1. 进入环境,下载附件

发现是一张png图片,如图:

xctf攻防世界 MISC高手进阶区 适合作为桌面、stage1_16进制


妈的,有点酷,就是看不出信息

2.问题分析

  2. 尝试StegSolve
    打开图片后一通乱翻,发现了一张二维码,如图:

    3. xctf攻防世界 MISC高手进阶区 适合作为桌面、stage1_16进制_02

  3. 放大:

    4. xctf攻防世界 MISC高手进阶区 适合作为桌面、stage1_反编译_03

  4. 尝试转码
    扫出来是一堆字符:

03F30D0A79CB05586300000000000000000100000040000000730D0000006400008400005A000064010053280200000063000000000300000016000000430000007378000000640100640200640300640400640500640600640700640300640800640900640A00640600640B00640A00640700640800640C00640C00640D00640E00640900640F006716007D00006410007D0100781E007C0000445D16007D02007C01007400007C0200830100377D0100715500577C010047486400005328110000004E6966000000696C00000069610000006967000000697B000000693300000069380000006935000000693700000069300000006932000000693400000069310000006965000000697D000000740000000028010000007403000000636872280300000074030000007374727404000000666C6167740100000069280000000028000000007304000000312E7079520300000001000000730A0000000001480106010D0114014E280100000052030000002800000000280000000028000000007304000000312E707974080000003C6D6F64756C653E010000007300000000

特征是从0-F,感觉是16进制文件,我们尝试扔到winhex中,看看这些是什么意思,如图:

xctf攻防世界 MISC高手进阶区 适合作为桌面、stage1_16进制_04


可以看到有py和pyt文件,判断可能可以进行pyc反编译。什么是pyc?传送门:https://www.yuanrenxue.com/tricks/what-is-pyc-file.html

  1. 反编译
    打开conda环境,依次输入:
# 安装uncompyle包
pip install uncompyle
# 将res.pyc反编译成result.py
uncompyle6 res.pyc > result.py

反编译后的代码如下:

def flag():
    str = [
     102, 108, 97, 103, 123, 51, 56, 97, 53, 55, 48, 51, 50, 48, 56, 53, 52, 52, 49, 101, 55, 125]
    flag = ''
    for i in str:
        flag += chr(i)

    print flag
# okay decompiling res.pyc

运行一下呗:结果如图:

xctf攻防世界 MISC高手进阶区 适合作为桌面、stage1_问题分析_05


最终答案为:​​flag{38a57032085441e7}​

stage1的最终答案为:​​AlphaLab​