# Misc

# 非常好忽悠混合

# flag1

通过下载视频发现 flag1 藏在视频文件名称里

# flag2

在视频的第二帧中发现有 flag2

# 心中无码，自然高清

通过枚举分别可打印字符的马赛克图，然后将马赛克 flag 切片进行脚本比对，可得最终 flag

from PIL import Image, ImageDraw, ImageFont
import os
import string

# Ensure the output directory exists
output_dir = './mosaic_chars'
if not os.path.exists(output_dir):
    os.makedirs(output_dir)

flag = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890'

H = 68
W = 30

canvas = Image.new('RGB', (W * len(flag), H), (255, 255, 255))
# Ensure the font path is correct for your system
font = ImageFont.truetype('C:/Users/miaoaixuan/Desktop/JetBrainsMono-Regular.ttf', 50, encoding='utf-8')
pen = ImageDraw.Draw(canvas)
pen.text((0, 0), flag, 'black', font)

def mosaic_img(img: Image.Image, L, H, R, D):
    w, h = R - L, D - H
    a = [0, 0, 0]
    cnt = 0
    for x in range(w):
        for y in range(h):
            j = img.getpixel((L+x, H+y))
            for ch in range(len(a)):
                a[ch] += j[ch]
            cnt += 1
    b = [k//cnt for k in a]
    mosaic = Image.new('RGB', (w, h), tuple(b))
    img.paste(mosaic, (L, H, R, D))

for i in range(len(flag)):
    char = canvas.crop((W * i, 0, W * (i+1), H))
    if 0 <= i < len(flag) :  # Apply mosaic to specified characters
        mosaic_img(canvas, W*i, 0, W*i+W, H//2)
        mosaic_img(canvas, W*i, H//2, W*i+W, H)
    # Save the character image after potentially applying mosaic
    char = canvas.crop((W * i, 0, W * (i+1), H))  # Recrop to get the updated character
    char.save(f'{output_dir}/{flag[i]}_{char.tobytes().__len__()}.png')

canvas.save('flag_censored.png', format='png')
import os


def files_are_identical(file1_path, file2_path):
    """逐字节比较两个文件，检查它们是否完全相同"""
    with open(file1_path, 'rb') as file1, open(file2_path, 'rb') as file2:
        while True:
            chunk1 = file1.read(4096)
            chunk2 = file2.read(4096)
            
            if chunk1 != chunk2:
                return False
                
            if not chunk1:  # 如果chunk1为空，意味着文件已到末尾
                break
                
    return True

def compare_file_with_folder(target_file_path, folder_path):
    """比较指定文件与文件夹内所有文件，找出内容完全相同的文件"""
    identical_files = []
    
    for root, _, files in os.walk(folder_path):
        for filename in files:
            file_path = os.path.join(root, filename)
            if files_are_identical(target_file_path, file_path):
                identical_files.append(file_path)
                
    return identical_files

def print_identical_files(identical_files):
    """打印所有相同文件的路径"""
    if identical_files:
        print("找到以下相同的文件：")
        for file_path in identical_files:
            print(file_path)
    else:
        print("在文件夹中没有找到相同的文件。")

target_file_path = 'C:/Users/miaoaixuan/Desktop/1/char_23.png'
folder_path = 'C:/Users/miaoaixuan/mosaic_chars'
identical_files = compare_file_with_folder(target_file_path, folder_path)
print_identical_files(identical_files)

# bepbep

通过摩斯自动网站解密摩斯电码 Morse Code Adaptive Audio Decoder | Morse Code World 根据要求需要转小写，还要加下划线，得到 flag1

Flag1 末尾有一网址可得第二段音频，易得 sstv 解密

sstv 解密得 flag2

# 我朝，大盒

通过这几条信息可判断列车的行驶轨迹和旁边高速，再通过路路通程序查询可得车次号

图片 exif 中有 iso 信息

可得答案

# 躺平问答

通过百度等搜索引擎搜索易得（bushi

# Web

# 躺平论坛

easy 的 F12

# Crypto

# 主唱太拼命了

看题目的意思，估计是要爆破 p+q 的后 60 位，刚好在网上找到一篇文章：https://blog.csdn.net/weixin_52640415/article/details/130415368

直接拿里边的脚本来改了下

from Crypto.Util.number import *
from gmpy2 import *
ct = 18440872486403323622510807012978507180529941426106643115456980837956295325764192595485820729772845428753953590301713705078399201869365193708057327848899904074671832807596665367550614919055119509073812499316019447070077472419739116237952486260179612984582496862441609849035603842161839069407115218245681423369
n = 99043577182118444378439642285640047958394971312102035300983634002184849658224373873268060886833728612494565170803226359641468271537155385458029052632983980837449378159671374748926031921883773305189594299358694724069728793519164632228950998545505807640604956250832692344226382573121014842953275020353743587393
gift = 19908296297154261193603784476638931123516240704025306244561930935833463971799128110489967448460913311580547389743367260902522865073200825917723058108366848


PR.<x> = PolynomialRing(Zmod(n))
ok = False
p = 0
def pq_add(tp,tq,tgift,idx, kbit):
    global ok
    global p
    if ok:
        return 
    if tp*tq>n:
        #print('>')
        return 
    
    if (tp+(2<<idx))*(tq+(2<<idx))<n:
        #print('<', hex((tp+(1<<(idx+2))))[:20], hex(tq+(2<<idx))[:20], hex(N)[:20])
        return 
        
    if idx<=kbit:
        try:
            f = tp + x 
            rr = f.monic().small_roots(X=2^kbit, beta=0.44)
            if rr != []:
                """print(rr)
                print(tp)
                print('p = ',f(rr[0]))"""
                p = int(f(rr[0]))
                ok = True
                return
        except:
            pass
        
        return
    
    idx -=1
    b = tgift >>idx 
    one = 1<<idx
    
    #print(hex(tp)[:20],hex(tq)[:20],hex(tgift)[:20],idx,b)
    
    if b==0 or b==1:
        pq_add(tp,tq,tgift,idx, kbit)
    if b==1 or b==2:
        pq_add(tp+one,tq,tgift-one,idx, kbit)
        pq_add(tp,tq+one,tgift-one,idx, kbit)
    if b==2 or b==3:
        pq_add(tp+one,tq+one,tgift-(one<<1),idx, kbit)

tp = 1<<511
tq = 1<<511
tgift = gift -tp -tq
kbit = 60
pq_add(tp,tq,tgift,511, kbit)
print(p)
q = n // p
e = bytes_to_long(b"too desperate!")
phi = (p-1)*(q-1)
d = invert(e, phi)
print(long_to_bytes(int(pow(ct, d, n))))

# Reverse

# HIT! 准入认证！

IDA 打开搜索即得

2024CTF