日常鼓励自己:一个人至少拥有一个梦想,有一个理由去坚强。
预警:今天的这个题目有点水,因为做了个超级难的题目,还没完全弄明白,心态有点炸裂,做一道水题奖励自己,这个难题到后边脑子清楚之后再来整理
Collider(50 pt)
对没错今天的是个50分的水题。
题目描述
题目源代码
import hashlib
from utils import listener
FLAG = "crypto{???????????????????????????????????}"
class Challenge():
def __init__(self):
self.before_input = "Give me a document to store\n"
self.documents = {
"508dcc4dbe9113b15a1f971639b335bd": b"Particle physics (also known as high energy physics) is a branch of physics that studies the nature of the particles that constitute matter and radiation. Although the word particle can refer to various types of very small objects (e.g. protons, gas particles, or even household dust), particle physics usually investigates the irreducibly smallest detectable particles and the fundamental interactions necessary to explain their behaviour.",
"cb07ff7a5f043361b698c31046b8b0ab": b"The Large Hadron Collider (LHC) is the world's largest and highest-energy particle collider and the largest machine in the world. It was built by the European Organization for Nuclear Research (CERN) between 1998 and 2008 in collaboration with over 10,000 scientists and hundreds of universities and laboratories, as well as more than 100 countries.",
}
def challenge(self, msg):
if "document" not in msg:
self.exit = True
return {"error": "You must send a document"}
document = bytes.fromhex(msg["document"])
document_hash = hashlib.md5(document).hexdigest()
if document_hash in self.documents.keys():
self.exit = True
if self.documents[document_hash] == document:
return {"error": "Document already exists in system"}
else:
return {"error": f"Document system crash, leaking flag: {FLAG}"}
self.documents[document_hash] = document
if len(self.documents) > 5:
self.exit = True
return {"error": "Too many documents in the system"}
return {"success": f"Document {document_hash} added to system"}
"""
When you connect, the 'challenge' function will be called on your JSON
input.
"""
listener.start_server(port=13389)
题目分析
代码的意思是,自己选定一个文件,获得这个文件的md5摘要,并且将摘要和文件一并存储在服务器当中,得到flag的条件是,存入一个不存在的文件,但是能匹配到这个文件的哈希值。
一眼丁真,简单的说就是一个md5的强碰撞,我们选定两个不同的文件但是存在相同的md5值,这个是前人的研究结果,我们直接拿来主义就可以。
具体操作
这个文章里边有具体可用的例子。
因为这两个真值存在一定的不同(仔细看能发现,但是二者的md5是相同的,这时候我们可以把这两个值传入服务器,就能得到flag
复现的时候服务器太差了,老是打不出flag,就不放截图了,这题比较简单,算是的国内密码工作者的一次致敬吧!