201912_BUUCTF_Base64隐写

tags:Base64隐写

0x00. 题目

附件路径：https://pan.baidu.com/s/1GyH7kitkMYywGC9YJeQLJA?pwd=Zmxh#list/path=/CTF附件

附件名称：201912_BUUCTF_Base64隐写.zip

0x01. WP

打开文件发现为多行Base64文本，猜测为Base64隐写

exp1.py

# 使用现成第三方库进行解码
import b64steg
with open('flag.txt' ,'r') as f:s=f.read()print(b64steg.decry(s))
# b'GXY{fazhazhenhaoting}\x00'

exp2.py

从Base64编码算法入手逆向解码分析隐写二进制内容，并将二进制内容转为字符串

import base64def int2Bin(digit):return bin(digit)[2:]  #将索引转成二进制，去掉'0b';def binAsc(string):       #二进制转成ASCII码temp = ''for i in range(int(len(string) / 8)):temp += chr(int(string[i * 8 : i* 8 + 8] , 2))return tempdef readBase64FromFile(filename):Base64Char = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"     #Base64字符集 已按照规范排列result = ''with open(filename ,'r') as f:for data in f.readlines():if data.find('==') > 0:result += int2Bin(Base64Char.index(data[-4]))[-4:]    #根据隐写原理，‘==’情况取等号前最后一个字符转换后取后4位elif data.find('=') > 0:result += int2Bin(Base64Char.index(data[-3]))[-2:]    #根据隐写原理，‘=’情况取等号前最后一个字符转换后取后2位print(binAsc(result))readBase64FromFile('flag.txt')
# GXY{fazhazhenhaoting}