前言

比赛时间:2025.4.26 - 2025.4.27

只混了一道二维码,被师傅们带飞了。

QRRRCode

题目:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
from pyzbar.pyzbar import decode
from PIL import Image

import string
import random
from hashlib import sha256


def read_input():
    input_data = input("give me your data:")
    if (
        any(not c in "01" for c in input_data)
        or len(input_data) != 21 * 21 * 21
        or input_data.count("1") >= 390
    ):
        raise ValueError("Invalid input")
    return input_data


def parse_data(input_str):
    data = [[[False] * 21 for _ in range(21)] for __ in range(21)]
    index = 0
    for z in range(21):
        for y in range(21):
            for x in range(21):
                if index < len(input_str):
                    data[x][y][z] = input_str[index] == "1"
                    index += 1
    return data


def create_image(matrix, module_size=10):
    size = len(matrix) * module_size
    img = Image.new("1", (size, size), 1)
    pixels = img.load()

    for x in range(len(matrix)):
        for y in range(len(matrix[0])):
            if matrix[x][y]:
                for dx in range(module_size):
                    for dy in range(module_size):
                        px = x * module_size + dx
                        py = y * module_size + dy
                        if px < size and py < size:
                            pixels[px, py] = 0
    return img


def decode_qr(image):
    decoded = decode(image)
    return decoded[0].data.decode("utf-8") if decoded else ""


def proof_of_work():
    proof = "".join(
        [random.choice(string.ascii_letters + string.digits) for _ in range(20)]
    )
    digest = sha256(proof.encode()).hexdigest()
    print("sha256(XXXX+%s) == %s" % (proof[4:], digest))
    x = input("Give me XXXX:")
    if len(x) != 4 or sha256((x + proof[4:]).encode()).hexdigest() != digest:
        print("Sorry~ bye~")
        return False
    print("Right!")
    return True


def main():
    if not proof_of_work():
        exit(0)
    try:
        input_str = read_input()
        data = parse_data(input_str)
        front = [
            [any(data[x][y][z] for z in range(21)) for y in range(21)]
            for x in range(21)
        ]
        left = [
            [any(data[x][y][z] for x in range(21)) for z in range(21)]
            for y in range(21)
        ]
        top = [
            [any(data[x][y][z] for y in range(21)) for z in range(21)]
            for x in range(21)
        ]
        projections = [front, left, top]
        validation = ["Azure", "Assassin", "Alliance"]
        for projection, word in zip(projections, validation):
            content = decode_qr(create_image(projection))
            if content != word:
                raise ValueError("Invalid content")
    except Exception as e:
        print(f"Error: {e}")
        exit(0)

    with open("flag", "r") as f:
        print(f.read())


if __name__ == "__main__":
    main()

验证爆破

1
2
3
4
5
6
7
8
9
10
11
12
13
14
def proof(io):
    io.recvuntil(b"XXXX+")
    suffix = io.recv(16).decode("utf8")
    io.recvuntil(b"== ")
    cipher = io.recvline().strip().decode("utf8")
    for i in itertools.product(string.ascii_letters + string.digits, repeat=4):
        x = "{}{}{}{}".format(i[0], i[1], i[2], i[3])
        proof = hashlib.sha256(
            (x + suffix.format(i[0], i[1], i[2], i[3])).encode()
        ).hexdigest()
        if proof == cipher:
            break
    print(suffix, cipher, x)
    io.sendlineafter(b"XXXX:", x.encode())

这道题要求做一个三维的二维码(21*21*21),要求从三视图看,分别解码出Azure,Assassin,Alliance。
我一开始先令所有方块都是True,然后按照三个面去除一定不要的(有点像雕刻)。

但这样的方块数太多了,直接干到1500了,题目要求390以内。

穷举减方块,可以减就减,如果减了不对,就还原。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

def make_data(front, left, top):
    data = [[[True for _ in range(21)] for _ in range(21)] for _ in range(21)]
    for x in range(21):
        for y in range(21):
            if not front[x][y]:
                for z in range(21):
                    data[x][y][z] = False

    for y in range(21):
        for z in range(21):
            if not left[y][z]:
                for x in range(21):
                    data[x][y][z] = False

    for x in range(21):
        for z in range(21):
            if not top[x][z]:
                for y in range(21):
                    data[x][y][z] = False

    if not check_data(data):
        return None

    for x in range(21):
        for y in range(21):
            for z in range(21):
                if data[x][y][z]:
                    data[x][y][z] = False
                    if not check_data(data):
                        data[x][y][z] = True
        print(x, check_data(data), end="\r")
    print()
    # print(data)
    return data

这个parse有点坑,按zyx的顺序来的

1
2
3
give me your data:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000100000000000001000000000000010000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000100000000000000000000000000000000000000000011000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000001000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000010000000100000000000000000000000000010000000000011000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000010000000000000000000000000000000000010000000000000000000000000000000000001000000000000000000000000000000000000000001000000000000000000001000000000000000000001000000000000000000000000000000000000000001000000000000000000000000000000000000000
000000000000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000001000000000000000000000000000100000000000000000000100000000000000000000000101110100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000100000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000010100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000010000000000000000000000000000000000000000000000000000000000100000010000000000100000000100000000000000000000000000000000000000000000000000000000000000000000000000001001000000000000000000000001000000000000000000000010000000001000000000000000000000000000001000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000010000000000000000001000000000000000000000000000000000000000001000000000000000000001000000000000000000000000000001000000000000000000000000100000100000000000000000000000010000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001000000000000000000001000000000000000000001000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000010000000010000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000011000000000001000000000000000000000001000000000000000000001000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000010000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000010000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000010000000000000100000100000000000000000000010000000010001000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001000000000000000000001000000000000000000000000000000110000100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000100000000000000000001000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000110000000000000000000000000000000000000000000000000000000000100000000001000000100000000000000000000000000100000000000000000000000000000000000000000100100000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000100000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000010000000010000000000000000001000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000001000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000110000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000101100100000000000000000000000000000000100000000000000000000000000000000001000000100000000000010000000100000000000010000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000100000000000000000000000000100000000000100000000000000000000000000000000000001000000010000000000000000000000000000000000000000100000000000000000000000000000000010000000000000010000000000000000000000000010001000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001001000000000000000000000000001100000000010000000000000000000000001000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000001000000000000000010000000000000000000000000000000000000000010000100000000000000010000100000000000101110100100000010000000000000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000000000000000010000000010000000000000000000000000000000000000101100100000000000000000000000000000000000000000000000000000000
ACTF{QQQRCode_is_iiint3r3st1ng}