CTF 题目解法详解与教学指南<\/h1>

概述<\/h2>
本文档基于 QnQSec CTF 2025 部分题目的解法，系统性地总结各类 CTF 题型的解题思路、技术要点和实现方法。内容涵盖 Misc、Hardware、Crypto 和 Reverse 等多个方向，旨在为 CTF 参赛者提供全面的技术参考。<\/p>

1. Misc 类题目<\/h2>

1.1 Echoes of the Unknown<\/h3>

题目类型<\/strong>：音频隐写
技术要点<\/strong>：<\/p>

使用传统隐写工具（如 Stegsolve、Audacity 等）进行分析<\/li>
重点检查音频的波形图，可能隐藏可视信息<\/li>
波形图可能直接包含 Flag 文本<\/li> <\/ul>
解题步骤<\/strong>：<\/p>

用音频编辑软件打开题目提供的音频文件<\/li>
查看波形图显示模式<\/li>
直接识别波形图中的 Flag 文本<\/li> <\/ol>
答案<\/strong>：QnQSec{h1dd3n_1n_4ud1o}<\/code><\/p>
1.2 Catch Me<\/h3> 题目类型<\/strong>：GIF 分帧与二维码识别技术要点<\/strong>：<\/p> GIF 文件包含多帧图像，每帧可能包含部分信息<\/li> 需要编写脚本进行分帧处理<\/li> 批量识别二维码内容<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 使用 Python 的 PIL\/Pillow 库对 GIF 进行分帧<\/li> <\/ol> from<\/span> PIL import<\/span> Image <\/span><\/span> <\/span><\/span>def<\/span> extract_frames<\/span>(gif_path): <\/span><\/span> with<\/span> Image.<\/span>open(gif_path) as<\/span> img: <\/span><\/span> frames =<\/span> [] <\/span><\/span> for<\/span> frame in<\/span> range(img.<\/span>n_frames): <\/span><\/span> img.<\/span>seek(frame) <\/span><\/span> frames.<\/span>append(img.<\/span>copy()) <\/span><\/span> return<\/span> frames <\/span><\/span><\/code><\/pre> 对每帧图像进行二维码识别<\/li> <\/ol> import<\/span> pyzbar.pyzbar as<\/span> pyzbar <\/span><\/span> <\/span><\/span>def<\/span> decode_qr_from_frames<\/span>(frames): <\/span><\/span> results =<\/span> [] <\/span><\/span> for<\/span> frame in<\/span> frames: <\/span><\/span> decoded =<\/span> pyzbar.<\/span>decode(frame) <\/span><\/span> if<\/span> decoded: <\/span><\/span> results.<\/span>append(decoded[0<\/span>].<\/span>data.<\/span>decode()) <\/span><\/span> return<\/span> results <\/span><\/span><\/code><\/pre> 组合所有二维码内容得到完整 Flag<\/li> <\/ol> 答案<\/strong>：QnQSec{C4TCH_M3_1F_Y0U_C4N}<\/code><\/p> 1.3 John Cena<\/h3> 题目类型<\/strong>：GIF 隐写技术要点<\/strong>：<\/p> 关注 GIF 的最后一帧（可能隐藏信息）<\/li> 使用 Stegsolve 等工具分析图像隐写<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 对 GIF 进行分帧，检查每一帧<\/li> 发现最后一帧为全白图像（可疑）<\/li> 使用 Stegsolve 分析该帧，发现隐藏的 Flag<\/li> <\/ol> 答案<\/strong>：QnQSec{HOW_CAN_YOU_SEE_ME?}<\/code><\/p> 1.4 HeartBroken<\/h3> 题目类型<\/strong>：PDF 签名提取技术要点<\/strong>：<\/p> 使用 PyMuPDF 库处理 PDF 文件<\/li> 提取 PDF 中嵌入的图像\/签名信息<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 使用 PyMuPDF 打开 PDF 文件<\/li> <\/ol> import<\/span> fitz # PyMuPDF<\/span> <\/span><\/span> <\/span><\/span>def<\/span> extract_images_from_pdf<\/span>(pdf_path): <\/span><\/span> doc =<\/span> fitz.<\/span>open(pdf_path) <\/span><\/span> images =<\/span> [] <\/span><\/span> for<\/span> page_num in<\/span> range(len(doc)): <\/span><\/span> page =<\/span> doc.<\/span>load_page(page_num) <\/span><\/span> image_list =<\/span> page.<\/span>get_images(full=<\/span>True<\/span>) <\/span><\/span> for<\/span> image_index, img in<\/span> enumerate(image_list): <\/span><\/span> xref =<\/span> img[0<\/span>] <\/span><\/span> pix =<\/span> fitz.<\/span>Pixmap(doc, xref) <\/span><\/span> if<\/span> pix.<\/span>n -<\/span> pix.<\/span>alpha ><\/span> 3<\/span>: # 检查是否为 RGB 图像<\/span> <\/span><\/span> pix.<\/span>save(f<\/span>"image_<\/span>{<\/span>page_num}<\/span>_<\/span>{<\/span>image_index}<\/span>.png"<\/span>) <\/span><\/span> pix =<\/span> None<\/span> <\/span><\/span> doc.<\/span>close() <\/span><\/span><\/code><\/pre> 分析提取出的图像，找到 Flag<\/li> <\/ol> 答案<\/strong>：QnQSec{I_4ctually_st1ll_l0v3_y0u_Rima!!}<\/code><\/p> 2. Hardware 类题目<\/h2> 2.1 SmartCoffee<\/h3> 题目类型<\/strong>：固件\/EEPROM 分析技术要点<\/strong>：<\/p> 对嵌入式设备固件进行静态分析<\/li> 识别和提取 EEPROM 数据区<\/li> 对混淆数据进行暴力破解<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 分析固件反汇编，找到 33 字节的 EEPROM 数据区（byte_20E0[33]<\/code>）<\/p> <\/li> 数据被标记为"likely obfuscated"，需要尝试常见变换：<\/p> 单字节 XOR 操作<\/li> 加\/减常量操作<\/li> 位循环移位（ROL\/ROR）<\/li> 按位取反（NOT）<\/li> 两字节重复密钥模式<\/li> <\/ul> <\/li> 编写爆破脚本系统尝试所有可能变换<\/p> <\/li> <\/ol> def<\/span> brute_force_eeprom<\/span>(data): <\/span><\/span> results =<\/span> [] <\/span><\/span> for<\/span> key in<\/span> range(256<\/span>): # 单字节 XOR 密钥<\/span> <\/span><\/span> decrypted =<\/span> bytes([b ^<\/span> key for<\/span> b in<\/span> data]) <\/span><\/span> if<\/span> b<\/span>'QnQSec{'<\/span> in<\/span> decrypted: <\/span><\/span> results.<\/span>append(decrypted) <\/span><\/span> <\/span><\/span> # 尝试其他变换...<\/span> <\/span><\/span> return<\/span> results <\/span><\/span><\/code><\/pre> 在 XOR 密钥 0x3B 时找到可读 Flag<\/li> <\/ol> 答案<\/strong>：QnQSec{3x_s3snum_c4n_d0_h4rdw4r3}<\/code><\/p> 3. Crypto 类题目<\/h2> 3.1 myLFSR?<\/h3> 题目类型<\/strong>：GF(3) 上的 LFSR 密码分析技术要点<\/strong>：<\/p> LFSR（线性反馈移位寄存器）在 GF(3) 上工作<\/li> 利用已知明文攻击恢复初始状态和掩码<\/li> 基数为 3 的异或操作<\/li> <\/ul> 数学原理<\/strong>：<\/p> LFSR 状态向量长度：40<\/li> 输出：state[0]（最低位）<\/li> 状态更新：右移并在末尾追加 b = sum(state[i]*mask[i]) mod 3<\/code><\/li> 加密：明文转换为基数为 3 的展开，与密钥流逐位异或<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 将已知明文 b'\xff'*k<\/code> 转换为基数为 3 的展开<\/li> 通过密文与明文的异或得到密钥流片段<\/li> 利用 LFSR 的线性特性建立方程组<\/li> 求解初始状态和反馈多项式系数<\/li> 生成完整密钥流，解密 Flag<\/li> <\/ol> 核心代码思路<\/strong>：<\/p> def<\/span> solve_lfsr_gf3<\/span>(gift_ct, known_plaintext, key_length=<\/span>40<\/span>): <\/span><\/span> # 将明文转换为三进制展开<\/span> <\/span><\/span> pt_gift =<\/span> expand_to_base3(known_plaintext, key_length) <\/span><\/span> <\/span><\/span> # 获取密钥流<\/span> <\/span><\/span> stream =<\/span> [pt_gift[i] ^<\/span> gift_ct[i] for<\/span> i in<\/span> range(len(pt_gift))] <\/span><\/span> <\/span><\/span> # 建立线性方程组求解 mask<\/span> <\/span><\/span> # ... 线性代数求解过程<\/span> <\/span><\/span> <\/span><\/span> return<\/span> initial_state, mask <\/span><\/span><\/code><\/pre>答案<\/strong>：QnQSec{i_L1K3_B3RleK4mP_m4Ss3y_0n_m0d_3_f1elD}<\/code><\/p> 3.2 Mandatory RSA<\/h3> 题目类型<\/strong>：RSA Wiener 攻击技术要点<\/strong>：<\/p> 识别大公钥指数 e 的情况<\/li> 使用 Wiener 攻击恢复私钥<\/li> 常规 RSA 解密<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 观察 RSA 参数，发现 e 很大，符合 Wiener 攻击条件<\/li> 使用连分数展开攻击：<\/li> <\/ol> def<\/span> wiener_attack<\/span>(e, n): <\/span><\/span> # 连分数展开 e\/n<\/span> <\/span><\/span> # 检查每个收敛分数是否满足 RSA 条件<\/span> <\/span><\/span> # 返回可能的 d 值<\/span> <\/span><\/span> pass<\/span> <\/span><\/span><\/code><\/pre> 找到正确的私钥 d 后正常解密<\/li> <\/ol> 答案<\/strong>：QnQSec{I_l0v3_Wi3n3r5_@nD_i_l0v3_Nut5!!!!}<\/code><\/p> 3.3 myPrime<\/h3> 题目类型<\/strong>：结构化素数与椭圆曲线密码分析技术要点<\/strong>：<\/p> 识别特殊结构的素数：p = pp² + pp + 3<\/code><\/li> 利用模运算信息恢复素数<\/li> AES-CTR 模式解密<\/li> <\/ul> 数学推导<\/strong>：<\/p> 设 s = pp<\/code>，则 p = s² + s + 3<\/code><\/li> 已知 E_.order() ≡ gift (mod mod)<\/code><\/li> 根据 Hasse 定理：|E(F_p)| ≈ p<\/code><\/li> 建立模方程：s² + s + 3 ≡ gift (mod mod)<\/code><\/li> <\/ol> 解题步骤<\/strong>：<\/p> 解模方程得到 s 在模 mod 下的残类<\/li> 枚举合适的 t 值，使 s 落在正确范围内（约 256 位）<\/li> 对每个候选 s 计算 p 并检查素数性<\/li> 使用 p 的前 16 字节作为 AES 密钥解密<\/li> <\/ol> 核心代码<\/strong>：<\/p> def<\/span> recover_prime<\/span>(gift, mod): <\/span><\/span> # 解二次方程 s² + s + (3 - gift) ≡ 0 (mod mod)<\/span> <\/span><\/span> R =<\/span> (3<\/span> -<\/span> gift) %<\/span> mod <\/span><\/span> discriminant =<\/span> (1<\/span> +<\/span> 4<\/span> *<\/span> R) %<\/span> mod <\/span><\/span> <\/span><\/span> # 求平方根（如果存在）<\/span> <\/span><\/span> sqrt_d =<\/span> tonelli_shanks(discriminant, mod) <\/span><\/span> <\/span><\/span> s_candidates =<\/span> [] <\/span><\/span> if<\/span> sqrt_d is<\/span> not<\/span> None<\/span>: <\/span><\/span> s1 =<\/span> ((-<\/span>1<\/span> +<\/span> sqrt_d) *<\/span> pow(2<\/span>, -<\/span>1<\/span>, mod)) %<\/span> mod <\/span><\/span> s2 =<\/span> ((-<\/span>1<\/span> -<\/span> sqrt_d) *<\/span> pow(2<\/span>, -<\/span>1<\/span>, mod)) %<\/span> mod <\/span><\/span> s_candidates =<\/span> [s1, s2] <\/span><\/span> <\/span><\/span> # 枚举平移倍数<\/span> <\/span><\/span> for<\/span> s0 in<\/span> s_candidates: <\/span><\/span> for<\/span> t in<\/span> range(-<\/span>10<\/span>, 10<\/span>): # 小范围枚举<\/span> <\/span><\/span> s =<\/span> s0 +<\/span> t *<\/span> mod <\/span><\/span> if<\/span> 2<\/span>**<\/span>255<\/span> <<\/span> s <<\/span> 2<\/span>**<\/span>257<\/span>: # 检查位数<\/span> <\/span><\/span> p =<\/span> s*<\/span>(s+<\/span>1<\/span>) +<\/span> 3<\/span> <\/span><\/span> if<\/span> is_prime(p) and<\/span> (p %<\/span> mod ==<\/span> gift %<\/span> mod): <\/span><\/span> return<\/span> p <\/span><\/span> return<\/span> None<\/span> <\/span><\/span><\/code><\/pre>答案<\/strong>：QnQSec{H1lb3rt_cl4sS_p0lynOmiAl_w1tH_DiScR1m1nANt_5pEc1al_d3s1gn3D}<\/code><\/p> 4. Reverse 类题目<\/h2> 4.1 baby_baby_reverse<\/h3> 题目类型<\/strong>：简单逆向工程技术要点<\/strong>：<\/p> 使用 IDA Pro 进行静态分析<\/li> 识别加密算法（异或加密）<\/li> 提取密钥和加密逻辑<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 用 IDA 打开可执行文件，分析主函数<\/li> 发现输入长度要求为 41 字节（0x29）<\/li> 识别加密逻辑：encrypted[i] = plaintext[i] ^ key[i % 15]<\/code><\/li> 密钥字符串："Th1s_1s_th3_k3y"<\/code><\/li> 反向计算得到 Flag<\/li> <\/ol> 解密代码<\/strong>：<\/p> def<\/span> decrypt_baby_reverse<\/span>(encrypted_data): <\/span><\/span> key =<\/span> b<\/span>"Th1s_1s_th3_k3y"<\/span> <\/span><\/span> key_len =<\/span> len(key) <\/span><\/span> result =<\/span> bytearray() <\/span><\/span> <\/span><\/span> for<\/span> i in<\/span> range(len(encrypted_data)): <\/span><\/span> result.<\/span>append(encrypted_data[i] ^<\/span> key[i %<\/span> key_len]) <\/span><\/span> <\/span><\/span> return<\/span> bytes(result) <\/span><\/span><\/code><\/pre>答案<\/strong>：QnQSec{This_1s_4n_3asy_r3v3rs3_ch4ll3ng3}<\/code><\/p> 4.2 Baby_Reverse_Revenge_From_NHNC<\/h3> 题目类型<\/strong>：Shellcode 分析与 AES 解密技术要点<\/strong>：<\/p> 分析嵌入式 shellcode 的动态密钥生成<\/li> AES-256-CBC 模式解密<\/li> 逆向工程中的动态分析技巧<\/li> <\/ul> 解题步骤<\/strong>：<\/p> 分析程序中的 shellcode 数据段<\/li> 识别 shellcode 实际是在构造固定密钥<\/li> 提取 shellcode 中设置的字节值：th1_1s_th3_valu3_0f_k3y<\/code> + 9 个空字节<\/li> 使用该密钥进行 AES-256-CBC 解密<\/li> <\/ol> 解密代码<\/strong>：<\/p> from<\/span> Crypto.Cipher import<\/span> AES <\/span><\/span> <\/span><\/span>def<\/span> decrypt_aes_ctr<\/span>(ciphertext, key, nonce): <\/span><\/span> cipher =<\/span> AES.<\/span>new(key, AES.<\/span>MODE_CTR, nonce=<\/span>nonce) <\/span><\/span> return<\/span> cipher.<\/span>decrypt(ciphertext) <\/span><\/span> <\/span><\/span># 密钥提取<\/span> <\/span><\/span>key =<\/span> b<\/span>"th1_1s_th3_valu3_0f_k3y"<\/span> +<\/span> b<\/span>"<\/span>\x00<\/span>"<\/span> *<\/span> 9<\/span> # 补足 32 字节<\/span> <\/span><\/span><\/code><\/pre>答案<\/strong>：QnQSec{a_s1mpl3_fil3_3ncrypt3d_r3v3rs3}<\/code><\/p> 5. 通用解题技巧总结<\/h2> 5.1 文件格式分析<\/h3> 音频文件<\/strong>：检查波形图、频谱图、元数据<\/li> 图像文件<\/strong>：分帧分析、隐写工具、通道分离<\/li> PDF 文件<\/strong>：PyMuPDF 提取嵌入对象<\/li> 固件文件<\/strong>：二进制分析、反汇编、数据区识别<\/li> <\/ul> 5.2 密码分析模式识别<\/h3> 流密码<\/strong>：寻找线性关系、已知明文攻击<\/li> 分组密码<\/strong>：识别加密模式、密钥恢复<\/li> 公钥密码<\/strong>：参数特殊性分析（如 Wiener 攻击条件）<\/li> 特殊结构<\/strong>：代数结构利用、模运算分析<\/li> <\/ul> 5.3 逆向工程方法论<\/h3> 静态分析<\/strong>：IDA Pro 反汇编、字符串搜索、交叉引用<\/li> 动态分析<\/strong>：调试器跟踪、内存转储、API 监控<\/li> 代码理解<\/strong>：识别加密函数、输入输出分析<\/li> <\/ul> 5.4 脚本编写技巧<\/h3> 批量处理：文件遍历、多线程\/进程<\/li> 数据转换：进制转换、编码解码<\/li> 暴力破解：合理缩小搜索空间、优化算法<\/li> <\/ul> 结语<\/h2> 本教学文档系统总结了 QnQSec CTF 2025 中各类题目的解题思路和技术要点。掌握这些技能需要理论与实践相结合，建议读者在实际 CTF 比赛中多加练习，不断提升分析问题和解决问题的能力。CTF 竞赛的核心在于创造性思维和系统性方法，希望本文档能为您的学习之路提供有价值的参考。<\/p>

CTF 题目解法详解与教学指南<\/h1>

概述<\/h2> 本文档基于 QnQSec CTF 2025 部分题目的解法，系统性地总结各类 CTF 题型的解题思路、技术要点和实现方法。内容涵盖 Misc、Hardware、Crypto 和 Reverse 等多个方向，旨在为 CTF 参赛者提供全面的技术参考。<\/p>

1. Misc 类题目<\/h2>

2. Hardware 类题目<\/h2>

3. Crypto 类题目<\/h2>

4. Reverse 类题目<\/h2>

5. 通用解题技巧总结<\/h2>

概述<\/h2>
本文档基于 QnQSec CTF 2025 部分题目的解法，系统性地总结各类 CTF 题型的解题思路、技术要点和实现方法。内容涵盖 Misc、Hardware、Crypto 和 Reverse 等多个方向，旨在为 CTF 参赛者提供全面的技术参考。<\/p>