Bomb

解压之后还是解压。大概两百层。密码只存在某个文件里长度为 24。写个脚本筛选一下

import zipfile import io for i in range(100): password = open("Password.txt", "rb").read() print(password) zip_file = zipfile.ZipFile(io.BytesIO(open("nextlevel.zip","rb").read())) for file in zip_file.filelist: if file.compress_size == 24: zip_file.extract(file, pwd=password) if file.filename.endswith(".zip"): print(file.file_size) zip_file.extract(file, pwd=password) if file.filename == "flag.txt": zip_file.extract(file, pwd=password) print(open("flag.txt","r").read()) exit(0)

Special Signal

信号的实部和虚部都是+-1/sqrt(2)。可能是 QPSK 编码?

确实是,用 complex64 加载出来,然后写个脚本变成00/01/11/10即可。赛后看了 wp 才知道有个 xor key。想不到啊。

import numpy as np data = np.load("satelite.iq",np.complex64) symbol_map = { (0, 0): 1/np.sqrt(2) + 1j/np.sqrt(2), # e^(j * π/4) (0, 1): -1/np.sqrt(2) + 1j/np.sqrt(2), # e^(j * 3π/4) (1, 1): -1/np.sqrt(2) - 1j/np.sqrt(2), # e^(j * 5π/4) (1, 0): 1/np.sqrt(2) - 1j/np.sqrt(2) # e^(j * 7π/4) } reverse_map = {v: k for k, v in symbol_map.items()} def qpsk_decode(symbols): bits = [] for symbol in symbols: closest_symbol = min(reverse_map.keys(), key=lambda x: abs(x - symbol)) bits.extend(reverse_map[closest_symbol]) return bits data = qpsk_decode(data) data = "".join(str(x) for x in data)
😅

?官方 wp 也是一坨

CAN

第一段和第二段直接 xor。

lines = open("candump.log").readlines() lines = [line.split(" ") for line in lines] data = [line[2].split("#")[-1].strip() for line in lines] tt = open("tt.zip", "wb") for i in range(2,40): r1 = bytes.fromhex(data[i]) r2 = bytes.fromhex(data[i+40]) r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)]) tt.write(r3[3:]) print(r3)

注意到前八个 log 的第二位是从 0-7。第三位是 byte,第四位开始是 zip。于是可以尝试把 zip 文件写出。

赛后看 wp。知道密码是第三位的八个 byte,变成 0-1 之后转置后取出的值。

就是密码了

lines = open("candump.log").readlines() lines = [line.split(" ") for line in lines] data = [line[2].split("#")[-1].strip() for line in lines] tt = open("tt.zip", "wb") for i in range(2,40): r1 = bytes.fromhex(data[i]) r2 = bytes.fromhex(data[i+40]) r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)]) tt.write(r3[3:]) rs = [""]*8 for i in range(2,10): r1 = bytes.fromhex(data[i]) r2 = bytes.fromhex(data[i+40]) r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)]) # tt.write(r3[3:]) # print(r3[1:3]) # print(bin(r3[2])[2:].zfill(8)) for j in range(8): rs[j] += bin(r3[2])[2:].zfill(8)[j] for i in rs: print(chr(int(i[::-1],2)),end="")
😅

什么脑洞题。

不会出 misc 少出点,这种让谁来想呢