从朋友那里得来的附件,感觉题目有意思,简单复现一下

MISC

简单编码

1、题目信息

0122 061 1101011 0172 0122 0105 061 1011010 0127 0154 0144 0110 0122 1010100 1001110 1000101 0124 110000 064 0172 1010001 060 0144 1011010 0115 1101011 0122 0116 1010100 0153 1110000 1011000 1010010 060 1101100 1100001 0126 0106 1001110 1001110 0127 1101100 0160 1001000 0124 1010100 1001110 0105 1010010 060 065 0123 0126 0105 0144 0132 1001101 060 1010010 1001000 1010100 1010110 1110000 1011010 1010010 110000 110000 0172 1010010 0105 061 1001110 1010101 1101100 0122 1001000 0122 1010110 1110000 0125 0121 060 065 0123 1010110 1010101 1100100 1001110 1010111 0125 1010010 0110 0124 1101100 0112 0130 0122 061 0154 0141 1010110 0105 1010110 1001111 1010101 1101100 1010110 0110 0127 1010100 1001010 1000101 1010100 1010101 110001 1010011 0126 060 1100100 1010110 1001101 060 1010010 0110 0124 0126 0160 0141 0122 060 061 0141 1010110 1000101 061 1001111 1010011 0154 0122 1001000 0126 1010100 1001110 0105 1010010 110000 110001 1100001 0126 110000 1100100 0132 1010111 0126 1010010 1001000 0124 0154 1001010 1011001 1010100 0126 0105 071 0120 0124 060 111001 0120 1010100 110000 111101

2、解题方法

考察二进制和八进制转换

首先写个脚本把数据转化为字符串便于使用

data_str = "0122 061 1101011 0172 0122 0105 061 1011010 0127 0154 0144 0110 0122 1010100 1001110 1000101 0124 110000 064 0172 1010001 060 0144 1011010 0115 1101011 0122 0116 1010100 0153 1110000 1011000 1010010 060 1101100 1100001 0126 0106 1001110 1001110 0127 1101100 0160 1001000 0124 1010100 1001110 0105 1010010 060 065 0123 0126 0105 0144 0132 1001101 060 1010010 1001000 1010100 1010110 1110000 1011010 1010010 110000 110000 0172 1010010 0105 061 1001110 1010101 1101100 0122 1001000 0122 1010110 1110000 0125 0121 060 065 0123 1010110 1010101 1100100 1001110 1010111 0125 1010010 0110 0124 1101100 0112 0130 0122 061 0154 0141 1010110 0105 1010110 1001111 1010101 1101100 1010110 0110 0127 1010100 1001010 1000101 1010100 1010101 110001 1010011 0126 060 1100100 1010110 1001101 060 1010010 0110 0124 0126 0160 0141 0122 060 061 0141 1010110 1000101 061 1001111 1010011 0154 0122 1001000 0126 1010100 1001110 0105 1010010 110000 110001 1100001 0126 110000 1100100 0132 1010111 0126 1010010 1001000 0124 0154 1001010 1011001 1010100 0126 0105 071 0120 0124 060 111001 0120 1010100 110000 111101"

# 使用split()函数将字符串拆分为单个的数字

data_list = data_str.split()  

# 使用map()函数将每个数字转化为字符串,并在每个数字的外边加上引号

data_list = list(map(str, data_list))  

print(data_list)

然后进行转化

exp:

list = ['0122', '061', '1101011', '0172', '0122', '0105', '061', '1011010', '0127', '0154', '0144', '0110', '0122', '1010100', '1001110', '1000101', '0124', '110000', '064', '0172', '1010001', '060', '0144', '1011010', '0115', '1101011', '0122', '0116', '1010100', '0153', '1110000', '1011000', '1010010', '060', '1101100', '1100001', '0126', '0106', '1001110', '1001110', '0127', '1101100', '0160', '1001000', '0124', '1010100', '1001110', '0105', '1010010', '060', '065', '0123', '0126', '0105', '0144', '0132', '1001101', '060', '1010010', '1001000', '1010100', '1010110', '1110000', '1011010', '1010010', '110000', '110000', '0172', '1010010', '0105', '061', '1001110', '1010101', '1101100', '0122', '1001000', '0122', '1010110', '1110000', '0125', '0121', '060', '065', '0123', '1010110', '1010101', '1100100', '1001110', '1010111', '0125', '1010010', '0110', '0124', '1101100', '0112', '0130', '0122', '061', '0154', '0141',

'1010110', '0105', '1010110', '1001111', '1010101', '1101100', '1010110', '0110', '0127', '1010100', '1001010', '1000101', '1010100', '1010101', '110001', '1010011', '0126', '060', '1100100', '1010110', '1001101', '060', '1010010', '0110', '0124', '0126', '0160', '0141', '0122', '060', '061', '0141', '1010110', '1000101', '061', '1001111', '1010011', '0154', '0122', '1001000', '0126', '1010100', '1001110', '0105', '1010010', '110000', '110001', '1100001', '0126', '110000', '1100100', '0132', '1010111', '0126', '1010010', '1001000', '0124', '0154', '1001010', '1011001', '1010100', '0126', '0105', '071', '0120', '0124', '060', '111001', '0120', '1010100', '110000', '111101']

b = "234567"

flag = ""

for i in list:

    s = str(i)

    for j in s:

        if j in b:

            back = False

            break

    if back == False:

        tmp = int(i,8)

    else:

        tmp = int(i,2)

        if tmp < 32 or tmp > 127:

            tmp = int(i,8)

    flag = flag + "" + chr(tmp)

    back = True

print(flag)

得到

R1kzRE1ZWldHRTNET04zQ0dZMkRNTkpXR0laVFNNWlpHTTNER05SVEdZM0RHTVpZR00zRE1NUlRHRVpUQ05SVUdNWURHTlJXR1laVEVOUlVHWTJETU1SV0dVM0RHTVpaR01aVE1OSlRHVTNER01aV0dZWVRHTlJYTVE9PT09PT0=

Cyber解即可

神秘的base

1、题目信息

EvAzEwo6E9RO4qSAHq42E9KvEv5zHDt34GtdHGJaHD7NHG42bwd=

神奇密码:

xbQTZqjN8ERuwlzVfUIrPkeHd******LK697o2pSsGD+ncgm3CBh/Xy1MF4JAWta

2、解题方法

Base64换表爆破

exp:

import base64

import string

import itertools

string1 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'  #标准base64编码表

strings = "ivOY50"

all_colors = (itertools.permutations(strings, 6))

for i in all_colors:

    tmp = ''.join(i)

    string2 = f'xbQTZqjN8ERuwlzVfUIrPkeHd{tmp}LK697o2pSsGD+ncgm3CBh/Xy1MF4JAWta'  # 换表后base64编码表

    encode = 'EvAzEwo6E9RO4qSAHq42E9KvEv5zHDt34GtdHGJaHD7NHG42bwd='

    decode = base64.b64decode(encode.translate(str.maketrans(string1, string2)))

    if 'flag{' in str(decode) and '}' in str(decode):

        print(decode)

#flag{8ee3021432edffaa57527461952e632c}

签到

直接控制台运行

let r = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+=";

let cars = [25, 38, 49, 33, 25, 55, 45, 37, 12, 22, 24, 50, 12, 51, 24, 51, 13, 3, 16, 52, 13, 38, 25, 38, 13, 54, 4, 52, 13, 19, 20, 55, 12, 38, 8, 51, 12, 38, 16, 49, 14, 22, 8, 54, 13, 35, 37, 33, 12, 55, 52, 63];

let ff = "";

for (var iii = 0; iii < cars.length; iii++) {

ff = ff + r[cars[iii]];

}

/*this is flag*/

console.log(ff)

Stego

莫生气

1、题目信息

一张jpg图片

2、解题方法

010分析,发现尾部藏有png图片,但缺少头部消息

提取出来,补全头部

我们可以看到图片与原始一样,因此想到盲水印

B神工具一把梭,添加图片执行即可。

数独

1、题目信息

2、解题方法

先补全数独

#sage跑

n = 4

c = [0,0,0,0,

     2,0,0,0,

     0,0,1,0,

     0,4,0,3]

m = matrix(ZZ,n,c)

print(sudoku(m))

因为是隐写题,还是带密码的,想到LSB

B神工具直接梭,密码就是4132234132141423

flag{7d692a3c795478b16631eb9b43677075}

我应该去爱你

1、题目信息

一个mp3文件

2、解题方法

频谱图

取证

啊吧啊吧的数据包

打开数据包发现

命令的时间盲注,写脚本解决太麻烦,简单处理一下

手算即可

flag{3563bdb1a59309e1a4e93b65152bfbba}

金刚大战哥斯拉

根据题目信息,猜测是哥斯拉流量分析

写个脚本抽取数据包解码

<?php

function encode($D,$K){

    for($i=0;$i<strlen($D);$i++){

        $c = $K[$i+1&15];

        $D[$i] = $D[$i]^$c;

    }

    return $D;

}

$pass='DASCTF';

$payloadName='payload';

$key='9c2ffaf6a14493bf';

$data = 'fLluZmFmNmExNJEhWBG1b1XhCY%2BtGO2uCp6t3zK69FxYTKJQssNT1y5Cf45Hu3u%2Fivq08xw%2FbzMVDb2iVURKKXEgFjxjZzQ6kQjmUHpg8t9m09mKOdTLyE5V%2B%2Bzw83kQjtK%2Bl9yBKvzGCdNluDokRoC4jvtek8KVLXnlU3K366szlCn4XS%2BxolAu%2FzspbXO1wRZkj15en%2BXvDcX%2BrfySQnxMFJKl2bgedSVozzyNwPBUFxcUX3V2E%2FGyFHezDWxnihBUXutJRvu%2FuHjZwHGhu%2BpybShnSwTgYLjybXZRZC3M%2BmD04BA6ancVF5lirsWZ3gsqB3h9rvKzDvtwG3FoCM6ObODAYOcpOLtSO8xuGMciws40NV81hhXQV7ViZG9At06ypufihH4bSJ0xy1aL1T6WCPL6fcRbCaVn%2F7BYmCuoy3LzMlI3CHA0OXbds4Itwg7X0dQnKp7eiJKtV0MjJAMqAN50O9LVDaJnbQg%2Bgz2iJLLoMSCnR3v%2BbLMZAid5ESm8JoIgZk5BNpVZ5xOdquNNWFz%2BpLOR9W%2Fe%2BhjwxCiwdtfdaQj0QiC18L6TbTSMhl2qQWqZrd97KZDOI4gJ6ar1QWIgDk3D%2BO5oRFYMWRthsKfGFB38Hcn%2BqMDyOLrLqBFJXaw0Yv1YQaHyn9ycRJ7DEoWfsdCyOuH5HtW4MNp2Y72ptdqCI4RHgZryK142ucH2BCmN0oxVZr4zcMISfKEwXmyzwrX27r%2BZoYUqTwN%2FJ2NCE1%2FWNgPkChD08LLZKbS0dzIlZ3xFL2h7kbP%2FOHn8ceocxTV3q%2F%2BPjOrpsORuwQOj6pMoYB%2FSD5rUGN0KGeerrZQhUaw2u5%2FiZMj9rnlFiF3gyOtb3mTLt%2FN09poaFr9TidOFisTtU%2FnryDLT2GnIfIveQwKcwliQhVGLvWiEgIweDe3OmDeFYT8U68LU09%2BMrxGD2lYdh4tlvx9h2IttzPAc3yZna5tP%2BiZJJruPGgY40GVc9p%2Fw1%2Bixk%2F68RoLtOscCL%2FERCXz22P8xWmk9utDwSA8dyeCgj3hBQsr24nSbWJFu0%2FOSM5dOK00yD%2F8GE4fyxQ7U0IVVZ1rjdccA44j0Tt7ArMzs4d1a6k3SK2GiKM2X3dqqysh9oJ96r2iJA2R0jHvYwbKTSSLyhDT%2BpZc5Hl%2Fp6e6L5wTKuRZnhKxIDqpzpw%2BwQe6pVq0BuI5FoXQ%2F3mPydT2nkEjcLnLaxBDoVQSUd6Ba92MYcesUpZ13yAAgi%2F79ZKgithRVuwhrTCtNXAp5j6p7%2BBJdzJGV%2Bl2s33UnBjVeKqrAUATX9yY7NIql2E4SOWp4loycxh2nwR3Qe9Zi%2BKBaSmBHVy5liSgUFGOlmsWgM%2FstzXc%2F9SNQyUXALbOxa7s17A%2BDOkgUGLIBM7M6Va0Aa8A2xTnyr0SHwyQpUjE5E1x1t24X4MSADqqMIkQSEHPkgttSbALFUOd32Gko8djwakoi7rmXWAEKojSlDZffyPLwMJQjI%2B5%2FiXFfSasJP1zCbr5nl%2FKFBcomDDFy8gnLMG2zwvLRIrfDquVIhlTgF6Giq4JqWmI9ZSJG8ATh2y%2F9uXExyhdQ33b4O%2B4a9OJv%2F1MWz%2BYQqCLu9DhObYTQQThBtUcxAyF3hOD9B1Q0DWQNPu7UDMuLX57ThBw8CulWsahG7QBGOamGf23KVji%2FaQdKeXYGQohkA1oN%2FSOleQWuIJvSk1KrBDtQRU6AWG6WNqnl33Z%2B0cgBYUcg8noLHMByMkRefpLMqm%2BGH2zrdGpNgEcaCzk5ulYd9pHMdiYDfTp3sFjdsR%2FxplFSP4VfnbWpF7WsiT7WGZoPXtv%2F4gWI60ftEnJ1peYtXUlLDuv2tYt2wmpafCClt1Y0tfB51iBFGhUy7Bw%2FdbjtVxZJHB8FvsEzEGj5BWp45LAGFxpOUsKuUVdioTfyjp01%2F%2FIAsu%2FUG%2FxSpHdfR5TlGRLw0WNef7CnYxLURPTbp0ZF9MglFQGkN58Iq7RR4EFt4s4fP32AmuTUgyz7WNgqv0nswP0mPzMHiZwxBSIZTitjQ5QYbd1BlOX1cAM0TZRE2bOiDQnPjhvEC3jEp9L3ktZ1A%2BVcuXnAhInoy4Dq1%2F0%2FO5KITcyi0NR1ftNMsjzMwUZETqEcCyxr1d23lSNBEFTf4A4FJaCIfcvD0tbHoceynhSdHkRJBiUu8DULyBdcTeFFRq9jA3jwpjrbBmvYfvSBoNqYKbbPq2tErzqOA2fiPYHJkMiAPVsamUIDG4%2FzMD4SqKu6Uoj836CsY%2Fz7znvX5zh6LzB7vPoL8QUGmEd5E0SXk4vKieQkHX4vlQM%2FToQKpQRkdaMrOIs0LQFIp0D4vvEhdwJ7eK%2FmClCgCOPEpU%2F3zJhVfIZfUHgDrkUK4HOfT4piF4STR7SZCleaGDwHUkYRiLWNGrEiiNqwNPJhQ63gStGcBVIYFk%2B3F1neK32xH506xzsqjhFJnDHAbMPC47x6hXmMsm%2BTMBQNfgYyzmDyxERG3o9IuLB%2B3vzTJfaLv9bZ4aNTef%2BMwQDLojDSIiEK%2FDvw%2BuOHt5%2Fwk7cNiXWBhKCjULlR8Daukh7MFlCklEs3srvkifaW4VbF85SckpUhIjOTVTYZ4EgK1VYQ%2BK52O7kKt%2BT2kOkLDDE5JiDXApezQtbnw5yPM8WDh5c1DTaRqLsWxUTPWtVlcbzyge5D4VYWXJ0ICPpVfbeEQXutk0tMKBfY0q20%2Bo8CD6oHnm3wy5ELMeLsmXrspAmhwk2wr8d64CHizraARwvNAAX71VCPIUukAvgtEBblKi9EsFr4Or6s%2Fz1RtnxlaufSdlTCCwWTAe%2FeBK%2FKdehF4gIQ91hCWyrI6jJchH%2F5VA0sXxqVe1sBsZulTMJJJo3VZsFutboAetPCdcmEzqqIYUEuSuJf%2F5tXJm5hujq6EJ6rZbBXqnCeLDVWyhhZvy4kL9jKcF2Hp9ItvRBHP6hI%2FAEzBH%2B89XwS07WJsmlYkiQmHDYavnLbbm8sEAbGwbxCbTUJU7qKgTZff%2BWEBuQ%2BTg4mRab4%2B8SpRklCHU3QCeS1nIHPuJrdyOwMMGQ%2B%2BWEG0hDsiReJbkcG9f9mORbZpLegR5HDbiT0oYJG6GcvKxTNS6voIrE94nva0%2FeQvEgokgbBQQQoejcj1h7oStaWk5OdeWhBJaAgnFmtfGW6lyA0OQ%3D%3D';

echo base64_encode(gzdecode(encode(base64_decode(urldecode($data)),$key)));

得到

ZmlsZU5hbWUCHgAAAEM6L3BocHN0dWR5L1dXVy8xMTEvaW5kZXguaHRtbGZpbGVWYWx1ZQJUFAAAPCFET0NUWVBFIGh0bWw+DQo8aHRtbCBsYW5nPSJlbiI+DQo8aGVhZD4NCiAgICA8bWV0YSBjaGFyc2V0PSJVVEYtOCI+DQogICAgPG1ldGEgbmFtZT0idmlld3BvcnQiIGNvbnRlbnQ9IndpZHRoPWRldmljZS13aWR0aCwgaW5pdGlhbC1zY2FsZT0xLjAiPg0KICAgIDxtZXRhIGh0dHAtZXF1aXY9IlgtVUEtQ29tcGF0aWJsZSIgY29udGVudD0iaWU9ZWRnZSI+DQogICAgPHRpdGxlPkRvY3VtZW50PC90aXRsZT4NCiAgICA8c3R5bGU+DQogICAgICAgICp7Ym94LXNpemluZzogYm9yZGVyLWJveDt9DQogICAgICAgIGJvZHl7DQogICAgICAgICAgICBiYWNrZ3JvdW5kOiAjMDAwOw0KICAgICAgICAgICAgbWFyZ2luOiAwOw0KICAgICAgICAgICAgcGFkZGluZzogMDsNCiAgICAgICAgICAgIG92ZXJmbG93OiBoaWRkZW47DQogICAgICAgICAgICB0ZXh0LXNoYWRvdzogMHB4IDBweCA4MHB4Ow0KICAgICAgICB9DQogICAgICAgIGgxew0KICAgICAgICAgICAgbWFyZ2luOiAwOw0KICAgICAgICAgICAgcGFkZGluZzogMDsNCiAgICAgICAgICAgIGNvbG9yOiAjMGZmOw0KICAgICAgICB9DQogICAgICAgIGF7Y29sb3I6ICNmZmY7fQ0KICAgICAgICAvKiDnm5LlrZDihpMgKi8NCiAgICAgICAgcHsNCiAgICAgICAgICAgIG1hcmdpbjogMDsNCiAgICAgICAgfQ0KICAgICAgICAuYm94ew0KICAgICAgICAgICAgLyog55uS5a2Q5a695bqm4oaTIC0tLeacgOWlveWIq+aUuSovDQogICAgICAgICAgICB3aWR0aDogNzAwcHg7DQogICAgICAgICAgICAvKiDorqnop4bpopHlsYXkuK3lr7npvZDihpMtLS3mnIDlpb3liKvliqggKi8NCiAgICAgICAgICAgIHRleHQtYWxpZ246IGNlbnRlcjsNCiAgICAgICAgICAgIC8qIGJvcmRlcjogMXB4IHNvbGlkICNmMDA7ICovDQogICAgICAgICAgICBjb2xvcjogI2ZmZjsNCiAgICAgICAgICAgIA0KICAgICAgICAgICAgcG9zaXRpb246IGFic29sdXRlOw0KICAgICAgICAgICAgbWFyZ2luOiAyMHB4IGF1dG8gMDsNCiAgICAgICAgICAgIHRvcDogMjBweDsNCiAgICAgICAgICAgIGxlZnQ6IDA7DQogICAgICAgICAgICByaWdodDogMDsNCiAgICAgICAgfQ0KICAgICAgICAvKiDlm77niYfmoLflvI/ihpMgKi8NCg0KICAgICAgICBpbWd7DQogICAgICAgICAgICAvKiDop4bpopHlrr3luqbihpMgLS0t5pyA5aW95LiN6KaB5aSn5LqO5LiK6Z2i55uS5a2Q55qE5a695bqmKi8NCiAgICAgICAgICAgIHdpZHRoOiA3MDBweDsNCiAgICAgICAgICAgIGhlaWdodDogMzkwcHg7DQogICAgICAgICAgICAvKiDngbDoibLnmoTmj4/ovrnihpMgLS0tcHjmmK/nspfnu4Ygc29saWTmmK/lrp7nur8gIzU1NeaYr+minOiJsuS7o+eggSDlj6/ku6Xnmb7luqZodG1s6aKc6Imy5Luj56CB5L+u5pS5Ki8NCiAgICAgICAgICAgIGJvcmRlcjogMnB4IHNvbGlkICMyMjI7DQogICAgICAgICAgICAvKiDlm77niYfnmoTlnIbop5IgKi8NCiAgICAgICAgICAgIGJvcmRlci1yYWRpdXM6IDVweDsNCiAgICAgICAgICAgIC8qIOWKqOeUu+aXtumXtCAqLw0KICAgICAgICAgICAgdHJhbnNpdGlvbjogMC44czsNCiAgICAgICAgfQ0KICAgICAgICAuaW1nMjpob3Zlcntib3JkZXI6IDJweCBzb2xpZCAjOTgwYjE4fQ0KDQogICAgICAgIC5ib3g+ZGl2ew0KICAgICAgICAgICAgcGFkZGluZzogMjBweDsNCiAgICAgICAgICAgIC8qIGJvcmRlcjogMXB4IHNvbGlkICNmMDA7ICovDQogICAgICAgIH0NCiAgICAgICAgLnN6ansNCiAgICAgICAgICAgIHBvc2l0aW9uOiBhYnNvbHV0ZTsNCiAgICAgICAgICAgIHRvcDogMDsNCiAgICAgICAgICAgIGxlZnQ6IDA7DQogICAgICAgICAgICBjb2xvcjogI2ZmZjsNCiAgICAgICAgICAgIHBhZGRpbmc6IDVweDsNCiAgICAgICAgICAgIGJvcmRlcjogMXB4IHNvbGlkICNlZWU7DQogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiByZ2IoMCwwLDAsMC43KQ0KICAgICAgICB9DQogICAgICAgIC55bHsNCiAgICAgICAgICAgIGRpc3BsYXk6IGlubGluZTsNCiAgICAgICAgICAgIGJvcmRlci1ib3R0b206MXB4IGRvdHRlZCAjMGZmOw0KICAgICAgICB9DQogICAgICAgIC55bCBhew0KICAgICAgICAgICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOw0KICAgICAgICAgICAgY29sb3I6I2M2ZDQ5MTsNCiAgICAgICAgICAgIA0KICAgICAgICB9DQogICAgICAgIC55bCBzcGFuew0KICAgICAgICAgICAgbWFyZ2luLXJpZ2h0OiA4cHg7DQogICAgICAgIH0NCiAgICA8L3N0eWxlPg0KPC9oZWFkPg0KPGJvZHk+DQogICAgPGNhbnZhcyBpZD0iY2FudmFzIj48L2NhbnZhcz4NCiAgICA8ZGl2IGNsYXNzPSJib3giPg0KICAgICAgICA8IS0tIOWbvueJh+mDqOWIhiAtLT4NCiAgICAgICAgPGltZyBjbGFzcz0iaW1nMiIgc3JjPSJodHRwczovL3RpbWdzYS5iYWlkdS5jb20vdGltZz9pbWFnZSZxdWFsaXR5PTgwJnNpemU9Yjk5OTlfMTAwMDAmc2VjPTE1Njg2NDE0NzImZGk9OWRiYWNiNzVjZjI0NWQwZWI1N2U3NTdlMGQyMjQ3ZjcmaW1ndHlwZT1qcGcmZXI9MSZzcmM9aHR0cCUzQSUyRiUyRmltZzEuZG91YmFuaW8uY29tJTJGdmlldyUyRnBob3RvJTJGbCUyRnB1YmxpYyUyRnAyMjkwMDU5MTU3LmpwZyIgYWx0PSIiPg0KICAgICAgICA8ZGl2IGNsYXNzPSJ0ZXh0Ij4NCiAgICAgICAgICAgIDxoMT7mn5Dmn5Dlronlhajnu4Q8L2gxPg0KDQogICAgICAgICAgICA8YnI+DQoNCiAgICAgICAgICAgIDxzcGFuIHN0eWxlPSJjb2xvcjogIzBmMCI+5a6Y5pa5Uee+pO+8mjwvc3Bhbj48c3Bhbj48YSB0YXJnZXQ9InZpZXdfd2luZG93IiBocmVmPSJodHRwczovL3d3dy5iYWlkdS5jb20vIj4xMjM0NTY8L2E+PC9zcGFuPg0KPGJyPjxicj4NCg0KICAgICAgICAgICAgPHAgY2xhc3M9Imdsb3ciIHN0eWxlPSJjb2xvcjogI2YwMDsgZm9udC1zaXplOjIxcHg7Ij7lj4vmg4Xmo4DmtYvvvIzor7flj4rml7bkv67lpI08L3A+DQogICAgICAgICAgICA8cCBjbGFzcz0iZ2xvdyIgc3R5bGU9ImNvbG9yOiAjZjAwOyBmb250LXNpemU6MTBweDsiPuaIluiBlOezu+acrOS6uuS/ruWkjTwvcD4NCiAgICAgICAgICAgIDxicj4NCiAgICAgICAgICAgIDxzcGFuIHN0eWxlPSJjb2xvcjogIzNlZTVkZiI+5p+Q5p+Q5p+QUXHvvJo8L3NwYW4+PHNwYW4+PGEgIHN0eWxlPSJjb2xvcjogI2U1NzQzZTsiIHRhcmdldD0idmlld193aW5kb3ciIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZ1aW49Mjc2ODc3Njg5NSZzaXRlPXFxJm1lbnU9eWVzIj5mbGFnezIyN2FkMjQyZmM4MDEzYzhmZThmZjhmNDY3OTMzN2U0fTwvYT48L3NwYW4+DQogICAgICAgICAgICA8YnI+PGJyPg0KICAgICAgICAgICAgPFAgY2xhc3M9Imdsb3ciPuWuieWFqOS5i+i3r++8jOawuOS4jeWmpeWNjzwvUD4NCjxicj48YnI+PGJyPjxicj4NCiAgICAgICAgICAgIDxkaXYgY2xhc3M9InlsIj48c3BhbiBzdHlsZT0iY29sb3I6ICNmMGYiPuWPi+aDhemTvuaOpe+8mjwvc3Bhbj48c3Bhbj48YSBocmVmPSJodHRwczovL3d3dy5iYWlkdS5jb20vIj7mn5DnvZHnq5k8L2E+PC9zcGFuPiA8c3Bhbj48YSBocmVmPSJodHRwczovL3d3dy5iYWlkdS5jb20vIj7mn5DnvZHnq5k8L2E+PC9zcGFuPjxzcGFuPjxhIGhyZWY9Imh0dHBzOi8vd3d3LmJhaWR1LmNvbS8iPuafkOe9keermTwvYT48L3NwYW4+PC9kaXY+DQoNCiAgICAgICAgPC9kaXY+DQogICAgPC9kaXY+DQogICAgPGRpdiBjbGFzcz0ic3pqIj4NCjxwcmU+DQogIOWFpeS+teS4ieWtl+e7jw0KDQrov5vosLfmrYwg5om+5rOo5YWlDQoNCuayoeazqOWFpSDlsLHml4Hms6gNCg0K5rKh5peB5rOoIOeUqE9kYXkNCg0K5rKhT2RheSDnjJznm67lvZUNCg0K5rKh55uu5b2VIOWwseWXheaOog0KDQrniIbotKbmiLcg5om+5ZCO5Y+wDQoNCuS8oOWwj+mprCDmlL7lpKfpqawNCg0K5ou/5p2D6ZmQIOaMgumhtemdog0KDQo8L3ByZT4NCg0KICAgIA0KDQoNCiAgICA8IS0tIOmfs+S5kOmDqOWIhiAtLT4NCiAgICA8ZW1iZWQgaGVpZ2h0PSIwIiB3aWR0aD0iMCIgc3JjPSJodHRwczovL211c2ljLjE2My5jb20vb3V0Y2hhaW4vcGxheWVyP3R5cGU9MiZpZD0yOTQwMDkyNiZhdXRvPTEmaGVpZ2h0PTY2Ij48L2VtYmVkPg0KDQogICAgDQoNCg0KICAgIDwhLS0g5Lul5LiLanMgLS0+DQoNCg0KICAgIDxzY3JpcHQ+DQogICAgdmFyIGNhbnZhcyA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjYW52YXMnKTsNCgkJdmFyIGN0eCA9IGNhbnZhcy5nZXRDb250ZXh0KCcyZCcpOw0KDQoNCgkJY2FudmFzLmhlaWdodCA9IHdpbmRvdy5pbm5lckhlaWdodDsNCgkJY2FudmFzLndpZHRoID0gd2luZG93LmlubmVyV2lkdGg7DQogICAgICAgIC8vIOS4i+mdoueahOmbt+WGm+WwseaYr+S7o+eggembqOeahOaWh+Wtlw0KCQl2YXIgdGV4dHMgPSAn6Zu35YabJy5zcGxpdCgnJyk7DQoNCgkJdmFyIGZvbnRTaXplID0gMTY7DQoJCXZhciBjb2x1bW5zID0gY2FudmFzLndpZHRoL2ZvbnRTaXplOw0KCQkvLyDnlKjkuo7orqHnrpfovpPlh7rmloflrZfml7blnZDmoIfvvIzmiYDku6Xplb/luqbljbPkuLrliJfmlbANCgkJdmFyIGRyb3BzID0gW107DQoJCS8v5Yid5aeL5YC8DQoJCWZvcih2YXIgeCA9IDA7IHggPCBjb2x1bW5zOyB4Kyspew0KCQkJZHJvcHNbeF0gPSAxOw0KCQl9DQoNCgkJZnVuY3Rpb24gZHJhdygpew0KCQkJLy/orqnog4zmma/pgJDmuJDnlLHpgI/mmI7liLDkuI3pgI/mmI4NCgkJCWN0eC5maWxsU3R5bGUgPSAncmdiYSgwLCAwLCAwLCAwLjA1KSc7DQoJCQljdHguZmlsbFJlY3QoMCwgMCwgY2FudmFzLndpZHRoLCBjYW52YXMuaGVpZ2h0KTsNCgkJCS8v5paH5a2X6aKc6ImyDQoJCQljdHguZmlsbFN0eWxlID0gJyMwRjAnOw0KCQkJY3R4LmZvbnQgPSBmb250U2l6ZSArICdweCBhcmlhbCc7DQoJCQkvL+mAkOihjOi+k+WHuuaWh+Wtlw0KCQkJZm9yKHZhciBpID0gMDsgaSA8IGRyb3BzLmxlbmd0aDsgaSsrKXsNCgkJCQl2YXIgdGV4dCA9IHRleHRzW01hdGguZmxvb3IoTWF0aC5yYW5kb20oKSp0ZXh0cy5sZW5ndGgpXTsNCgkJCQljdHguZmlsbFRleHQodGV4dCwgaSpmb250U2l6ZSwgZHJvcHNbaV0qZm9udFNpemUpOw0KDQoJCQkJaWYoZHJvcHNbaV0qZm9udFNpemUgPiBjYW52YXMuaGVpZ2h0IHx8IE1hdGgucmFuZG9tKCkgPiAwLjk1KXsNCgkJCQkJZHJvcHNbaV0gPSAwOw0KCQkJCX0NCg0KCQkJCWRyb3BzW2ldKys7DQoJCQl9DQoJCX0NCglzZXRJbnRlcnZhbChkcmF3LCAzMyk7DQo8L3NjcmlwdD4NCjwvYm9keT4NCjwvaHRtbD5tZXRob2ROYW1lAgoAAAB1cGxvYWRGaWxl

base64解一下得到flag

小刘的硬盘

R-STUDIO扫描发现被删除掉的flag.zip,恢复一下

但是压缩的时候有密码,给了提示。太好了

属于是掩码爆破

flag{8ddeed0126f2523ae14a8a492528c9a0}

CRYPTO

小试牛刀

1、题目信息

ipfm\x82Kj]p~l?\x82ogw\x85mt[K\x8br\x97

2、解题方法

变异凯撒

exp:

from Crypto.Util.number import *

c=b'ipfm\x82Kj]p~l?\x82ogw\x85mt[K\x8br\x97'

a=3

flag=''

for i in c:

    flag+=chr(i-a)

    a+=1

print(flag)

#flag{CaSer_1s_VerY_E4sY}

easyRSA

1、题目信息

from Crypto.Util.number import getPrime,bytes_to_long

from random import randint

from gmpy2 import *

m = bytes_to_long(b'flag{xxxxxxxxxxxxxxxxxxxxxx}')

xxxxxxxxxx

p=getPrime(1024)

q=getPrime(1024)

n = p*q

e = 65537

c = pow(m,e,n)

p_2=((p>>128)<<128)

Result = []

Divisor = []

for i in range(12):

    Divisor.append(getPrime(128))

for i in range(12):

    Result.append(p_2%Divisor[i])

print(c,n,Divisor,Result)

'''

output:

16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178

23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

[205329935991133380974880368934928321273, 274334866497850560640212079966358515253, 264739757264805981824344553014559883169, 314495359937742744429284762852853819407, 197513216256198287285250395397676269263, 194633662721082002304170457215979299327, 320085578355926571635267449373645191637, 310701821184698431287158634968374845899, 198238777199475748910296932106553167589, 292201037703513010563101692415826269513, 332238634715339876614712914152080415649, 334257376383174624240445796871873866383]

[108968951841202413783269876008807200083, 29053101048844108651205043858001307413, 243503157837867321277650314313173163504, 160933173053376016589301282259056101279, 53063624128824890885455759542416407733, 34980025050049118752362228613379556692, 132553045879744579114934351230906284133, 160998336275894702559853722723725889989, 87211131829406574118795685545402094661, 36445723649693757315689763759472880579, 11133325919940126818459098315213891415, 1404668567372986395904813351317555162]

'''

2、解题方法

中国剩余定理+coppersmith

先通过CRT求出p_2

from Crypto.Util.number import *

from gmpy2 import *

from functools import reduce

c=16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178

n=23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

Divisor=[205329935991133380974880368934928321273, 274334866497850560640212079966358515253, 264739757264805981824344553014559883169, 314495359937742744429284762852853819407, 197513216256198287285250395397676269263, 194633662721082002304170457215979299327, 320085578355926571635267449373645191637, 310701821184698431287158634968374845899, 198238777199475748910296932106553167589, 292201037703513010563101692415826269513, 332238634715339876614712914152080415649, 334257376383174624240445796871873866383]

Result=[108968951841202413783269876008807200083, 29053101048844108651205043858001307413, 243503157837867321277650314313173163504, 160933173053376016589301282259056101279, 53063624128824890885455759542416407733, 34980025050049118752362228613379556692, 132553045879744579114934351230906284133, 160998336275894702559853722723725889989, 87211131829406574118795685545402094661, 36445723649693757315689763759472880579, 11133325919940126818459098315213891415, 1404668567372986395904813351317555162]

def basic_CRT(ai,mi):

    assert reduce(gmpy2.gcd,mi) == 1

    assert len(ai) == len(mi)

    N = reduce(lambda x,y:x * y,mi)

    ans = 0

    for a,m in zip(ai,mi):

        t = N // m

        ans += a * t * gmpy2.invert(t,m)

    return ans % N,N

result = basic_CRT(Result,Divisor)

print(result)
(mpz(157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794467422919824463419065126688059515994112), 115343256339804438488541860602807499768350592243111732022419431132087583829952557330993478731619075521301706171847716910739807488266701790937805652553244788024534230754162298101105496772540567818850570512144853594488579606954797182360716688344137783051055690460297099575344944650143959946929880492674974780957995559861235099499367407389543136733028684627735422306472504011232051138891022767098404805311381687759832357323075065923241564165806258181141497530683119)

然后再梭coppersmith

p_high=157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794467422919824463419065126688059515994112

n=23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

PR.<x> = PolynomialRing(Zmod(n))

f = x + p_high

roots = f.small_roots(X=2^128, beta=0.4)

if roots:

    p = p_high+int(roots[0])

    print("n="+str(n))

    print("p="+str(p))

    print("q="+str(n//p))

#n = 23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

#p = 157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794708282102407491782299777228899079176117

#q = 146598666145389487374076474702380241089893944436923994466470555513748278755568038863819188404588602962888679358728628069490879689376996830110571995521814075973422513105805715524894550773219606972944401957227665252279176873209924236114228003156706532596699592716796867748104565680326123749660658940264843181589

最后正常解就行

import gmpy2

from Crypto.Util.number import long_to_bytes

c=16054555662735670936425135698617301522625617352711974775378018085049483927967003651984471094732778961987450487617897728621852600854484345808663403696158512839904349191158022682563472901550087364635161575687912122526167493016086640630984613666435283288866353681947903590213628040144325577647998437848946344633931992937352271399463078785332327186730871953277243410407484552901470691555490488556712819559438892801124838585002715833795502134862884856111394708824371654105577036165303992624642434847390330091288622115829512503199938437184013818346991753782044986977442761410847328002370819763626424000475687615269970113178

n=23074300182218382842779838577755109134388231150042184365611196591882774842971145020868462509225850035185591216330538437377664511529214453059884932721754946462163672971091954096063580346591058058915705177143170741930264725419790244574761160599364476900422586525460981150535489695841064696962982002670256800489965431894477338710190086446895596651842542202922745215496409772520899845435760416159521297579623368414347408762466625792978844177386450506030983725234361868749543549687052221290158286459657697717436496769811720945731143244062649181615815707417418929020541958587698982776940334577355474770096580775243142909913

p=157397749849472741302651922559110947585741898399548366071672772026799823577871183957882637829089669634665699886533302712057712796808672023827078956556745522749244570015492585747076324258912525658578733402979835176037760966294532155059241756382643278063578661030876735794708282102407491782299777228899079176117

q=146598666145389487374076474702380241089893944436923994466470555513748278755568038863819188404588602962888679358728628069490879689376996830110571995521814075973422513105805715524894550773219606972944401957227665252279176873209924236114228003156706532596699592716796867748104565680326123749660658940264843181589

e=65537

phi = (p-1) * (q-1)

n = p * q

d = gmpy2.invert(e, phi)

m = pow(c, d, n)

print(':',long_to_bytes(m))

#: b'flag{2233747d3bf06f070048e80300dac75f}'

RE

人生模拟

找到加密逻辑后,跟着跑一遍就行

exp:

v15=[0]*38

v15[0] = 432;

v15[1] = 408;

v15[2] = 429;

v15[3] = 438;

v15[4] = 452;

v15[5] = 246;

v15[6] = 243;

v15[7] = 417;

v15[8] = 423;

v15[9] = 444;

v15[10] = 240;

v15[11] = 231;

v15[12] = 203;

v15[13] = 447;

v15[14] = 207;

v15[15] = 435;

v15[16] = 253;

v15[17] = 224;

v15[18] = 204;

v15[19] = 443;

v15[20] = 419;

v15[21] = 248;

v15[22] = 442;

v15[23] = 241;

v15[24] = 203;

v15[25] = 251;

v15[26] = 445;

v15[27] = 239;

v15[28] = 441;

v15[29] = 254;

v15[30] = 417;

v15[31] = 246;

v15[32] = 203;

v15[33] = 245;

v15[34] = 255;

v15[35] = 445;

v15[36] = 248;

v15[37] = 478;

for i in range(len(v15)):

    print(chr((v15[i]>>2)^0xa),end='')

#flag{76bce638e9f529db4d684e1d5b7875e4}

"科来杯"第十届山东省大学生网络安全技能大赛决赛复现WP的更多相关文章

  1. 2019"深思杯"山东省大学生网络安全技能大赛部分wp

    签到 载入OD查看字符串 上下左右 这道题出来的时候真的是一点思路都没有,一直以为是什么编码来着,看了大佬们的 wp 原来是画图 拿大佬的脚本: from PIL import Image im = ...

  2. 2021陕西省大学生网络安全技能大赛 Web ez_checkin

    web ez_checkin 进去看了一会,啥也没找到,直接上dirsearch 扫到一个index.php~,打开看一看,是php审计 <?php error_reporting(0); in ...

  3. 第十届国际用户体验创新大赛携Mockplus走进校园

    今日立夏,万木并秀,生生不息,第十届国际用户体验创新大赛即将拉开序幕.5月5日下午,一场用户体验设计经验分享活动携带众多嘉宾降临成都理工大学,为西南赛区首站赛事宣讲. 本次宣讲活动邀请了华为技术有限公 ...

  4. 蓝桥杯第十届真题B组(2019年)

    2019年第十届蓝桥杯大赛软件类省赛C/C++大学B组# 试题 A:组队# 本题总分:5分[问题描述]作为篮球队教练,你需要从以下名单中选出 1号位至 5号位各一名球员,组成球队的首发阵容.每位球员担 ...

  5. 第十届Mockplus ▪ UXPA用户体验西南赛区决赛成功举行

    九月的重庆,秋意渐浓. 伴随着凉爽的秋风,第十届Mockplus·UXPA国际用户体验创新大赛(UXD Award2018)西南赛区决赛于9月16日下午在四川美术学院-虎溪校区成功举办.来自西南区域各 ...

  6. 第十届山东省acm省赛补题(2)

    http://acm.zju.edu.cn/onlinejudge/showProblem.do?problemCode=4124 L Median Time Limit: 1 Second      ...

  7. 第十届山东省acm省赛补题(1)

    今天第一场个人训练赛的题目有点恐怖啊,我看了半个小时多硬是一道都不会写.我干脆就直接补题去了.... 先补的都是简单题,难题等我这周末慢慢来吧... A Calandar Time Limit: 1 ...

  8. 蓝桥杯第十届C组试题C

    从0开始,从右到左给这些字符串的每一位字母起个名字. 比如:A(1位)A(0位) A(2位)A(1位)A(0位) AA = 27, 可以看成(26 * 1)+ A(1) 因为:字母每经过一个轮回,可就 ...

  9. 第十届山东省赛L题Median(floyd传递闭包)+ poj1975 (昨晚的课程总结错了,什么就出度出度,那应该是叫讨论一个元素与其余的关系)

    Median Time Limit: 1 Second Memory Limit: 65536 KB Recall the definition of the median of elements w ...

  10. 第三届“传智杯”全国大学生IT技能大赛(初赛A组)题解

    留念 C - 志愿者 排序..按照题目规则说的排就可以.wa了两发我太菜了qwq #include<bits/stdc++.h> using namespace std; const in ...

随机推荐

  1. 软件设计 day1

    Software Design Methodology 软件设计方法学 中国石油大学(华东)2022-2023-3 国际周课程 Advanced software design 张晓东老师邀请在日本广 ...

  2. Net 编译器平台--- Roslyn Scripting APIs

    引言 上一篇中.Net 编译器平台 --- Roslyn,介绍了Roslyn的各项功能,包括公开API,使用语法,使用语义,使用工作区等功能. 那么回到上一篇中提到的问题,实现类似这样的功能(以下代码 ...

  3. 【Linux】部署Nginx

    1.先安装gcc-c++编译器 yum install gcc-c++ yum install -y openssl openssl-devel 2.再安装pcre包 yum install -y p ...

  4. Hexo博客使用valine评论系统无效果及终极解决方案

    注意事项 有一些博主valine评论系统无效果,有一些原因: 1.很大程度是因为next的版本升级导致某些参数设置不同 2.valine评论是基于LeanCloud,还有一个文章阅读次数功能也是用Le ...

  5. UE构建基础和实践:四、使用脚本打包

    序言 使用UE版本为UE5.20 在实际项目中,我们常常使用自动化脚本来进行构建,它可以增加我们的生产效率,并降低人为操作带来的失误风险. BuildGraph BuildGraph UE官方提供的构 ...

  6. 2021-7-11 Vue的自定义指令简单实例

    获取焦点简单实例,用Vue.directive(ps:指令)定义,命名不要是关键字,用v-加自定义指令名称调用,而内部用钩子函数inserted来实现 <!DOCTYPE html> &l ...

  7. chrome浏览器中使用adblockplus拦截广告

    adblock plus是一款可以屏蔽广告以及任何你想屏蔽元素的软件,屏蔽之后的效果如下图所示,abp自动屏蔽广告,还可以自行添加屏蔽内容,右上角红色的ABP标识就是该软件     下载地址: htt ...

  8. 使用wrk对api接口进行性能测试

    安装 yum install -y openssl git git clone https://github.com/wg/wrk.git wrk cd wrk make cp wrk /usr/lo ...

  9. JS中文件相关的知识(一):MIME类型

    不知道有没有同学和我一样,写代码时一遇到文件操作就犯怵,必须要先去把知识补一遍再说:对于Content-Type.responseType.ArrayBuffer.buffer.blob.file等这 ...

  10. Android13深入了解 Android 小窗口模式和窗口类型

    Android13深入了解 Android 小窗口模式和窗口类型 小窗模式,作为一种在移动设备上的多任务处理方式,为用户带来了便捷和高效的体验,尤其在一些特定场景下,其价值愈发凸显.以下是为什么需要小 ...