首先 jpeg 里面是有 Huffman Tree 的,用来压缩数据。Google CTF 的题是找不存在的 E 所对应的 01 编码,因为 E 根本没出现在原文,故 Huffman Tree 不可能出现 E 对应的 01 编码。换到 jpeg 就需要去研究 jpeg 是怎么编码的,然后找出 DHT1 这个块里面有哪个 01 编码从头到尾根本没用过,然后就会发现每张图都藏着一个没使用过的 01 编码。
全部打印出来保留二进制末尾 4 位串在一起,然后 bin2str 就能看到 flag 了。
defnumber(x): if x[0] == '0': x = x.replace('0', '.').replace('1', '0').replace('.', '1') returnint(x, 2)
flag = '' __flag = ''
foridinrange(78): filename = f'pic/{id}.jpg' withopen(filename, 'rb') as f: d = f.read() DC, AC = {}, {}
ST = 0x6a L = int.from_bytes(d[ST-2:ST], 'big')-2 B = d[ST:ST+L][1:][:16] C = d[ST:ST+L][1:][16:] v, n = 0, 0 for i inrange(1, 16): v <<= 1 for _ inrange(B[i]): DC[f'{v:b}'.zfill(i+1)] = C[n] n += 1 v += 1
ST = 0x6a+L+4 L = int.from_bytes(d[ST-2:ST], 'big')-2 B = d[ST:ST+L][1:][:16] C = d[ST:ST+L][1:][16:] v, n = 0, 0 for i inrange(1, 16): v <<= 1 for _ inrange(B[i]): AC[f'{v:b}'.zfill(i+1)] = C[n] n += 1 v += 1
# print(DC, AC) ST = ST + L + 0xa bits = ''.join([bin(x)[2:].zfill(8) for x in d[ST:-2].replace(b'\xFF\x00', b'\xFF')]) st, ed = 0, 0 # print(bits[:100]) G_SET = set() whileTrue: # print(ed, len(bits)) while DC.get(bits[st: ed]) isNoneand ed <= len(bits): ed += 1 # print('debug', bits[st: ed]) if ed > len(bits): break DC_len = DC.get(bits[st: ed]) # print(DC_len, st, ed) st, ed = ed, ed + DC_len if DC_len: G_0_0 = number(bits[st: ed]) st = ed m = 0 while m < 63: while AC.get(bits[st: ed]) isNone: ed += 1 # print(AC.get(bits[st: ed]), AC.get(bits[st: ed]) & 0b1111, AC.get(bits[st: ed]) >> 4) G_SET.add(bits[st: ed]) if AC.get(bits[st: ed]) == 0: st = ed break # 0 m += AC.get(bits[st: ed]) >> 4
# > 0 AC_len = AC.get(bits[st: ed]) & 0b1111 st = ed = ed + AC_len m += 1 # print(bits[st: st+100]) diff = list(set(list(AC.keys())) - G_SET) assertlen(diff) == 1 assert diff[0][:-4] in ['0', '00', '000', '0000'] __flag += diff[0][-4:] iflen(__flag) == 8: flag += chr(int(__flag, 2)) __flag = '' print(flag)
print(flag)
Spy_Dog
不就是 99.9% 嘛,我用最简单的加噪音的方法给你打下来(然后就打下来了)
期待预期解,感觉可能是和 resize 有关的攻击。
import base64 import cv2 import random import numpy as np from keras.models import load_model from copy import deepcopy
model = load_model('simplenn.model') defcheckSkin(img1, img2): output = [] for i inrange(0, len(img1)): for j inrange(0, len(img1[i])): output.append(img2[i][j]-img1[i][j]) maxnum = 0 for i in output: num = 0 for j in i: if j >= 200: j = 255 - j num = j if num >= maxnum: maxnum = num index = i # print(index) # print(maxnum) if maxnum > 10: return0 else: return1 defcheckMask(img): predict = model.predict(img) return predict[0][1]
defmutation(img): for _ inrange(1): x = random.randint(0, 127) y = random.randint(0, 127) z = random.randint(0, 2) d = random.randint(-10, 10) img[0, x, y, z] = origin[0, x, y, z] + d return img