【愚公系列】2021年12月 攻防世界-進階題-MISC-071(4-1)

一、4-1

題目鏈接：https://adworld.xctf.org.cn/task/task_list?type=misc&number=1&grade=1&page=4

二、答題步驟

1.binwalk

輸入如下命令

binwalk -e 畫風不一樣的喵.png

提取文件

發現兩張圖片

2.盲水印

盲水印腳本bwm.py

#!/usr/bin/env python # -*- coding: utf8 -*- import sys import random cmd = None debug = False seed = 20160930 oldseed = False alpha = 3.0 if __name__ == '__main__': if '-h' in sys.argv or '--help' in sys.argv or len(sys.argv) < 2: print ('Usage: python bwm.py [arg...] [opts...]') print (' cmds:') print (' encode ') print (' image + watermark -> image(encoded)') print (' decode ') print (' image + image(encoded) -> watermark') print (' opts:') print (' --debug, Show debug') print (' --seed , Manual setting random seed (default is 20160930)') print (' --oldseed Use python2 random algorithm.') print (' --alpha , Manual setting alpha (default is 3.0)') sys.exit(1) cmd = sys.argv[1] if cmd != 'encode' and cmd != 'decode': print ('Wrong cmd %s' % cmd) sys.exit(1) if '--debug' in sys.argv: debug = True del sys.argv[sys.argv.index('--debug')] if '--seed' in sys.argv: p = sys.argv.index('--seed') if len(sys.argv) <= p+1: print ('Missing for --seed') sys.exit(1) seed = int(sys.argv[p+1]) del sys.argv[p+1] del sys.argv[p] if '--oldseed' in sys.argv: oldseed = True del sys.argv[sys.argv.index('--oldseed')] if '--alpha' in sys.argv: p = sys.argv.index('--alpha') if len(sys.argv) <= p+1: print ('Missing for --alpha') sys.exit(1) alpha = float(sys.argv[p+1]) del sys.argv[p+1] del sys.argv[p] if len(sys.argv) < 5: print ('Missing arg...') sys.exit(1) fn1 = sys.argv[2] fn2 = sys.argv[3] fn3 = sys.argv[4] import cv2 import numpy as np import matplotlib.pyplot as plt # OpenCV是以(BGR)的順序存儲圖像數據的 # 而Matplotlib是以(RGB)的順序顯示圖像的 def bgr_to_rgb(img): b, g, r = cv2.split(img) return cv2.merge([r, g, b]) if cmd == 'encode': print ('image<%s> + watermark<%s> -> image(encoded)<%s>' % (fn1, fn2, fn3)) img = cv2.imread(fn1) wm = cv2.imread(fn2) if debug: plt.subplot(231), plt.imshow(bgr_to_rgb(img)), plt.title('image') plt.xticks([]), plt.yticks([]) plt.subplot(234), plt.imshow(bgr_to_rgb(wm)), plt.title('watermark') plt.xticks([]), plt.yticks([]) # print img.shape # 高, 寬, 通道 h, w = img.shape[0], img.shape[1] hwm = np.zeros((int(h * 0.5), w, img.shape[2])) assert hwm.shape[0] > wm.shape[0] assert hwm.shape[1] > wm.shape[1] hwm2 = np.copy(hwm) for i in range(wm.shape[0]): for j in range(wm.shape[1]): hwm2[i][j] = wm[i][j] if oldseed: random.seed(seed,version=1) else: random.seed(seed) m, n = list(range(hwm.shape[0])), list(range(hwm.shape[1])) if oldseed: random.shuffle(m,random=random.random) random.shuffle(n,random=random.random) else: random.shuffle(m) random.shuffle(n) for i in range(hwm.shape[0]): for j in range(hwm.shape[1]): hwm[i][j] = hwm2[m[i]][n[j]] rwm = np.zeros(img.shape) for i in range(hwm.shape[0]): for j in range(hwm.shape[1]): rwm[i][j] = hwm[i][j] rwm[rwm.shape[0] - i - 1][rwm.shape[1] - j - 1] = hwm[i][j] if debug: plt.subplot(235), plt.imshow(bgr_to_rgb(rwm)), \ plt.title('encrypted(watermark)') plt.xticks([]), plt.yticks([]) f1 = np.fft.fft2(img) f2 = f1 + alpha * rwm _img = np.fft.ifft2(f2) if debug: plt.subplot(232), plt.imshow(bgr_to_rgb(np.real(f1))), \ plt.title('fft(image)') plt.xticks([]), plt.yticks([]) img_wm = np.real(_img) assert cv2.imwrite(fn3, img_wm, [int(cv2.IMWRITE_JPEG_QUALITY), 100]) # 這里計算下保存前后的(溢出)誤差 img_wm2 = cv2.imread(fn3) sum = 0 for i in range(img_wm.shape[0]): for j in range(img_wm.shape[1]): for k in range(img_wm.shape[2]): sum += np.power(img_wm[i][j][k] - img_wm2[i][j][k], 2) miss = np.sqrt(sum) / (img_wm.shape[0] * img_wm.shape[1] * img_wm.shape[2]) * 100 print ('Miss %s%% in save' % miss) if debug: plt.subplot(233), plt.imshow(bgr_to_rgb(np.uint8(img_wm))), \ plt.title('image(encoded)') plt.xticks([]), plt.yticks([]) f2 = np.fft.fft2(img_wm) rwm = (f2 - f1) / alpha rwm = np.real(rwm) wm = np.zeros(rwm.shape) for i in range(int(rwm.shape[0] * 0.5)): for j in range(rwm.shape[1]): wm[m[i]][n[j]] = np.uint8(rwm[i][j]) for i in range(int(rwm.shape[0] * 0.5)): for j in range(rwm.shape[1]): wm[rwm.shape[0] - i - 1][rwm.shape[1] - j - 1] = wm[i][j] if debug: assert cv2.imwrite('_bwm.debug.wm.jpg', wm) plt.subplot(236), plt.imshow(bgr_to_rgb(wm)), plt.title(u'watermark') plt.xticks([]), plt.yticks([]) if debug: plt.show() elif cmd == 'decode': print ('image<%s> + image(encoded)<%s> -> watermark<%s>' % (fn1, fn2, fn3)) img = cv2.imread(fn1) img_wm = cv2.imread(fn2) if debug: plt.subplot(231), plt.imshow(bgr_to_rgb(img)), plt.title('image') plt.xticks([]), plt.yticks([]) plt.subplot(234), plt.imshow(bgr_to_rgb(img_wm)), plt.title('image(encoded)') plt.xticks([]), plt.yticks([]) if oldseed: random.seed(seed,version=1) else: random.seed(seed) m, n = list(range(int(img.shape[0] * 0.5))), list(range(img.shape[1])) if oldseed: random.shuffle(m,random=random.random) random.shuffle(n,random=random.random) else: random.shuffle(m) random.shuffle(n) f1 = np.fft.fft2(img) f2 = np.fft.fft2(img_wm) if debug: plt.subplot(232), plt.imshow(bgr_to_rgb(np.real(f1))), \ plt.title('fft(image)') plt.xticks([]), plt.yticks([]) plt.subplot(235), plt.imshow(bgr_to_rgb(np.real(f1))), \ plt.title('fft(image(encoded))') plt.xticks([]), plt.yticks([]) rwm = (f2 - f1) / alpha rwm = np.real(rwm) if debug: plt.subplot(233), plt.imshow(bgr_to_rgb(rwm)), \ plt.title('encrypted(watermark)') plt.xticks([]), plt.yticks([]) wm = np.zeros(rwm.shape) for i in range(int(rwm.shape[0] * 0.5)): for j in range(rwm.shape[1]): wm[m[i]][n[j]] = np.uint8(rwm[i][j]) for i in range(int(rwm.shape[0] * 0.5)): for j in range(rwm.shape[1]): wm[rwm.shape[0] - i - 1][rwm.shape[1] - j - 1] = wm[i][j] assert cv2.imwrite(fn3, wm) if debug: plt.subplot(236), plt.imshow(bgr_to_rgb(wm)), plt.title(u'watermark') plt.xticks([]), plt.yticks([]) if debug: plt.show()

保存requirements.txt文件

opencv-python==4.2.0.34 matplotlib==2.1.1

執行命令安裝對應包

pip install -r requirements.txt

提取圖中的盲水印

python bwm.py decode day1.png day2.png day3.png --oldseed

Flag：wdflag{My_c4t_Ho}

總結

binwalk

盲水印

數字水印（Digital Watermark）一種應用計算機算法嵌入載體文件的保護信息。數字水印技術，是一種基于內容的、非密碼機制的計算機信息隱藏技術。它是將一些標識信息（即數字水印）直接嵌入數字載體當中（包括多媒體、文檔、軟件等）或是間接表示（修改特定區域的結構），且不影響原載體的使用價值，也不容易被探知和再次修改。但可以被生產方識別和辨認。通過這些隱藏在載體中的信息，可以達到確認內容創建者、購買者、傳送隱秘信息或者判斷載體是否被篡改等目的。數字水印是保護信息安全、實現防偽溯源、版權保護的有效辦法，是信息隱藏技術研究領域的重要分支和研究方向。

通用安全

版權聲明：本文內容由網絡用戶投稿，版權歸原作者所有，本站不擁有其著作權，亦不承擔相應法律責任。如果您發現本站中有涉嫌抄襲或描述失實的內容，請聯系我們jiasou666@gmail.com 處理，核實后本網站將在24小時內刪除侵權內容。