt/file'

查看hint.txt,提示我们“图形或照片表示”

A graphic or photographic representation 

使用Sonic Visualiser打开flag.wav,点击Layer->Add Spectrogram,得到flag

image-20211119215941779

flag:flag{34sY_CH4LL3nGe_w1tH_3Xtr4_St3Ps}

Progressive Dynamite

Find the minimal sum of numbers on a path from the top left corner to the bottom right corner. You can only go right or down in each move.

https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/Progressive-Dynamite/challenge.txt


题目给了一个包含负整数的网格,要求我们找到一条从网格左上角元素到右下角元素的路径,使得路径上的数字总和最小.

参照Leetcode-最小路径和,是一道典型的动态规划题,代码如下:

from Crypto.Util.number import *
from challenge import grid

rows, columns = len(grid), len(grid[0])
dp = [[0] * columns for _ in range(rows)]
dp[0][0] = grid[0][0]
for i in range(1, rows):
    dp[i][0] = dp[i - 1][0] + grid[i][0]
for j in range(1, columns):
    dp[0][j] = dp[0][j - 1] + grid[0][j]
for i in range(1, rows):
    for j in range(1, columns):
        dp[i][j] = min(dp[i - 1][j], dp[i][j - 1]) + grid[i][j]
print(dp[rows - 1][columns - 1])
print(long_to_bytes(dp[-1][-1]))

flag:flag{dyn4m1c_pr0gramm1ng_pr0!}

Vieta’s Poly

Here’s a pwntools tutorial challenge to get you warmed up!

nc ctf.k3rn3l4rmy.com 2236

https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/Vietas-Poly/template.py


题目给了一个多项式,要求我们计算:

  • 根的和
  • 根的倒数的和
  • 根的平方的和

解析出多项式系数,借助numpy.poly1d构造多项式,即可计算出根,进一步计算得到所需结果(需要保留两位小数)

代码:

from math import ceil
from pwn import *
import numpy as np

context.log_level = 'debug'
conn = remote('ctf.k3rn3l4rmy.com', 2236)

def get_input():
    input = conn.recvline().strip().decode()
    return input

def parse(polynomial):
    '''
    TODO: Parse polynomial
    For example, parse("x^3 + 2x^2 - x + 1") should return [1,2,-1,1]
    '''
    pattern = re.compile(r"([-]?\d+?)x\^\d+")
    ls = pattern.findall(polynomial.replace(" ",''))
    ls.insert(0, 1)
    return list(map(int, ls))

for _ in range(4):
    get_input()
for i in range(100):
    type = get_input()
    coeffs = parse(get_input())
    ans = -1
    Q = np.poly1d(coeffs, r=False)
    xs = np.roots(Q)
    if 'sum of the roots' in type:
        ans = xs.sum()
    elif 'sum of the reciprocals of the roots' in type:
        ans = (1/xs).sum()
    elif 'sum of the squares of the roots' in type:
        ans = np.power(xs,2).sum()
    ans = ceil(round(ans.real,2))
    conn.sendline(str(ans))
    get_input()
conn.interactive()

flag:flag{Viet4s_f0r_th3_win}

您的支持是我继续创作最大的动力!

欢迎关注我的其它发布渠道