【CTF-MISC-盲水印】压缩包8字节反转+bkcarck破解压缩包+双图盲水印
题目复现地址https://www.qsnctf.com/#/main/driving-range?page1categorydifficultykeyword%E5%93%A6user_answeruser_favoritetag_idschallenge_id1042解题思路查看文件格式使用FFV未发现文件格式但发现文件头未KP和常见的压缩包PK是反着的由此揣测用010Editor查看文件原始数据010查看字节发现pk头但是被反转了按照8字节反转回来参考文章https://blog.csdn.net/2402_87950092/article/details/159728592?spm1001.2014.3001.5506importstructdefsolve():input_file哦output_fileflag.ziptry:withopen(input_file,rb)asf:contentf.read()exceptFileNotFoundError:print(f找不到文件:{input_file}请确认文件名或路径。)returnrecovered_databytearray()# 全文按8字节块反转的chunk_size8foriinrange(0,len(content),chunk_size):chunkcontent[i:ichunk_size]recovered_data.extend(chunk[::-1])withopen(output_file,wb)asf:f.write(recovered_data)print(f处理完成已生成文件:{output_file})print( flag.zip 。)if__name____main__:solve()运行代码生成zip文件打开后发现有密码bkcarck破解压缩包发现是ZipCrypto加密使用bkcarck破解压缩包跑了15分钟才出结果bkcrack.exe-Cflag.zip-ca.png-x089504E470D0A1A0A0000000Dbkcrack1.8.1 -2025-10-25[15:24:29]Z reduction using5bytes of known plaintext100.0%(5/5)[15:24:29]Attack on1132332Z values at index6Keys: d590788c b34e73fb 40e733d188.6%(1003400/1132332)Found a solution. Stopping. You may resume the attack with the option: --continue-attack1003400[15:39:25]Keys d590788c b34e73fb 40e733d1bkcrack.exe-Cflag.zip-kd590788c b34e73fb 40e733d1-Ddecrypted.zipbkcrack1.8.1 -2025-10-25[15:41:17]Writing decrypted archive decrypted.zip100.0%(1/1)双图盲水印答案flag{01d38cf8-e6f9-11f0-8fcd-11155d4a}