Title address: https://buuoj.cn/challenges#[BJDCTF2020]%E4%B8%80%E5%8F%B6%E9%9A%9C%E7%9B%AE
The title picture looks like this
010 EditorAn CRC不匹配error occurs when using open
The picture can be opened normally, but it appears CRC匹配错误that the width and height are generally modified
I don’t know what the original width and height are here. I tested and modified it manually, and it didn’t take long.
When the width is changed to:, the 01 E2height is:07 77
Save, open the picture, and be careful not to
enlarge it. The enlargement becomes like this hahahaha
After I did it, I searched it online and saw a 修复CRC错误script tqltql written by a big guy
#coding=utf-8
import zlib
import struct
#读文件
file = '1.png' #注意,1.png图片要和脚本在同一个文件夹下哦~
fr = open(file,'rb').read()
data = bytearray(fr[12:29])
crc32key = eval(str(fr[29:33]).replace('\\x','').replace("b'",'0x').replace("'",''))
#crc32key = 0xCBD6DF8A #补上0x,copy hex value
#data = bytearray(b'\x49\x48\x44\x52\x00\x00\x01\xF4\x00\x00\x01\xF1\x08\x06\x00\x00\x00') #hex下copy grep hex
n = 4095 #理论上0xffffffff,但考虑到屏幕实际,0x0fff就差不多了
for w in range(n):#高和宽一起爆破
width = bytearray(struct.pack('>i', w))#q为8字节,i为4字节,h为2字节
for h in range(n):
height = bytearray(struct.pack('>i', h))
for x in range(4):
data[x+4] = width[x]
data[x+8] = height[x]
#print(data)
crc32result = zlib.crc32(data)
if crc32result == crc32key:
print(width,height)
#写文件
newpic = bytearray(fr)
for x in range(4):
newpic[x+16] = width[x]
newpic[x+20] = height[x]
fw = open(file+'.png','wb')#保存副本
fw.write(newpic)
fw.close
flag{
66666}