fixit
算是个签到,给了个 css,写个 html 引入加上 div 就行。鼠标 hover 之后是个二维码。
搜一下是阿兹特克码,解码就有。
easyMCU
bin 包,用srec_cat转为 bin。
srec_cat.exe mcu.s19 --offset -0x80000000 -o mcu.bin -binary
丢进 ghidra 逆向,交给 re 手看看能够得出结论是个 AES。
staking
没想到有生之年我能做 web3.
搜了一下找到了这篇,link
照着利用搓脚本就行。
// SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.26; import {Script, console} from "forge-std/Script.sol"; import {setUp1, SCTF, USDC, StakingReward} from "../src/contract.sol"; // v4.local.4kAvtcVlBIWUJy8kctgq-TVZetmxGEX6cdQeFpDRBY-k1gJRsnMta155wP4MkjgBa-zERhdNIdRQLrjf8I4fSAJJsmpiRReTBlhgnZco7g6gtu2LEY7_av5m0u-pFBgFGSqOkUPcqumMpN0uRdUcJldkgO3OIP49_9N-G7kzvl4z4A.c2V0VXAx contract SolveScript is Script{ uint256 privKey = xxx; address setUpContract = 0x7cCf45454B62AeBB15d16f3E50FB127888eaD9c3; function run() public{ vm.startBroadcast(privKey); setUp1 setup = setUp1(setUpContract); StakingReward stake = setup.staking(); USDC usdc = setup.usdc(); SCTF sctf = setup.sctf(); setup.registerPlayer(); sctf.approve(address(stake), 10e18); for(uint i = 0; i < 864; i++){ stake.vm_warp(500); stake.getReward(); } stake.vm_warp(stake.periodFinish() - stake.block_timestamp()); setup.claimReward(); console.log(setup.isSolved()); vm.stopBroadcast(); } }
速来探索SCTF星球隐藏的秘密
前半段写个脚本 fuzz 就行。
是HAHAHAy04
后面是个 LLM,想办法让他输出 prompt 就行。
musicMaster
mkvtoolnix可以打开解出两个声音通道两个视频通道。
声音通道是sstv,解出二维码
视频通道是一个cimbar 二维码的文件,7z。
二维码的内容是密码,拿到 7z 中的tracker。打开再找能找到
里面的 hex,猜测 base64?
data=[0x14,0x34,0x0d,0x14,0x11,0x27,0x2d,0x14,0x1a,0x03,0x11,0x2e,0x12,0x35,0x3d,0x19,0x0c,0x07,0x15,0x1f,0x0d,0x05,0x3d,0x0c,0x0c,0x17,0x0d,0x34,0x0c,0x36,0x39,0x29,0x1b,0x23,0x25,0x1f,0x13,0x17,0x25,0x1f,0x13,0x13,0x01,0x24,0x1d,0x16,0x30,0x33,0x17,0x34,0x35,0x35,0x0d,0x13,0x05,0x23,0x1f,0x10,0x40,0x40] t='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=' for i in data: print(t[i],end='')
解码就行
U0NURntUaDRuS19ZMHVfNF9MMXN0M25pbjlfTXlfTTBkdWwzX011NTFjfQ== SCTF{Th4nK_Y0u_4_L1st3nin9_My_M0dul3_Mu51c}