码迷,mamicode.com
首页 > 其他好文 > 详细

plaidctf2015 uncorrupt png

时间:2015-05-03 15:49:02      阅读:112      评论:0      收藏:0      [点我收藏+]

标签:

  代码的执行时间挺长的,好囧!

  参考了https://13c5.wordpress.com/2015/04/20/plaidctf-2015-png-uncorrupt/的代码

  通过这个题目,也对Png文件格式更深入地理解了!

  使用这个代码的前提是将png signature里面的0x0a修改为0x0d0a

  1 from itertools import combinations
  2 import binascii
  3 import os
  4 
  5 
  6 def find_all(source,aim):
  7      start=0
  8      while True:
  9           start=source.find(aim,start)
 10           if start==-1:
 11                return
 12           yield start
 13           start +=len(aim)
 14 
 15 def repair(source,aim,filedes,num,crc):
 16      matchlist=list(find_all(source,\x0a))
 17 
 18      for subnet in combinations(matchlist,num):
 19           subnet=sorted(subnet)
 20           temp=‘‘
 21           if(num==3):
 22                temp=source[:subnet[0]]+\x0d\x0a+source[subnet[0]+1:subnet[1]]+\x0d\x0a+source[subnet[1]+1:subnet[2]]+\x0d\x0a+source[subnet[2]+1:]
 23           if(num==2):
 24                temp=source[:subnet[0]]+\x0d\x0a+source[subnet[0]+1:subnet[1]]+\x0d\x0a+source[subnet[1]+1:]
 25           if(num==1):
 26                temp=source[:subnet[0]]+\x0d\x0a+source[subnet[0]+1:]
 27           if "%08x" % (binascii.crc32(temp)&0xFFFFFFFF)==crc:
 28                filedes.write(temp)
 29                filedes.write(binascii.a2b_hex(crc))
 30                filedes.flush()
 31                print "success"
 32                break;
 33      print "fail"
 34 
 35 uncfile=open("corrupt_735acee15fa4f3be8ecd0c6bcf294fd4.png","rb")
 36 cocfile=open("correct.png","wb")
 37 #first write
 38 correct=uncfile.read(0x6d)
 39 cocfile.write(correct)
 40 cocfile.flush()
 41 
 42 correct=uncfile.read(0x4)#length
 43 cocfile.write(correct)
 44 cocfile.flush()
 45 
 46 uncorrect=uncfile.read(0x20000-0x1+0x4)
 47 crc=uncfile.read(0x4)
 48 crc=binascii.hexlify(crc)
 49 print crc
 50 repair(uncorrect,\x0a,cocfile,1,crc)#1
 51 #second write
 52 correct=uncfile.read(0x4)#length
 53 cocfile.write(correct)
 54 cocfile.flush()
 55 uncorrect=uncfile.read(0x20000-0x3+0x4)
 56 crc=uncfile.read(0x4)
 57 crc=binascii.hexlify(crc)
 58 print crc
 59 repair(uncorrect,\x0a,cocfile,3,crc)#2
 60 #third write
 61 correct=uncfile.read(0x4)#length
 62 cocfile.write(correct)
 63 cocfile.flush()
 64 uncorrect=uncfile.read(0x20000-0x1+0x4)
 65 crc=uncfile.read(0x4)
 66 crc=binascii.hexlify(crc)
 67 print crc
 68 repair(uncorrect,\x0a,cocfile,1,crc)#3
 69 #fourth write
 70 correct=uncfile.read(0x4+0x4+0x20000+0x4)
 71 cocfile.write(correct)
 72 cocfile.flush()
 73 #fifth write
 74 correct=uncfile.read(0x4)#length
 75 cocfile.write(correct)
 76 cocfile.flush()
 77 uncorrect=uncfile.read(0x20000-0x3+0x4)
 78 crc=uncfile.read(0x4)
 79 crc=binascii.hexlify(crc)
 80 print crc
 81 repair(uncorrect,\x0a,cocfile,3,crc)#4
 82 #6th
 83 correct=uncfile.read(0x4)#length
 84 cocfile.write(correct)
 85 cocfile.flush()
 86 uncorrect=uncfile.read(0x20000-0x1+0x4)
 87 crc=uncfile.read(0x4)
 88 crc=binascii.hexlify(crc)
 89 print crc
 90 repair(uncorrect,\x0a,cocfile,1,crc)#5
 91 #7th
 92 correct=uncfile.read(0x4)
 93 cocfile.write(correct)
 94 cocfile.flush()
 95 uncorrect=uncfile.read(0x20000-0x2+0x4)
 96 crc=uncfile.read(0x4)
 97 crc=binascii.hexlify(crc)
 98 print crc
 99 repair(uncorrect,\x0a,cocfile,2,crc)#6
100 #8th
101 correct=uncfile.read(0x4+0x4+0x20000+0x4)
102 cocfile.write(correct)
103 cocfile.flush()
104 #9th
105 correct=uncfile.read(0x4)
106 cocfile.write(correct)
107 cocfile.flush()
108 uncorrect=uncfile.read(0x20000-0x1+0x4)
109 crc=uncfile.read(0x4)
110 crc=binascii.hexlify(crc)
111 print crc
112 repair(uncorrect,\x0a,cocfile,1,crc)#7
113 #10th
114 correct=uncfile.read(0x4+0x4+0x216f)
115 cocfile.write(correct)
116 cocfile.flush()
117 
118 uncfile.close()
119 cocfile.close()

  

  结果:

技术分享

参考文献:

  http://blog.csdn.net/gogor/article/details/5265710

  http://www.libpng.org/pub/png/apps/pngcheck.html

  http://www.libpng.org/pub/png/book/chapter08.html

  http://stackoverflow.com/questions/27238021/png-images-not-loaded

  https://13c5.wordpress.com/2015/04/20/plaidctf-2015-png-uncorrupt/

plaidctf2015 uncorrupt png

标签:

原文地址:http://www.cnblogs.com/wangaohui/p/4473951.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!