目录
MISC
另外一题不好评价
排队队吃果果
将字体变为黑色,每列按照数值升序排列
可以大概看到二维码,写个脚本,将加粗字体变为黑色部分,其余白色
import pandas as pd
import openpyxl
# 读取data.xlsx文件
df = pd.read_excel('data.xlsx', header=None)
# 打开data.xlsx文件以获取格式信息
wb = openpyxl.load_workbook('data.xlsx', data_only=True)
ws = wb.active
# 创建一个函数来判断单元格是否加粗
def is_bold(cell):
# 创建一个二维列表来存储结果(1表示加粗,0表示非加粗)
if cell.font and cell.font.bold:
return 1
return 0
result_data = []
# 遍历前39行和前39列的单元格,检查是否加粗并将结果存储在result_data中
for i in range(39):
row_data = []
for j in range(39):
cell_value = df.iloc[i, j]
cell = ws.cell(row=i + 1, column=j + 1)
is_cell_bold = is_bold(cell)
row_data.append(is_cell_bold)
result_data.append(row_data)
# 将结果输出到newoutput.txt文件
with open('newoutput.txt', 'w') as f:
for row in result_data:
f.write(''.join(map(str, row)))
print("数据已成功写入newoutput.txt文件。")
from PIL import Image
# 读取output.txt文件的内容
with open('new.txt', 'r') as f:
lines = f.readlines()
# 创建一个39x39的空白图像,默认背景为白色
size = 39
img = Image.new('RGB', (size, size), color='white')
# 修改图像的每个像素点颜色
for row_num, line in enumerate(lines):
if row_num >= size:
break
for col_num, char in enumerate(line.strip()):
if col_num >= size:
break
if char == '0':
img.putpixel((col_num, row_num), (0, 0, 0)) # 黑色像素
else:
img.putpixel((col_num, row_num), (255, 255, 255)) # 白色像素
# 保存图像为output_qrcode.png文件
img.save("output_qrcode2.png")
print("二维码已成功生成并保存为output_qrcode2.png文件。")
识别一下就有flag了
取证
取证检材:2023@QAX#LMB*PGS-9.16
案情:2023年初,某地公安机关抓获一个网络诈骗技术嫌疑人,公安机关在扣押嫌疑人后,对嫌疑人手机进行数据提取,在提取完成分析发现嫌疑人将通话记录及短信记录进行了删除,根据嫌疑人交代,其在删除通话及短信记录前使用过同伙编写的测试软件,该安卓程序会读取通话及短信记录并存放到手机中。由于通话和短信记录对案件很重要,请参赛队员分析手机镜像及对应apk,完成取证题目
1、检材数据开始提取是今年什么时候?(答案格式:04-12 13:26)
看日志
09-11 17:21
2.嫌疑人手机SD卡存储空间一共多少GB?(答案格式: 22.5)
logs.log中查看
24.32
3.嫌疑人手机设备名称是?(答案格式:adfer)
sailfish
4.嫌疑人手机IMEI是?(答案格式:3843487568726387)
352531082716257
5.嫌疑人手机通讯录数据存放在那个数据库文件中?(答案格式:call.db)
contacts.db
6.嫌疑人手机一共使用过多少个应用?(答案格式:22)
导出应用日志进行查看,按理来说应该是有使用时间的才算,答案为100,但是这里貌似安装了都算了,有点抽象
206
7.测试apk的包名是?(答案格式:con.tencent.com)
结合题目描述,筛选一下使用时间,猜测测试apk可能为My application
com.example.myapplication
8.测试apk的签名算法是?(答案格式:AES250)
看jadx反编译出来的,雷电那个格式不对
SHA256withRSA
9.测试apk的主入口是?(答案格式:com.tmp.mainactivity)
com.example.myapplication.MainActivity
10.测试apk一共申请了几个权限?(答案格式:7)
3
11.测试apk对Calllog.txt文件内的数据进行了什么加密?(答案格式:DES)
搜索一下Calllog.txt,定位到下面代码
这个格式又是一个奇奇怪怪的点,下面这个是对的
Base64
12.10086对嫌疑人拨打过几次电话?(答案格式:5)
解码一下
Number: +8618181922867, Type: 呼进, Date: Thu Aug 19 17:41:48 GMT+08:00 2021
Number: 008618181922867, Type: 呼进, Date: Tue Aug 17 17:48:45 GMT+08:00 2021
Number: 008618181922867, Type: 呼进, Date: Tue Aug 17 17:45:46 GMT+08:00 2021
Number: 008618181922867, Type: 呼进, Date: Tue Aug 17 17:45:24 GMT+08:00 2021
Number: +8618181922867, Type: 呼进, Date: Tue Aug 17 17:44:48 GMT+08:00 2021
Number: 008618181922867, Type: 呼进, Date: Tue Aug 17 17:43:46 GMT+08:00 2021
Number: 008618181922867, Type: 呼进, Date: Tue Aug 17 17:42:14 GMT+08:00 2021
Number: 008618181922867, Type: 呼进, Date: Tue Aug 17 17:41:33 GMT+08:00 2021
Number: 18181922867, Type: 呼出, Date: Tue Aug 17 17:38:00 GMT+08:00 2021
Number: 008618181922867, Type: 呼进, Date: Tue Aug 17 17:36:16 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 17:35:20 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 17:33:02 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 17:32:50 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 17:32:14 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 17:31:48 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 17:31:31 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 17:30:35 GMT+08:00 2021
Number: +8612336555, Type: 呼进, Date: Tue Aug 17 17:30:30 GMT+08:00 2021
Number: +8612336555, Type: 呼进, Date: Tue Aug 17 17:29:38 GMT+08:00 2021
Number: +8612336555, Type: 呼进, Date: Tue Aug 17 15:57:49 GMT+08:00 2021
Number: +8612336555, Type: 呼进, Date: Tue Aug 17 15:49:12 GMT+08:00 2021
Number: +8612336555, Type: 呼进, Date: Tue Aug 17 15:48:50 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:43:58 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:34:21 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:33:53 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:33:11 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:32:52 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:31:58 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:27:13 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:26:09 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:24:34 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:20:13 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:19:23 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:18:02 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:14:03 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:09:22 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:08:57 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:07:20 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:02:05 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 15:01:46 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:57:46 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:57:05 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:50:53 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:49:57 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:48:35 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:47:18 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:47:05 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:46:24 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:44:30 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:42:46 GMT+08:00 2021
Number: 008612336555, Type: 呼进, Date: Tue Aug 17 14:42:11 GMT+08:00 2021
Number: 0086***********, Type: 呼进, Date: Tue Aug 17 14:38:49 GMT+08:00 2021
Number: 0086***********, Type: 呼进, Date: Tue Aug 17 14:36:23 GMT+08:00 2021
Number: 0086***********, Type: 呼进, Date: Tue Aug 17 14:26:36 GMT+08:00 2021
Number: +86***********, Type: 呼进, Date: Tue Aug 17 14:24:22 GMT+08:00 2021
Number: +86***********, Type: 呼进, Date: Tue Aug 17 14:24:03 GMT+08:00 2021
Number: +86***********, Type: 呼进, Date: Tue Aug 17 14:22:12 GMT+08:00 2021
Number: +86***********, Type: 呼进, Date: Tue Aug 17 11:04:41 GMT+08:00 2021
Number: +86***********, Type: 呼进, Date: Tue Aug 17 11:04:04 GMT+08:00 2021
Number: +86***********, Type: 呼进, Date: Tue Aug 17 11:03:18 GMT+08:00 2021
Number: 10086, Type: 呼进, Date: Mon Aug 16 10:44:42 GMT+08:00 2021
Number: 10086, Type: 呼进, Date: Fri Aug 13 17:55:54 GMT+08:00 2021
Number: 057156371643, Type: 呼出, Date: Mon Mar 01 15:59:05 GMT+08:00 2021
Number: 051180961417, Type: 呼出, Date: Mon Mar 01 15:13:42 GMT+08:00 2021
数一下可以得到
2
13.测试apk对短信记录进行了几次加密?(答案格式:5)
找calllog.txt的时候还看到sms.txt,看一下sms是什么
那么定位sms.txt即可
AES和BASE64
2
14.测试apk对短信记录进行加密的秘钥是?(答案格式:slkdjlfslskdnln)
AES的秘钥在Getkey函数中
getkey函数在native层,去找so文件逆向一下
用jeb可以导出来,搜getkey
lijubdyhfurindhcbxdw
函数大概逻辑就是是first进行base64加密,且截取前16位
bGlqdWJkeWhmdXJp
15.嫌疑人在2021年登录支付宝的验证码是?(答案格式:3464)
用上面密钥解密sms.txt
导出txt
9250