Bomb
解压之后还是解压。大概两百层。密码只存在某个文件里长度为 24。写个脚本筛选一下
Python
Special Signal
信号的实部和虚部都是+-1/sqrt(2)。可能是 QPSK 编码?
确实是,用 complex64 加载出来,然后写个脚本变成00/01/11/10即可。赛后看了 wp 才知道有个 xor key。想不到啊。
Python
import numpy as npdata = np.load("satelite.iq",np.complex64)symbol_map = { (0, 0): 1/np.sqrt(2) + 1j/np.sqrt(2), # e^(j * π/4) (0, 1): -1/np.sqrt(2) + 1j/np.sqrt(2), # e^(j * 3π/4) (1, 1): -1/np.sqrt(2) - 1j/np.sqrt(2), # e^(j * 5π/4) (1, 0): 1/np.sqrt(2) - 1j/np.sqrt(2) # e^(j * 7π/4)}reverse_map = {v: k for k, v in symbol_map.items()}def qpsk_decode(symbols): bits = [] for symbol in symbols: closest_symbol = min(reverse_map.keys(), key=lambda x: abs(x - symbol)) bits.extend(reverse_map[closest_symbol]) return bitsdata = qpsk_decode(data)data = "".join(str(x) for x in data)😅
?官方 wp 也是一坨
CAN
第一段和第二段直接 xor。
Python
lines = open("candump.log").readlines()lines = [line.split(" ") for line in lines]data = [line[2].split("#")[-1].strip() for line in lines]tt = open("tt.zip", "wb")for i in range(2,40): r1 = bytes.fromhex(data[i]) r2 = bytes.fromhex(data[i+40]) r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)]) tt.write(r3[3:]) print(r3)注意到前八个 log 的第二位是从 0-7。第三位是 byte,第四位开始是 zip。于是可以尝试把 zip 文件写出。

赛后看 wp。知道密码是第三位的八个 byte,变成 0-1 之后转置后取出的值。
就是密码了
Python
lines = open("candump.log").readlines()lines = [line.split(" ") for line in lines]data = [line[2].split("#")[-1].strip() for line in lines]tt = open("tt.zip", "wb")for i in range(2,40): r1 = bytes.fromhex(data[i]) r2 = bytes.fromhex(data[i+40]) r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)]) tt.write(r3[3:]) rs = [""]*8for i in range(2,10): r1 = bytes.fromhex(data[i]) r2 = bytes.fromhex(data[i+40]) r3 = bytes([rr ^ ss for rr, ss in zip(r1, r2)]) # tt.write(r3[3:]) # print(r3[1:3]) # print(bin(r3[2])[2:].zfill(8)) for j in range(8): rs[j] += bin(r3[2])[2:].zfill(8)[j] for i in rs: print(chr(int(i[::-1],2)),end="")😅
什么脑洞题。
不会出 misc 少出点,这种让谁来想呢