vifly/crack_board.py

## crack_board.py
import requests

cookies = {"session": ""}
SESS = requests.session()


def crack():
    data = {"x": "1", "y": "1"}
    r = SESS.post("http://202.38.93.111:10077/", cookies=cookies, json=data)
    print(r.json())

    data = {"x": "0", "y": "0"}
    r = SESS.post("http://202.38.93.111:10077/", cookies=cookies, json=data)
    print(r.json())

    data = {"x": "2", "y": "2"}
    r = SESS.post("http://202.38.93.111:10077/", cookies=cookies, json=data)
    print(r.json())


crack()

## find_flag_from_git_objects.py
import zlib
import glob
import os


def get_files_path(dir_path: str) -> list[str]:
    result = []

    result = list(glob.glob(os.path.join(dir_path, "**/*"), recursive=True))
    result = [i for i in result if os.path.isfile(i)]

    return result


obj_dir = "ML-Course-Notes/.git/objects"

for f_path in get_files_path(obj_dir):
    if "pack" not in f_path:
        with open(f_path, "rb") as f:
            decompressed_contents = zlib.decompress(f.read())

        if "flag" in str(decompressed_contents):
            print(decompressed_contents)

## hack_delete_msg.py
import requests
import time

cookies = {"session": ""}
SESS = requests.session()


def is_need_delete(text: str) -> bool:
    if "hack[" in text:
        return True
    return False


def crack():
    r = SESS.post("http://202.38.93.111:10021/api/getMessages", cookies=cookies)
    msg_list = r.json()["messages"]

    start_time = time.time()
    for index, msg in enumerate(msg_list):
        now_time = time.time()
        if (now_time - start_time) < msg["delay"]:
            time.sleep(msg["delay"] - (now_time - start_time))
        if is_need_delete(msg["text"]):
            r = SESS.post(
                "http://202.38.93.111:10021/api/deleteMessage",
                json={"id": index},
                cookies=cookies,
            )
            print(r.json())

    r = SESS.post("http://202.38.93.111:10021/api/getflag", cookies=cookies)
    print(r.json())


crack()

## player.py
# modify from https://github.com/asciinema/asciinema/blob/2c8af028dec448bb51ec0a1848e96a08121827b0/asciinema/player.py

import json
import sys
import time
from typing import Any, Dict, Optional, TextIO, Union

from .asciicast import events as ev
from .asciicast.v1 import Asciicast as v1
from .asciicast.v2 import Asciicast as v2
from .tty_ import raw, read_blocking
import string

Header = Dict[str, Any]


def clean_data(data: str) -> str:
    return ''.join([str(char) for char in data if char in string.printable]).replace("[KESC", "").replace(":[K", "").replace("\\u001b", "").replace("\\b", "").replace("[K", "").replace("~~", "")


class RawOutput:
    def __init__(self, stream: Optional[str]) -> None:
        self.stream = stream or "o"

    def start(self, _header: Header) -> None:
        pass

    def write(self, _time: float, event_type: str, data: str) -> None:
        if event_type == self.stream:
            with open("./rec.js", 'a') as f:
                f.write(clean_data(data))


class AsciicastOutput:
    def __init__(self, stream: Optional[str]) -> None:
        self.stream = stream

    def start(self, header: Header) -> None:
        self.__write_line(header)

    def write(self, time: float, event_type: str, data: str) -> None:
        if self.stream in [None, event_type]:
            self.__write_line([time, event_type, data])

    def __write_line(self, obj: Any) -> None:
        line = json.dumps(
            obj, ensure_ascii=False, indent=None, separators=(", ", ": ")
        )

        sys.stdout.write(f"{line}\r\n")
        sys.stdout.flush()


Output = Union[RawOutput, AsciicastOutput]


class Player:  # pylint: disable=too-few-public-methods
    def play(
        self,
        asciicast: Union[v1, v2],
        idle_time_limit: Optional[int] = None,
        speed: float = 1.0,
        key_bindings: Optional[Dict[str, Any]] = None,
        out_fmt: str = "raw",
        stream: Optional[str] = None,
        pause_on_markers: bool = False,
    ) -> None:
        if key_bindings is None:
            key_bindings = {}

        output: Output = (
            RawOutput(stream) if out_fmt == "raw" else AsciicastOutput(stream)
        )

        try:
            with open("/dev/tty", "rt", encoding="utf-8") as stdin:
                with raw(stdin.fileno()):
                    self._play(
                        asciicast,
                        idle_time_limit,
                        speed,
                        stdin,
                        key_bindings,
                        output,
                        pause_on_markers,
                    )
        except IOError:
            self._play(
                asciicast,
                idle_time_limit,
                speed,
                None,
                key_bindings,
                output,
                False,
            )

    @staticmethod
    def _play(  # pylint: disable=too-many-locals
        asciicast: Union[v1, v2],
        idle_time_limit: Optional[int],
        speed: float,
        stdin: Optional[TextIO],
        key_bindings: Dict[str, Any],
        output: Output,
        pause_on_markers: bool,
    ) -> None:
        idle_time_limit = idle_time_limit or asciicast.idle_time_limit
        pause_key = key_bindings.get("pause")
        step_key = key_bindings.get("step")
        next_marker_key = key_bindings.get("next_marker")

        events = asciicast.events()
        events = ev.to_relative_time(events)
        events = ev.cap_relative_time(events, idle_time_limit)
        events = ev.to_absolute_time(events)
        events = ev.adjust_speed(events, speed)

        output.start(asciicast.v2_header)

        ctrl_c = False
        pause_elapsed_time: Optional[float] = None
        events_iter = iter(events)
        start_time = time.perf_counter()

        def wait(timeout: int) -> bytes:
            if stdin is not None:
                return read_blocking(stdin.fileno(), timeout)

            return b""

        def next_event() -> Any:
            try:
                return events_iter.__next__()
            except StopIteration:
                return (None, None, None)

        time_, event_type, text = next_event()

        while time_ is not None and not ctrl_c:
            if pause_elapsed_time:
                while time_ is not None:
                    key = wait(1000)

                    if 0x03 in key:  # ctrl-c
                        ctrl_c = True
                        break

                    if key == pause_key:
                        assert pause_elapsed_time is not None
                        start_time = time.perf_counter() - pause_elapsed_time
                        pause_elapsed_time = None
                        break

                    if key == step_key:
                        pause_elapsed_time = time_
                        output.write(time_, event_type, text)
                        time_, event_type, text = next_event()

                    elif key == next_marker_key:
                        while time_ is not None and event_type != "m":
                            output.write(time_, event_type, text)
                            time_, event_type, text = next_event()

                        if time_ is not None:
                            output.write(time_, event_type, text)
                            pause_elapsed_time = time_
                            time_, event_type, text = next_event()
            else:
                while time_ is not None:
                    elapsed_wall_time = time.perf_counter() - start_time
                    delay = time_ - elapsed_wall_time
                    key = b""

                    # if delay > 0:
                    #     key = wait(delay)

                    if 0x03 in key:  # ctrl-c
                        ctrl_c = True
                        break

                    elif key == pause_key:
                        pause_elapsed_time = time.perf_counter() - start_time
                        break

                    else:
                        output.write(time_, event_type, text)

                        if event_type == "m" and pause_on_markers:
                            pause_elapsed_time = time_
                            time_, event_type, text = next_event()
                            break

                        time_, event_type, text = next_event()

        if ctrl_c:
            raise KeyboardInterrupt()

## read_real_flag.c
#include <dlfcn.h>
#include <stdio.h>

typedef FILE *(*fopen_func)(const char *restrict pathname,
                            const char *restrict mode);

int main(const int argc, const char *argv[]) {
  char ch;
  void *real_lib = dlopen("/lib/x86_64-linux-gnu/libc.so.6", RTLD_NOW);

  fopen_func real_fopen = dlsym(real_lib, "fopen");
  FILE *fp = real_fopen("/flag", "r");
  while (!feof(fp)) {
    ch = fgetc(fp);
    if (33 <= ch && ch <= 126) {
      printf("%c", ch);
    }
  }
  fclose(fp);
  int res = dlclose(real_lib);

  return 0;
}

## xzrj_print_flag.py
#!/usr/bin/python3

# Th siz of th fil may reduc after XZRJification

def check_equals(left, right):
    # check whether left == right or not
    if left != right: exit(1)

def get_cod_dict():
    # prepar th cod dict
    cod_dict = []
    cod_dict += ['nymeh1niwemflcir}echaet ']  # 未知，用空格填充到 24 个字符
    cod_dict += ['a3g7}kidgojernoetl sup?h']  # 空格后面待定
    cod_dict += ['ulw!ff5soadrhwnrsnstnoeq']  # done
    cod_dict += ['ct {l-findiehaai{oveatas']  # 空格前面待定
    cod_dict += ['ty9kxborszst guyd?!blm-p']  # g 之前删了一位
    check_equals(set(len(s) for s in cod_dict), {24})
    return ''.join(cod_dict)

def decrypt_data(input_codes):
    # retriev th decrypted data
    cod_dict = get_cod_dict()
    output_chars = [cod_dict[c] for c in input_codes]
    return ''.join(output_chars)

if __name__ == '__main__':
    # check som obvious things
    # check_equals('creat', 'cr' + 'at')
    # check_equals('referer', 'refer' + 'rer')
    # check th flag
    flag = decrypt_data([53, 41, 85, 109, 75, 1, 33, 48, 77, 90,
                         17, 118, 36, 25, 13, 89, 90, 3, 63, 25,
                         31, 77, 27, 60, 3, 118, 24, 62, 54, 61,
                         25, 63, 77, 36, 5, 32, 60, 67, 113, 28])

    check_equals(flag.index('flag{'), 0)
    check_equals(flag.index('}'), len(flag) - 1)
    # print th flag
    print(flag)
	import requests

	cookies = {"session": ""}
	SESS = requests.session()


	def crack():
	data = {"x": "1", "y": "1"}
	r = SESS.post("http://202.38.93.111:10077/", cookies=cookies, json=data)
	print(r.json())

	data = {"x": "0", "y": "0"}
	r = SESS.post("http://202.38.93.111:10077/", cookies=cookies, json=data)
	print(r.json())

	data = {"x": "2", "y": "2"}
	r = SESS.post("http://202.38.93.111:10077/", cookies=cookies, json=data)
	print(r.json())


	crack()
	import zlib
	import glob
	import os


	def get_files_path(dir_path: str) -> list[str]:
	result = []

	result = list(glob.glob(os.path.join(dir_path, "*/"), recursive=True))
	result = [i for i in result if os.path.isfile(i)]

	return result


	obj_dir = "ML-Course-Notes/.git/objects"

	for f_path in get_files_path(obj_dir):
	if "pack" not in f_path:
	with open(f_path, "rb") as f:
	decompressed_contents = zlib.decompress(f.read())

	if "flag" in str(decompressed_contents):
	print(decompressed_contents)
	import requests
	import time

	cookies = {"session": ""}
	SESS = requests.session()


	def is_need_delete(text: str) -> bool:
	if "hack[" in text:
	return True
	return False


	def crack():
	r = SESS.post("http://202.38.93.111:10021/api/getMessages", cookies=cookies)
	msg_list = r.json()["messages"]

	start_time = time.time()
	for index, msg in enumerate(msg_list):
	now_time = time.time()
	if (now_time - start_time) < msg["delay"]:
	time.sleep(msg["delay"] - (now_time - start_time))
	if is_need_delete(msg["text"]):
	r = SESS.post(
	"http://202.38.93.111:10021/api/deleteMessage",
	json={"id": index},
	cookies=cookies,
	)
	print(r.json())

	r = SESS.post("http://202.38.93.111:10021/api/getflag", cookies=cookies)
	print(r.json())


	crack()
	# modify from https://github.com/asciinema/asciinema/blob/2c8af028dec448bb51ec0a1848e96a08121827b0/asciinema/player.py

	import json
	import sys
	import time
	from typing import Any, Dict, Optional, TextIO, Union

	from .asciicast import events as ev
	from .asciicast.v1 import Asciicast as v1
	from .asciicast.v2 import Asciicast as v2
	from .tty_ import raw, read_blocking
	import string

	Header = Dict[str, Any]


	def clean_data(data: str) -> str:
	return ''.join([str(char) for char in data if char in string.printable]).replace("[KESC", "").replace(":[K", "").replace("\\u001b", "").replace("\\b", "").replace("[K", "").replace("~~", "")


	class RawOutput:
	def __init__(self, stream: Optional[str]) -> None:
	self.stream = stream or "o"

	def start(self, _header: Header) -> None:
	pass

	def write(self, _time: float, event_type: str, data: str) -> None:
	if event_type == self.stream:
	with open("./rec.js", 'a') as f:
	f.write(clean_data(data))


	class AsciicastOutput:
	def __init__(self, stream: Optional[str]) -> None:
	self.stream = stream

	def start(self, header: Header) -> None:
	self.__write_line(header)

	def write(self, time: float, event_type: str, data: str) -> None:
	if self.stream in [None, event_type]:
	self.__write_line([time, event_type, data])

	def __write_line(self, obj: Any) -> None:
	line = json.dumps(
	obj, ensure_ascii=False, indent=None, separators=(", ", ": ")
	)

	sys.stdout.write(f"{line}\r\n")
	sys.stdout.flush()


	Output = Union[RawOutput, AsciicastOutput]


	class Player: # pylint: disable=too-few-public-methods
	def play(
	self,
	asciicast: Union[v1, v2],
	idle_time_limit: Optional[int] = None,
	speed: float = 1.0,
	key_bindings: Optional[Dict[str, Any]] = None,
	out_fmt: str = "raw",
	stream: Optional[str] = None,
	pause_on_markers: bool = False,
	) -> None:
	if key_bindings is None:
	key_bindings = {}

	output: Output = (
	RawOutput(stream) if out_fmt == "raw" else AsciicastOutput(stream)
	)

	try:
	with open("/dev/tty", "rt", encoding="utf-8") as stdin:
	with raw(stdin.fileno()):
	self._play(
	asciicast,
	idle_time_limit,
	speed,
	stdin,
	key_bindings,
	output,
	pause_on_markers,
	)
	except IOError:
	self._play(
	asciicast,
	idle_time_limit,
	speed,
	None,
	key_bindings,
	output,
	False,
	)

	@staticmethod
	def _play( # pylint: disable=too-many-locals
	asciicast: Union[v1, v2],
	idle_time_limit: Optional[int],
	speed: float,
	stdin: Optional[TextIO],
	key_bindings: Dict[str, Any],
	output: Output,
	pause_on_markers: bool,
	) -> None:
	idle_time_limit = idle_time_limit or asciicast.idle_time_limit
	pause_key = key_bindings.get("pause")
	step_key = key_bindings.get("step")
	next_marker_key = key_bindings.get("next_marker")

	events = asciicast.events()
	events = ev.to_relative_time(events)
	events = ev.cap_relative_time(events, idle_time_limit)
	events = ev.to_absolute_time(events)
	events = ev.adjust_speed(events, speed)

	output.start(asciicast.v2_header)

	ctrl_c = False
	pause_elapsed_time: Optional[float] = None
	events_iter = iter(events)
	start_time = time.perf_counter()

	def wait(timeout: int) -> bytes:
	if stdin is not None:
	return read_blocking(stdin.fileno(), timeout)

	return b""

	def next_event() -> Any:
	try:
	return events_iter.__next__()
	except StopIteration:
	return (None, None, None)

	time_, event_type, text = next_event()

	while time_ is not None and not ctrl_c:
	if pause_elapsed_time:
	while time_ is not None:
	key = wait(1000)

	if 0x03 in key: # ctrl-c
	ctrl_c = True
	break

	if key == pause_key:
	assert pause_elapsed_time is not None
	start_time = time.perf_counter() - pause_elapsed_time
	pause_elapsed_time = None
	break

	if key == step_key:
	pause_elapsed_time = time_
	output.write(time_, event_type, text)
	time_, event_type, text = next_event()

	elif key == next_marker_key:
	while time_ is not None and event_type != "m":
	output.write(time_, event_type, text)
	time_, event_type, text = next_event()

	if time_ is not None:
	output.write(time_, event_type, text)
	pause_elapsed_time = time_
	time_, event_type, text = next_event()
	else:
	while time_ is not None:
	elapsed_wall_time = time.perf_counter() - start_time
	delay = time_ - elapsed_wall_time
	key = b""

	# if delay > 0:
	# key = wait(delay)

	if 0x03 in key: # ctrl-c
	ctrl_c = True
	break

	elif key == pause_key:
	pause_elapsed_time = time.perf_counter() - start_time
	break

	else:
	output.write(time_, event_type, text)

	if event_type == "m" and pause_on_markers:
	pause_elapsed_time = time_
	time_, event_type, text = next_event()
	break

	time_, event_type, text = next_event()

	if ctrl_c:
	raise KeyboardInterrupt()
	#include <dlfcn.h>
	#include <stdio.h>

	typedef FILE (fopen_func)(const char *restrict pathname,
	const char *restrict mode);

	int main(const int argc, const char *argv[]) {
	char ch;
	void *real_lib = dlopen("/lib/x86_64-linux-gnu/libc.so.6", RTLD_NOW);

	fopen_func real_fopen = dlsym(real_lib, "fopen");
	FILE *fp = real_fopen("/flag", "r");
	while (!feof(fp)) {
	ch = fgetc(fp);
	if (33 <= ch && ch <= 126) {
	printf("%c", ch);
	}
	}
	fclose(fp);
	int res = dlclose(real_lib);

	return 0;
	}
	#!/usr/bin/python3

	# Th siz of th fil may reduc after XZRJification

	def check_equals(left, right):
	# check whether left == right or not
	if left != right: exit(1)

	def get_cod_dict():
	# prepar th cod dict
	cod_dict = []
	cod_dict += ['nymeh1niwemflcir}echaet '] # 未知，用空格填充到 24 个字符
	cod_dict += ['a3g7}kidgojernoetl sup?h'] # 空格后面待定
	cod_dict += ['ulw!ff5soadrhwnrsnstnoeq'] # done
	cod_dict += ['ct {l-findiehaai{oveatas'] # 空格前面待定
	cod_dict += ['ty9kxborszst guyd?!blm-p'] # g 之前删了一位
	check_equals(set(len(s) for s in cod_dict), {24})
	return ''.join(cod_dict)

	def decrypt_data(input_codes):
	# retriev th decrypted data
	cod_dict = get_cod_dict()
	output_chars = [cod_dict[c] for c in input_codes]
	return ''.join(output_chars)

	if __name__ == '__main__':
	# check som obvious things
	# check_equals('creat', 'cr' + 'at')
	# check_equals('referer', 'refer' + 'rer')
	# check th flag
	flag = decrypt_data([53, 41, 85, 109, 75, 1, 33, 48, 77, 90,
	17, 118, 36, 25, 13, 89, 90, 3, 63, 25,
	31, 77, 27, 60, 3, 118, 24, 62, 54, 61,
	25, 63, 77, 36, 5, 32, 60, 67, 113, 28])

	check_equals(flag.index('flag{'), 0)
	check_equals(flag.index('}'), len(flag) - 1)
	# print th flag
	print(flag)