Title address: https://buuoj.cn/challenges#[BJDCTF2020]%E4%B8%80%E5%8F%B6%E9%9A%9C%E7%9B%AE
The title picture looks like this
010 Editor
An CRC不匹配
error occurs when using open
The picture can be opened normally, but it appears CRC匹配错误
that the width and height are generally modified
I don’t know what the original width and height are here. I tested and modified it manually, and it didn’t take long.
When the width is changed to:, the 01 E2
height is:07 77
Save, open the picture, and be careful not to
enlarge it. The enlargement becomes like this hahahaha
After I did it, I searched it online and saw a 修复CRC错误
script tqltql written by a big guy
#coding=utf-8
import zlib
import struct
#读文件
file = '1.png' #注意,1.png图片要和脚本在同一个文件夹下哦~
fr = open(file,'rb').read()
data = bytearray(fr[12:29])
crc32key = eval(str(fr[29:33]).replace('\\x','').replace("b'",'0x').replace("'",''))
#crc32key = 0xCBD6DF8A #补上0x,copy hex value
#data = bytearray(b'\x49\x48\x44\x52\x00\x00\x01\xF4\x00\x00\x01\xF1\x08\x06\x00\x00\x00') #hex下copy grep hex
n = 4095 #理论上0xffffffff,但考虑到屏幕实际,0x0fff就差不多了
for w in range(n):#高和宽一起爆破
width = bytearray(struct.pack('>i', w))#q为8字节,i为4字节,h为2字节
for h in range(n):
height = bytearray(struct.pack('>i', h))
for x in range(4):
data[x+4] = width[x]
data[x+8] = height[x]
#print(data)
crc32result = zlib.crc32(data)
if crc32result == crc32key:
print(width,height)
#写文件
newpic = bytearray(fr)
for x in range(4):
newpic[x+16] = width[x]
newpic[x+20] = height[x]
fw = open(file+'.png','wb')#保存副本
fw.write(newpic)
fw.close
flag{
66666}