{"id":167,"date":"2025-10-06T21:33:45","date_gmt":"2025-10-06T13:33:45","guid":{"rendered":"https:\/\/www.sanjiuctf.com\/?p=167"},"modified":"2026-01-06T19:07:57","modified_gmt":"2026-01-06T11:07:57","slug":"__trashed-13","status":"publish","type":"post","link":"https:\/\/www.sanjiuctf.com\/?p=167","title":{"rendered":"2025\u7b2c\u4e5d\u5c4a\u5fa1\u7f51\u676f\u534a\u51b3\u8d5bCrypto–wp"},"content":{"rendered":"\n

YWB_Crypto_02<\/h2>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n

<\/p>\n\n\n\n

\u9898\u76ee\u63cf\u8ff0\uff1a<\/p>\n\n\n\n

CTF\u8d5b\u9898\u7684\u89e3\u4e00\u822c\u4ee5flag\u4e3a\u5f00\u5934\uff0c\u5df2\u77e5\u5b57\u7b26\u4e32\u201ca3FmbHs4Mjlfb244N184OHVwfQ==\u201d\uff0c\u8bf7\u7ed9\u51fa\u5bf9\u5e94\u7684flag\u503c\u3002<\/code><\/pre>\n\n\n\n
\u4e00\u773cbase64\u76f4\u63a5\u968f\u6ce2\u9010\u6d41\u89e3\u7801\u5c31\u884c<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
kqfl{829_on87_88up}<\/p>\n\n\n\n
\u51ef\u6492\u5bc6\u7801\u89e3\u5bc6\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
flag{829_ji87_88pk}<\/strong><\/p>\n\n\n\n
YWB_Crypto_01<\/h2>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
<\/p>\n\n\n\n
\u9898\u76ee\u63cf\u8ff0\uff1a<\/p>\n\n\n\n
\u5c0f\u660e\u5728\u505a\u4e2d\u95f4\u4eba\u653b\u51fb\u65f6\uff0c\u622a\u53d6\u4e86\u8fd9\u6837\u4e00\u6bb5\u4fe1\u606f\u4f20\u8f93\u5185\u5bb9\u201c4WC2ZZVNUPSYLLHGVWR6LBNM42W2HZMPRPSZNBHFQWWONLND4WC2ZZVNUPTLBEPEXC56LBNM42W2HZVTSXTLFO7GWOK6NMV35CXZVZF7UHTLBEPEXC56LBNM42W2HZMSRTULBEHFQWWONLND42K2ZZFYTLTLHFPGWK56LEUM5CYJBZVTSXTLFO7FV6GOLPF24W43HZ5NRHSY7C7FS2CONFNM4S4JVZMFVTTK3I7FR6F6LFUE46ELDZM3XXSYLLHGVWR6NFNM4S4JVZVTSXTLFO7FSKGORMEQ42ZZLZVSXPS27DHFXS5OLONT46WYTZMPRPSZNBHGSWWOJOE24WJIZ2FQSDTLBEPEXC56LEUM5CYJBZUWQ7TJRDXFSKGORMEQ4WJIZ2FQSDTLHFPGWK56RL424S72DZMSRTULBEA=\u201d \u8bf7\u5e2e\u4f60\u4ed6\u89e3\u5f00\u8c1c\u5e95\u5427\u3002        <\/code><\/pre>\n\n\n\n
base32\u89e3\u7801\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u516c\u6b63\u516c\u6b63\u516c\u6b63\u53cb\u5584\u516c\u6b63\u516c\u6b63\u6c11\u4e3b\u516c\u6b63\u6cd5\u6cbb\u6cd5\u6cbb\u8bda\u4fe1\u6c11\u4e3b\u516c\u6b63\u548c\u8c10\u516c\u6b63\u656c\u4e1a\u6cd5\u6cbb\u548c\u8c10\u6cd5\u6cbb\u5bcc\u5f3a\u5e73\u7b49\u53cb\u5584\u656c\u4e1a\u516c\u6b63\u53cb\u5584\u7231\u56fd\u516c\u6b63\u656c\u4e1a\u6cd5\u6cbb\u548c\u8c10\u6cd5\u6cbb\u5bcc\u5f3a\u5e73\u7b49\u53cb\u5584\u656c\u4e1a\u548c\u8c10\u6c11\u4e3b\u548c\u8c10\u6587\u660e\u548c\u8c10\u548c\u8c10\u6cd5\u6cbb\u8bda\u4fe1\u548c\u8c10<\/code><\/pre>\n\n\n\n
\u793e\u4f1a\u4e3b\u4e49\u6838\u5fc3\u4ef7\u503c\u89c2\u89e3\u7801\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
flag{cisp_nisp_123}<\/strong><\/p>\n\n\n\n
Find_flag<\/h2>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
<\/p>\n\n\n\n
\u9898\u76ee\u539f\u9898\uff1a<\/p>\n\n\n\n
\"\"<\/div><\/figure>\n\n\n\n
\u9898\u76ee\u6e90\u7801<\/p>\n\n\n\n
index.html\uff1a<\/p>\n\n\n\n
<html>\n    <head>\n        <title>Find_flag<\/title>\n        <style type=\"text\/css\">\n            body {\n                padding-left: 30%;\n            }\n\n            #flag {\n                font-family: Garamond, serif;\n                font-size: 36px;\n            }\n\n            #flagtitle {\n                font-family: Garamond, serif;\n                font-size: 24px;\n            }\n\n            .rightflag {\n                color: green;\n            }\n\n            .wrongflag {\n                color: red;\n            }\n        <\/style>\n        <script src=\"script-min.js\"><\/script>\n        <script type=\"text\/javascript\">\n            var ic = false;\n            var fg = \"\";\n\n            function getFlag() {\n                var token = document.getElementById(\"secToken\").value;\n                ic = checkToken(token);\n                fg = bm(token);\n                showFlag()\n            }\n\n            function showFlag() {\n                var t = document.getElementById(\"flagTitle\");\n                var f = document.getElementById(\"flag\");\n                t.innerText = !!ic ? \"You got the flag below!!\" : \"Wrong!\";\n                t.className = !!ic ? \"rightflag\" : \"wrongflag\";\n                f.innerText = fg;\n            }\n        <\/script>\n    <\/head>\n    <body>\n        <h1>Find_flag<\/h1>\n        <p>Type in some token to get the flag.<\/p>\n        <p>Tips:Find_flag<\/p>\n        <div>\n            <p>\n                <span>Token:<\/span>\n                <span><input type=\"text\" id=\"secToken\"\/><\/span>\n            <\/p>\n            <p>\n                <input type=\"button\" value=\"Get flag!\" onclick=\"getFlag()\" \/>\n            <\/p>\n        <\/div>\n        <div>\n            <p id=\"flagTitle\"><\/p>\n            <p id=\"flag\"><\/p>\n        <\/div>\n    <\/body>\n<\/html><\/code><\/pre>\n\n\n\n
script-min.js\uff1a<\/p>\n\n\n\n
function hm(s) {\n    return rh(rstr(str2rstr_utf8(s)));\n}\nfunction bm(s) {\n    return rb(rstr(str2rstr_utf8(s)));\n}\nfunction rstr(s) {\n    return binl2rstr(binl(rstr2binl(s), s.length * 8));\n}\nfunction checkToken(s) {\n    return s === \"FAKE-TOKEN\";\n}\nfunction rh(ip) {\n    try {\n        hc\n    } catch (e) {\n        hc = 0;\n    }\n    var ht = hc ? \"0123456789ABCDEF\" : \"0123456789abcdef\";\n    var op = \"\";\n    var x;\n    for (var i = 0; i < ip.length; i++) {\n        x = ip.charCodeAt(i);\n        op += ht.charAt((x >>> 4) & 0x0F) + ht.charAt(x & 0x0F);\n    }\n    return op;\n}\nfunction rb(ip) {\n    try {\n        bp\n    } catch (e) {\n        bp = '';\n    }\n    var b = \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+\/\";\n    var op = \"\";\n    var len = ip.length;\n    for (var i = 0; i < len; i += 3) {\n        var t = (ip.charCodeAt(i) << 16) | (i + 1 < len ? ip.charCodeAt(i + 1) << 8 : 0) | (i + 2 < len ? ip.charCodeAt(i + 2) : 0);\n        for (var j = 0; j < 4; j++) {\n            if (i * 8 + j * 6 > ip.length * 8)\n                op += bp;\n            else\n                op += b.charAt((t >>> 6 * (3 - j)) & 0x3F);\n        }\n    }\n    return op;\n}\nfunction ck(s) {\n    try {\n        ic\n    } catch (e) {\n        return;\n    }\n    var a = [105, 104, 102, 120, 117, 108, 48, 75, 81,70,87,73];\n    if (s.length == a.length) {\n        for (i = 0; i < s.length; i++) {\n            if (a[i] - s.charCodeAt(i) != 3)\n                return ic = false;\n        }\n        return ic = true;\n    }\n    return ic = false;\n}\nfunction str2rstr_utf8(input) {\n    var output = \"\";\n    var i = -1;\n    var x, y;\n    while (++i < input.length) {\n        x = input.charCodeAt(i);\n        y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0;\n        if (0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) {\n            x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF);\n            i++;\n        }\n        if (x <= 0x7F)\n            output += String.fromCharCode(x);\n        else if (x <= 0x7FF)\n            output += String.fromCharCode(0xC0 | ((x >>> 6) & 0x1F), 0x80 | (x & 0x3F));\n        else if (x <= 0xFFFF)\n            output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), 0x80 | ((x >>> 6) & 0x3F), 0x80 | (x & 0x3F));\n        else if (x <= 0x1FFFFF)\n            output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), 0x80 | ((x >>> 12) & 0x3F), 0x80 | ((x >>> 6) & 0x3F), 0x80 | (x & 0x3F));\n    }\n    return output;\n}\nfunction rstr2binl(input) {\n    var output = Array(input.length >> 2);\n    for (var i = 0; i < output.length; i++)\n        output[i] = 0;\n    for (var i = 0; i < input.length * 8; i += 8)\n        output[i >> 5] |= (input.charCodeAt(i \/ 8) & 0xFF) << (i % 32);\n    return output;\n}\nfunction binl2rstr(i) {\n    var o = \"\";\n    for (var j = 0; j < i.length * 32; j += 8)\n        o += String.fromCharCode((i[j >> 5] >>> (j % 32)) & 0xFF);\n    return o;\n}\nfunction binl(x, len) {\n    s = binl2rstr(x);\n    x[len >> 5] |= 0x80 << ((len) % 32);\n    x[(((len + 64) >>> 9) << 4) + 14] = len;\n    var a = 1732584193;\n    var b = -271733879;\n    var c = -1732584194;\n    var d = 271733878;\n    for (var i = 0; i < x.length; i += 16) {\n        var olda = a;\n        var oldb = b;\n        var oldc = c;\n        var oldd = d;\n        a = ff(a, b, c, d, x[i + 0], 7, -680876936);\n        d = ff(d, a, b, c, x[i + 1], 12, -389564586);\n        c = ff(c, d, a, b, x[i + 2], 17, 606105819);\n        b = ff(b, c, d, a, x[i + 3], 22, -1044525330);\n        a = ff(a, b, c, d, x[i + 4], 7, -176418897);\n        d = ff(d, a, b, c, x[i + 5], 12, 1200080426);\n        c = ff(c, d, a, b, x[i + 6], 17, -1473231341);\n        b = ff(b, c, d, a, x[i + 7], 22, -45705983);\n        a = ff(a, b, c, d, x[i + 8], 7, 1770035416);\n        d = ff(d, a, b, c, x[i + 9], 12, -1958414417);\n        c = ff(c, d, a, b, x[i + 10], 17, -42063);\n        b = ff(b, c, d, a, x[i + 11], 22, -1990404162);\n        a = ff(a, b, c, d, x[i + 12], 7, 1804603682);\n        d = ff(d, a, b, c, x[i + 13], 12, -40341101);\n        c = ff(c, d, a, b, x[i + 14], 17, -1502002290);\n        b = ff(b, c, d, a, x[i + 15], 22, 1236535329);\n        ck(s);\n        a = gg(a, b, c, d, x[i + 1], 5, -165796510);\n        d = gg(d, a, b, c, x[i + 6], 9, -1069501632);\n        c = gg(c, d, a, b, x[i + 11], 14, 643717713);\n        b = gg(b, c, d, a, x[i + 0], 20, -373897302);\n        a = gg(a, b, c, d, x[i + 5], 5, -701558691);\n        d = gg(d, a, b, c, x[i + 10], 9, 38016083);\n        c = gg(c, d, a, b, x[i + 15], 14, -660478335);\n        b = gg(b, c, d, a, x[i + 4], 20, -405537848);\n        a = gg(a, b, c, d, x[i + 9], 5, 568446438);\n        d = gg(d, a, b, c, x[i + 14], 9, -1019803690);\n        c = gg(c, d, a, b, x[i + 3], 14, -187363961);\n        b = gg(b, c, d, a, x[i + 8], 20, 1163531501);\n        a = gg(a, b, c, d, x[i + 13], 5, -1444681467);\n        d = gg(d, a, b, c, x[i + 2], 9, -51403784);\n        c = gg(c, d, a, b, x[i + 7], 14, 1735328473);\n        b = gg(b, c, d, a, x[i + 12], 20, -1926607734);\n        a = hh(a, b, c, d, x[i + 5], 4, -378558);\n        d = hh(d, a, b, c, x[i + 8], 11, -2022574463);\n        c = hh(c, d, a, b, x[i + 11], 16, 1839030562);\n        b = hh(b, c, d, a, x[i + 14], 23, -35309556);\n        a = hh(a, b, c, d, x[i + 1], 4, -1530992060);\n        d = hh(d, a, b, c, x[i + 4], 11, 1272893353);\n        c = hh(c, d, a, b, x[i + 7], 16, -155497632);\n        b = hh(b, c, d, a, x[i + 10], 23, -1094730640);\n        a = hh(a, b, c, d, x[i + 13], 4, 681279174);\n        d = hh(d, a, b, c, x[i + 0], 11, -358537222);\n        c = hh(c, d, a, b, x[i + 3], 16, -722521979);\n        b = hh(b, c, d, a, x[i + 6], 23, 76029189);\n        a = hh(a, b, c, d, x[i + 9], 4, -640364487);\n        d = hh(d, a, b, c, x[i + 12], 11, -421815835);\n        c = hh(c, d, a, b, x[i + 15], 16, 530742520);\n        b = hh(b, c, d, a, x[i + 2], 23, -995338651);\n        a = ii(a, b, c, d, x[i + 0], 6, -198630844);\n        d = ii(d, a, b, c, x[i + 7], 10, 1126891415);\n        c = ii(c, d, a, b, x[i + 14], 15, -1416354905);\n        b = ii(b, c, d, a, x[i + 5], 21, -57434055);\n        a = ii(a, b, c, d, x[i + 12], 6, 1700485571);\n        d = ii(d, a, b, c, x[i + 3], 10, -1894986606);\n        c = ii(c, d, a, b, x[i + 10], 15, -1051523);\n        b = ii(b, c, d, a, x[i + 1], 21, -2054922799);\n        a = ii(a, b, c, d, x[i + 8], 6, 1873313359);\n        d = ii(d, a, b, c, x[i + 15], 10, -30611744);\n        c = ii(c, d, a, b, x[i + 6], 15, -1560198380);\n        b = ii(b, c, d, a, x[i + 13], 21, 1309151649);\n        a = ii(a, b, c, d, x[i + 4], 6, -145523070);\n        d = ii(d, a, b, c, x[i + 11], 10, -1120210379);\n        c = ii(c, d, a, b, x[i + 2], 15, 718787259);\n        b = ii(b, c, d, a, x[i + 9], 21, -343485551);\n        a = sa(a, olda);\n        b = sa(b, oldb);\n        c = sa(c, oldc);\n        d = sa(d, oldd);\n    }\n    return Array(a, b, c, d);\n}\nfunction cmn(q, a, b, x, s, t) {\n    return sa(br(sa(sa(a, q), sa(x, t)), s), b);\n}\nfunction ff(a, b, c, d, x, s, t) {\n    return cmn((b & c) | ((~b) & d), a, b, x, s, t);\n}\nfunction gg(a, b, c, d, x, s, t) {\n    return cmn((b & d) | (c & (~d)), a, b, x, s, t);\n}\nfunction hh(a, b, c, d, x, s, t) {\n    return cmn(b ^ c ^ d, a, b, x, s, t);\n}\nfunction ii(a, b, c, d, x, s, t) {\n    return cmn(c ^ (b | (~d)), a, b, x, s, t);\n}\nfunction sa(x, y) {\n    var lsw = (x & 0xFFFF) + (y & 0xFFFF);\n    var msw = (x >> 16) + (y >> 16) + (lsw >> 16);\n    return (msw << 16) | (lsw & 0xFFFF);\n}\nfunction br(n, c) {\n    return (n << c) | (n >>> (32 - c));\n}\n<\/code><\/pre>\n\n\n\n
\u8fd9\u9053\u9898\u8003\u5bdf\u5bf9\u6df7\u6dc6\u4ee3\u7801\u7684\u9759\u6001\u5206\u6790\u80fd\u529b\u3001\u5bc6\u7801\u5b66\u76f4\u89c9\uff08\u8bc6\u522b\u51cf3\u7684\u7b80\u5355\u52a0\u5bc6\uff09\u4ee5\u53ca\u6388\u6743\u7ed5\u8fc7\u601d\u8def<\/p>\n\n\n\n
\u65b9\u6cd5\u4e00\u5bf9\u5e94\u7684\u89e3\u5bc6\u811a\u672c\uff1a<\/strong><\/p>\n\n\n\n
def get_valid_tokens():\n    # \u4ececk\u51fd\u6570\u4e2d\u63d0\u53d6\u7684\u7f16\u7801\u6570\u7ec4\n    encoded = [105, 104, 102, 120, 117, 108, 48, 75, 81, 70, 87, 73]\n\n    # \u6839\u636eck\u51fd\u6570\u903b\u8f91\u89e3\u7801\n    decoded = ''.join([chr(x - 3) for x in encoded])\n\n    # \u4ececheckToken\u51fd\u6570\u83b7\u53d6\u7684\u786c\u7f16\u7801token\n    hardcoded_token = \"FAKE-TOKEN\"\n\n    return {\n        \"decoded_from_ck\": decoded,\n        \"hardcoded_token\": hardcoded_token\n    }\n\ndef validate_token(token):\n    # \u6a21\u62df\u539fJS\u4e2d\u7684\u4e24\u4e2a\u9a8c\u8bc1\u51fd\u6570\n    ck_valid = False\n    if len(token) == 12:  # \u7f16\u7801\u6570\u7ec4\u957f\u5ea6\u662f12\n        a = [105, 104, 102, 120, 117, 108, 48, 75, 81, 70, 87, 73]\n        valid = True\n        for i in range(len(token)):\n            if a[i] - ord(token[i]) != 3:\n                valid = False\n                break\n        ck_valid = valid\n\n    check_token_valid = (token == \"FAKE-TOKEN\")\n\n    return {\n        \"ck_valid\": ck_valid,\n        \"checkToken_valid\": check_token_valid\n    }\n\n# \u83b7\u53d6\u6240\u6709\u53ef\u80fd\u7684\u6709\u6548token\ntokens = get_valid_tokens()\nprint(\"Possible valid tokens:\")\nprint(f\"1. From ck function: {tokens['decoded_from_ck']}\")\nprint(f\"2. Hardcoded in checkToken: {tokens['hardcoded_token']}\")\n\n# \u9a8c\u8bc1\u8fd9\u4e9btoken\nprint(\"nValidation results:\")\nfor name, token in tokens.items():\n    results = validate_token(token)\n    print(f\"nToken: {token}\")\n    print(f\"- ck function valid: {results['ck_valid']}\")\n    print(f\"- checkToken valid: {results['checkToken_valid']}\")<\/code><\/pre>\n\n\n\n
\u4ee3\u7801\u89e3\u91ca\uff1a<\/p>\n\n\n\n
\u5206\u6790\u548c\u9a8c\u8bc1JavaScript\u4ee3\u7801\u4e2d\u7684token\u9a8c\u8bc1\u673a\u5236<\/p>\n\n\n\n
get_valid_tokens()<\/code> \u51fd\u6570<\/strong><\/p>\n\n\n\n
    \n
  • \u4eceJavaScript\u7684ck()<\/code>\u51fd\u6570\u4e2d\u63d0\u53d6\u786c\u7f16\u7801\u7684ASCII\u503c\u6570\u7ec4<\/li>\n\n\n\n
  • \u6839\u636eck()<\/code>\u51fd\u6570\u7684\u9a8c\u8bc1\u903b\u8f91\u89e3\u7801\u51fa\u53ef\u80fd\u7684\u6709\u6548token<\/li>\n\n\n\n
  • \u540c\u65f6\u83b7\u53d6checkToken()<\/code>\u51fd\u6570\u4e2d\u786c\u7f16\u7801\u7684token<\/li>\n<\/ul>\n\n\n\n
      \n
    1. encoded<\/code>\u6570\u7ec4\u6765\u81eaJS\u4ee3\u7801\u4e2dck()<\/code>\u51fd\u6570\u7684a<\/code>\u6570\u7ec4<\/li>\n\n\n\n
    2. \u6839\u636eck()<\/code>\u51fd\u6570\u7684\u68c0\u67e5\u6761\u4ef6a[i] - s.charCodeAt(i) == 3<\/code>\uff0c\u53ef\u4ee5\u63a8\u5bfc\u51fa\u6b63\u786e\u7684\u5b57\u7b26\u5e94\u8be5\u662fa[i] - 3<\/code><\/li>\n\n\n\n
    3. \u4f7f\u7528\u5217\u8868\u63a8\u5bfc\u5f0f\u5c06\u6bcf\u4e2a\u7f16\u7801\u503c\u51cf3\u5e76\u8f6c\u6362\u4e3a\u5bf9\u5e94\u5b57\u7b26<\/li>\n\n\n\n
    4. \u8fd4\u56de\u4e24\u4e2a\u53ef\u80fd\u7684\u6709\u6548token\uff1a\u4e00\u4e2a\u662f\u4ececk()<\/code>\u89e3\u7801\u7684\uff0c\u4e00\u4e2a\u662fcheckToken()<\/code>\u786c\u7f16\u7801\u7684<\/li>\n<\/ol>\n\n\n\n
      validate_token()<\/code> \u51fd\u6570<\/strong><\/p>\n\n\n\n
        \n
      • \u6a21\u62dfJavaScript\u4e2d\u7684\u4e24\u4e2a\u9a8c\u8bc1\u51fd\u6570ck()<\/code>\u548ccheckToken()<\/code><\/li>\n\n\n\n
      • \u68c0\u67e5\u7ed9\u5b9a\u7684token\u662f\u5426\u901a\u8fc7\u8fd9\u4e24\u4e2a\u9a8c\u8bc1<\/li>\n<\/ul>\n\n\n\n
          \n
        1. ck_valid<\/code>\u521d\u59cb\u4e3aFalse\uff0c\u53ea\u6709\u5f53token\u6ee1\u8db3\u6240\u6709\u6761\u4ef6\u65f6\u624d\u8bbe\u4e3aTrue<\/li>\n\n\n\n
        2. \u9996\u5148\u68c0\u67e5token\u957f\u5ea6\u662f\u5426\u4e3a12\uff08\u4e0e\u7f16\u7801\u6570\u7ec4\u957f\u5ea6\u4e00\u81f4\uff09<\/li>\n\n\n\n
        3. \u68c0\u67e5\u6bcf\u4e2a\u5b57\u7b26\u662f\u5426\u6ee1\u8db3a[i] - ord(char) == 3<\/code>\u7684\u6761\u4ef6<\/li>\n\n\n\n
        4. check_token_valid<\/code>\u76f4\u63a5\u6bd4\u8f83token\u662f\u5426\u4e3a”FAKE-TOKEN”<\/li>\n\n\n\n
        5. \u8fd4\u56de\u5305\u542b\u4e24\u4e2a\u9a8c\u8bc1\u7ed3\u679c\u7684\u5b57\u5178<\/li>\n<\/ol>\n\n\n\n
          \u6700\u540e\uff1a<\/strong><\/p>\n\n\n\n
            \n
          • \u83b7\u53d6\u6240\u6709\u53ef\u80fd\u7684\u6709\u6548token<\/li>\n\n\n\n
          • \u6253\u5370\u8fd9\u4e9btoken<\/li>\n\n\n\n
          • \u9a8c\u8bc1\u6bcf\u4e2atoken\u5728\u4e24\u4e2a\u9a8c\u8bc1\u51fd\u6570\u4e2d\u7684\u6709\u6548\u6027<\/li>\n\n\n\n
          • \u8f93\u51fa\u9a8c\u8bc1\u7ed3\u679c<\/li>\n<\/ul>\n\n\n\n
              \n
            1. \u8c03\u7528get_valid_tokens()<\/code>\u83b7\u53d6\u4e24\u4e2atoken<\/li>\n\n\n\n
            2. \u6253\u5370\u8fd9\u4e24\u4e2atoken<\/li>\n\n\n\n
            3. \u5bf9\u6bcf\u4e2atoken\u8c03\u7528validate_token()<\/code>\u8fdb\u884c\u9a8c\u8bc1<\/li>\n\n\n\n
            4. \u6253\u5370\u6bcf\u4e2atoken\u7684\u9a8c\u8bc1\u7ed3\u679c<\/li>\n<\/ol>\n\n\n\n
              \u5bf9\u4e8e\u7ed9\u5b9a\u7684\u7f16\u7801\u6570\u7ec4[105, 104, 102, 120, 117, 108, 48, 75, 81, 70, 87, 73]<\/code>\uff0c\u89e3\u7801\u540e\u7684token\u5e94\u8be5\u662ffecuri-HNCTF<\/code>\uff08\u6bcf\u4e2a\u6570\u5b57\u51cf3\u540e\u5bf9\u5e94\u7684ASCII\u5b57\u7b26\uff09<\/p>\n\n\n\n
              \"\"<\/div><\/figure>\n\n\n\n
              \u65b9\u6cd5\u4e8c\uff1a\u624b\u52a8\u8f93\u5165<\/strong><\/p>\n\n\n\n
              \u5df2\u7ecf\u77e5\u9053\u539f\u7406\u76f4\u63a5\u624b\u52a8\u8f93\u5165<\/p>\n\n\n\n
              105, 104, 102, 120, 117, 108, 48, 75, 81,70,87,73 --\u2014>\uff08-3\uff09\n\n102 101 99 117 114 105 45 72 78 67 84 69<\/code><\/pre>\n\n\n\n
              \u8f6c\u6210ASCII\u7801<\/p>\n\n\n\n
              \"\"<\/div><\/figure>\n\n\n\n
              fecuri-HNCTE<\/code><\/pre>\n\n\n\n
              FAKE-TOKEN<\/code><\/pre>\n\n\n\n
              \u7136\u540e\u9a8c\u8bc1\u8fd9\u4e24\u4e2a\u5c31\u884c<\/p>\n\n\n\n
              \"\"<\/div><\/figure>\n\n\n\n
              flag{4gl6lDO096EMj1DGCCwOzw}<\/p>\n\n\n\n
              ez_classical<\/h2>\n\n\n\n
              \"\"<\/div><\/figure>\n\n\n\n
              \"\"<\/div><\/figure>\n\n\n\n
              }MZS0wu4aiwJsREMZS{qmwp<\/p>\n\n\n\n
              \u9898\u76ee\u8bf4\u662f\u53e4\u5178\u5bc6\u7801<\/p>\n\n\n\n
              \u8bf4\u5b9e\u8bdd\u6211\u5f53\u65f6\u8fd9\u4e2a\u6211\u5728\u5f53\u65f6\u6839\u672c\u89e3\u4e0d\u51fa\u6765<\/p>\n\n\n\n
              \u5f53\u65f6\u662f\u5148\u628a\u4ed6\u53cd\u8f6c<\/p>\n\n\n\n
              pwmq{SZMERsJwia4uw0SZM}<\/p>\n\n\n\n
              \u7136\u540e\u76f4\u63a5\u51ef\u6492\u89e3\u7801<\/p>\n\n\n\n
              \u7136\u540e\u89e3\u4e0d\u51fa\u6765\uff0c\u5f53\u65f6\u4e5f\u60f3\u8fc7\u4f4d\u79fbpwmq–>flag<\/p>\n\n\n\n
              p-f \u4f4d\u79fb-10\uff0cw-l\u4f4d\u79fb-11\uff0cm-a\u4f4d\u79fb-12 q-g\u4f4d\u79fb-10 \u90a3\u4e48\u5c31\u4ee5\u3010-10,-11,-12\u3011\u7684\u4f4d\u79fb\u6392\u5e8f<\/p>\n\n\n\n
              \u4ee3\u7801\uff1a<\/p>\n\n\n\n
              def decrypt_flag(ciphertext: str) -> str:\n    \"\"\"\u4f7f\u7528\u81ea\u5b9a\u4e49\u6620\u5c04\u8868\u89e3\u5bc6CTF flag\"\"\"\n    # \u57fa\u4e8e pwmq -> flag \u7684\u6620\u5c04\u5173\u7cfb\uff0c\u6784\u5efa\u5b8c\u6574\u6620\u5c04\u8868\n    char_mapping = {\n        # \u57fa\u7840\u6620\u5c04 (p->f, w->l, m->a, q->g)\n        'p': 'f', 'w': 'l', 'm': 'a', 'q': 'g',\n        # \u6269\u5c55\u5c0f\u5199\u5b57\u6bcd\u6620\u5c04\n        's': 's', 'j': 'h', 'i': 'r', 'a': 'e', 'u': '_', 'e': 'r',\n        # \u6269\u5c55\u5927\u5199\u5b57\u6bcd\u6620\u5c04\n        'S': 'C', 'Z': 'T', 'M': 'F', 'E': 'A', 'R': 'G', 'J': 'H', 'W': 'E',\n        # \u6570\u5b57\u548c\u7279\u6b8a\u5b57\u7b26\u6620\u5c04\n        '4': '4', '0': '0', '{': '{', '}': '}'\n    }\n\n    # \u89e3\u5bc6\u8fc7\u7a0b\n    decrypted = []\n    for char in ciphertext:\n        # \u4f18\u5148\u4f7f\u7528\u6620\u5c04\u8868\u8f6c\u6362\uff0c\u672a\u77e5\u5b57\u7b26\u4fdd\u6301\u4e0d\u53d8\n        decrypted_char = char_mapping.get(char, char)\n        # \u5904\u7406\u6620\u5c04\u8868\u4e2d\u672a\u5b9a\u4e49\u7684\u5b57\u7b26\uff08\u4fdd\u6301\u539f\u59cb\u5b57\u7b26\uff09\n        decrypted.append(decrypted_char)\n\n    return ''.join(decrypted)\n\n# \u5f85\u89e3\u5bc6\u7684\u5bc6\u6587\nciphertext = \"pwmq{SZMERsJwia4uw0SZM}\"\n\n# \u6267\u884c\u89e3\u5bc6\nflag = decrypt_flag(ciphertext)\n\n# \u8f93\u51fa\u7ed3\u679c\nprint(f\"\u89e3\u5bc6\u540e\u7684flag: {flag}\")<\/code><\/pre>\n\n\n\n
              \"\"<\/div><\/figure>\n\n\n\n
              flag{CTFAGsHlre4_l0CTF}<\/p>\n\n\n\n
              \u8fd9\u4e2a\u597d\u50cf\u5df2\u7ecf\u5f88\u50cf\u4e86\u4f46\u662f\u4e0d\u5bf9<\/p>\n\n\n\n
              \u6211\u670d\u4e86<\/p>\n\n\n\n
              \u7136\u540e\u5728\u5c1d\u8bd5\u770b\u770b<\/p>\n\n\n\n
              \u5148\u89e3\u7801<\/p>\n\n\n\n
              \"\"<\/div><\/figure>\n\n\n\n
              \u53d1\u73b0\u51ef\u649210\uff0c11\uff0c12 \u5f88\u50cffla<\/p>\n\n\n\n
              \u6211\u4eec\u53ef\u4ee5\u901a\u8fc7\u5faa\u73af\u6b65\u8fdb\u4e3a3\u62fc\u63a5\u5b57\u7b26\u5f97\u5230flag<\/p>\n\n\n\n
              \u624b\u52a8\uff1a<\/p>\n\n\n\n
              \u5c1d\u8bd5\u89e3\u5bc6\u6574\u4e2a\u5b57\u7b26\u4e32 pwmq{SZMERsJwia4uw0SZM}<\/code>\uff1a<\/p>\n\n\n\n
              \u5206\u7ec4\uff1ap w m q { S Z M E R s J w i a 4 u w 0 S Z M }<\/code><\/p>\n\n\n\n
              \u504f\u79fb\u91cf\u5faa\u73af\uff1a10, 11, 12, 10, 11, 12, 10, 11, 12, 10, 11, 12, 10, 11, 12, 10, 11, 12, 10, 11, 12<\/p>\n\n\n\n
              \u9010\u5b57\u7b26\u89e3\u5bc6\uff1a<\/p>\n\n\n\n
                \n
              1. p<\/code> -10 -> f<\/code><\/li>\n\n\n\n
              2. w<\/code> -11 -> l<\/code><\/li>\n\n\n\n
              3. m<\/code> -12 -> a<\/code><\/li>\n\n\n\n
              4. q<\/code> -10 -> g<\/code><\/li>\n\n\n\n
              5. {<\/code> -> {<\/code>\uff08\u4e0d\u53d8\uff09<\/li>\n\n\n\n
              6. S<\/code> -11 -> H<\/code><\/li>\n\n\n\n
              7. Z<\/code> -12 -> T<\/code><\/li>\n\n\n\n
              8. M<\/code> -10 -> C<\/code><\/li>\n\n\n\n
              9. E<\/code> -11 -> T<\/code><\/li>\n\n\n\n
              10. R<\/code> -12 -> F<\/code><\/li>\n\n\n\n
              11. s<\/code> -10 -> i<\/code><\/li>\n\n\n\n
              12. J<\/code> -11 -> Y<\/code><\/li>\n\n\n\n
              13. w<\/code> -12 -> k<\/code><\/li>\n\n\n\n
              14. i<\/code> -10 -> y<\/code><\/li>\n\n\n\n
              15. a<\/code> -11 -> p<\/code><\/li>\n\n\n\n
              16. 4<\/code> -> 4<\/code>\uff08\u4e0d\u53d8\uff09<\/li>\n\n\n\n
              17. u<\/code> -12 -> i<\/code><\/li>\n\n\n\n
              18. w<\/code> -10 -> m<\/code><\/li>\n\n\n\n
              19. 0<\/code> -> 0<\/code>\uff08\u4e0d\u53d8\uff09<\/li>\n\n\n\n
              20. S<\/code> -11 -> H<\/code><\/li>\n\n\n\n
              21. Z<\/code> -12 -> T<\/code><\/li>\n\n\n\n
              22. M<\/code> -10 -> C<\/code><\/li>\n\n\n\n
              23. }<\/code> -> }<\/code>\uff08\u4e0d\u53d8\uff09<\/li>\n<\/ol>\n\n\n\n
                \u62fc\u63a5\u7ed3\u679c\uff1aflag{HTCTFiykyp4im0HTC}<\/code><\/p>\n\n\n\n
                py3\u4ee3\u7801\u89e3\u7801\uff1a<\/p>\n\n\n\n
                def caesar_decrypt(ciphertext, offsets):\n    plaintext = []\n    offset_index = 0\n    for char in ciphertext:\n        if char.isalpha():\n            # Determine the offset for the current character\n            offset = offsets[offset_index % len(offsets)]\n            offset_index += 1\n            # Decrypt uppercase and lowercase letters\n            if char.isupper():\n                decrypted_char = chr(((ord(char) - ord('A') - offset) % 26) + ord('A'))\n            else:\n                decrypted_char = chr(((ord(char) - ord('a') - offset) % 26) + ord('a'))\n        else:\n            # Leave non-alphabetic characters unchanged\n            decrypted_char = char\n        plaintext.append(decrypted_char)\n    return ''.join(plaintext)\n\n# Encrypted string\nciphertext = \"pwmq{SZMERsJwia4uw0SZM}\"\n\n# Define the offsets to cycle through (10, 11, 12)\noffsets = [10, 11, 12]\n\n# Decrypt the ciphertext\nplaintext = caesar_decrypt(ciphertext, offsets)\n\nprint(\"Decrypted text:\", plaintext)<\/code><\/pre>\n\n\n\n
                \"\"<\/div><\/figure>\n\n\n\n
                flag{HNCTFiYkyp4im0HNC}<\/strong><\/p>\n\n\n\n
                \u7b54\u6848\u5c31\u662f\u8fd9\u4e2a<\/p>\n\n\n\n
                <\/p>\n","protected":false},"excerpt":{"rendered":"
                YWB_Crypto_02 \u9898\u76ee\u63cf\u8ff0\uff1a \u4e00\u773cbase64\u76f4\u63a5\u968f\u6ce2\u9010\u6d41\u89e3\u7801\u5c31\u884c kqfl{829_on87_88 […]<\/p>\n","protected":false},"author":1,"featured_media":2311,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,13],"tags":[],"class_list":["post-167","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ctf","category-13"],"_links":{"self":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts\/167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=167"}],"version-history":[{"count":7,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts\/167\/revisions"}],"predecessor-version":[{"id":199,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/posts\/167\/revisions\/199"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=\/wp\/v2\/media\/2311"}],"wp:attachment":[{"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sanjiuctf.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}