前言

本次比赛, 打的挺舒服的

作为一个逆向手, 数据分析感觉做的很顺, 很爽

确实学到了很多东西, 也意识到了很多的不足

然后的话, 因为和队友没有提前沟通好的原因, 丢了100分就特别难受

我靠 数据安全题(CTF题型)累死累活才做出来 分数时动态的

而数据分析 思维活跃 随便解 分数却是死的 好烦

(就是说 比赛时 内部一定要交流好哇~~)

**一起共勉 加油 ^_^ **

数据分析题解

区块链威胁分析.1

请提交App的Team Identifier。(答案严格区分大小写)

题目010打开 发现是PK

改.zip打开是个 DAFOM.app

(就是这个app的名字)

Google搜索相关team ID信息

这是一篇很好的博客,讲的很到位(https://blog.csdn.net/liuxiaoxiaobo/article/details/122047015)

image-20230403111340896

然后随便翻翻文件有个叫DAFOM的

在010 打开

image-20230403111358079

W58CYKFH67

这个 就是 flag

区块链威胁分析.2

这个app 就是一个黑客组织Lazarus 向区块链行业 弄得恶意应用程序

所以答案就是Lazarus

C2流量分析.1

追踪TCP流 在流16

发现了答案

image-20230403111445659

这个就是flag

http://imgcache.cloudservicesdevc.tk/picturess/2023/RDSv38.dll

C2流量分析.2

请提交Payload的SHA256哈希值。(字母大写,请根据流量内容作答)

找个在线网站

image-20230403111548795

当然也可以用Linux命令(推荐)

flag AA2CBD3103CECAF189F93D787C602679E156CC6FD90E22646D637F01C64222CF

C2流量分析.3

Wireshark把文件导出来

根据题目描述 说有个有毒的程序

定位 最下面的DLL程序

确实也报毒了

用ida64打开

image-20230403111805956

flag cmd.exe /c C:/Users/Public/Documents/2022060128.vbe

C2流量分析.4

请提交Payload中需要Base64解码的cmd命令的个数。(答案示例:1)

image-20230403111834346

咱就是说, 我们这的师傅直接猜3拿了一血,牛

还有就是, 这数据分析题对逆向师傅来说也太友好了吧

fernet.3

针对 前两个我没写全(别的师傅解的), 我就只贴这个了

wireshark追踪流

7,8 ,9

image-20230403112050637

Base64转图片

image-20230403112100379

太抽象了 Stegsolve 转一下色道

image-20230403112115819

flag{a20cb3c9-141c-41c4-8255-0cd3eb95b681}

贴一下我的脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 这是思路
import base64
import os
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC

key = "开头的key"

f = Fernet(key)

token = b'密文'
print("Decrypted data: ", f.decrypt(token).decode())

就是这样, 明白了吧

1
2
3
4
5
6
7
8
9
10
11
12
13
import base64
import os
from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC

key = "eBp92fUD7Lk_6qXR2pIjFt3sBH-lW0ul830S-sO6QCQ="

f = Fernet(key)

token = b'gAAAAABkGeDiBcfniXRJpihFhn0EPQUDIiNwd2FbIOpEMo4MNCVL9irQ6SwekLpgQ5zD5_nFti4Mij-VhdpKEifNi2hL1AqwZ7twArf96rxLpBVJEa2LmvM9plBSpg6f_qEWAQveQmI4VM_yWsTwPxPrNcB-syF8oV1T_xTMAFzL0vgj2ScD-SWnHP5ZbJ4AI_Jsdxnr7gFDrUvf5sbuCICGPW39sWs6bPyy73IWZvANBD3M4vb2n9M6LIuLhvs48oNvdc0YONqUj9qs_ezffqFeCtWvjEZP4LBKEWnIW-2XL1GE5wluChpwYvlFYMN0xoZmDOnuVYTFL0_438xQw7cSBSEgmdMnCNOWfDVZvh-kFahbbDMLUP3wrKviWeMHNLxS6p4ebrQECc-s_cDNzvZBr-zHPPtn-3O5zE0w-OJec0h31Q52paMmEPKWHybAWQHPELAFTaNxvU0h33qHsoObNgn4t5Rs066HAnM9RGpmj3ynalvhg0-uws1JxAgysNQIy4xtokfu9RFoBgtjymHFmlfRQ5Smck7Szw2Kqawz8psIHNbt2Av9gzKo5aPXJFN9vYKK59iu-qIv7IExD2Aap-RBVyKbn0pXlH7TztwTZ6V1VhkqI5QFrFEwjcC9uVZYTsot317WIHAoCA3bKGkZNb8emKYXUL7UhePDjr7ljAOQSZPrrZMYGIUJ8FLprkCOLJSJkJS4eLJuYEegiC_uqjAaSfuLsGxWz_Ua7p0OxrhTCpP8YodnvdT6nhsDS4TA2XLX3x00UVVhG4HMfePvAoexpigzTDB1HLJaXsT95HEA49fksKmOchLuxYdKTT_UPnNCg9D4DQl0f2h-3GKugkwXcXss4sdNvvlolcxJYJKJXAjTILewnb7l-n0Z4Vpvdbpvg5RzRn-bdRCkQ1JE28nX5mQAbHhTouE-QqsBrcL1sGjhbRZOdDco5kxj5P6IEBDLrS9BiavQp6UeMQxjZ0lMktISaUHvAa3kWJMAvQKE9QvEXuuel6h0Cqz5fCiNaOTl9DvHtpQwSeYe3KuyleQNJigdvt_JQj9G5BMUYdO5hjU8f6c1JkknHDPylXoOt8gKrNPQ6zlS3rZ8cH92j1cw1FXDoDsBRyEydYASWUPxHRAVxwP2KYXS5YI0GZAVIcQKwRvppY7oBEhISkKg_dx0a7WM_mlPULUcaXWFBnCUcYOljq7IadgRtT3M0X8dCmICrBVsUeSWmYNItrwAPl2DtRqLXbb8YEICJ8J3_Qtm7XzV7vE9ozhh88PlHp676Pm4rT3ESh1VSbUq2zXMWry0SZ9ESRPreU9Ll8CTNJScnv187rxmakYYzh2X0Me6u-NEqpyGndwo-7roHEopps04ZQzpVc9gPaQ5Nw3rmqJdBiA6NZnKcsedoutq5NCa2aIxqXaVlev9zzdaqzDft5qRVuPfQBJIhiDfXmcXOVDXx3Quz_IZBP2Ll_iQxCgi2QrwNScqZ203qmQ-X0cU6edhWIGCAes9M9Ox7BH2r7xTCdYqTHeruLbu_mid3E4VIaa4MsRubXH5L8jowR2D7DO68TmkmXSI3fnTgHTr_swNXoky5ZtZToFVD1uTLWHPTN9nXoWdrvvE5qftIvyMO9FEil-EAyttfJ3ABPTJBWN2dUQ-LK7VoZRVE6_u57FKY1RgFgz7xz3UPtOTlHURLI1hUiL_FrL-nF0e5ZsV5OwFbVCSvT8JaMhLbux1FG4k0-TC1N79-pnKZnQY_kA6AyH36G0HpImQvJO378UguIMFLXdGd7hulzdD_SuSUF9ivdK1x3yEfA10UfWbLYSUZa0ZqtefP26muOWv-ab9SZclEIWL4x2g6aPB0P0dkrDZrC_iSR-lG85L1E-JkycCTDFI3sW1OTq1kzRuwmmnSDHnkpNDPT3A-DrRwzIymjQ-TgnTtoqjiesngjIjICMuw_bQ2c7bXYeTFK6Hr3w8BR8isZ6ODgRWD5fW-r_BUwd89URpmLdGKh0Se4Q20KnHTNoHoTK1Klwc-6zwbS5NyYzhsazM5xkBKPWLg6HQXH8ce6db_1mxtdVjKnfgVLUGR86pUb4ivx7ZbuS37tuecn17aF9-NJ68DLmLi7B90Zxori1gePIsD7lYAgUykbXQ32Ba_0u0REvqYhaBdHl3RySnBIzXS-4skpQXzCMKZLD9twxOmPRe-WQyP7CdnFOLOotcRwaRS4lS_nWVZo4nyynms-srx8CO8-Xwd5Ei7ZBj9BxQPKt_yspw-aWcTSMnWeqdSTgR6JgclDYnXvPRyHqNd4K0n0cwVfN0w2DPDFObFrWv46wthrWsllJtfB4uFlItLMkIbR7P4ydvLChFUZ7SIl_jvurTV83KG6hoWN5v5QSKkNWNBnbXFT9Amne4iMgdyM0PgMbH-9FMf24w2jZPCYEmq6Od24ZknSiJ6igsMmg7rYb8vj4H_VCUeL9CfpRY-BEVEgR79FajjlFz8CxFr05tcCrXuBAH0EYaEEPJQ1J298DlOcPogv4vVGmlWQA-xUJGmjWvjl-Y4IyRnv7eBhgLJXFPosAawjX9zsZjQCum0iRy4ACPX8Vio3q8xV0ZPP8PG_9MDvMc4KPJmLscFHUDUNBsXuDOwl_WzxwydK-bKhyN5WWi5J3o65K7_o0NtKMVu2huzrHT5UXY0zA3bbcTKBKWvGzO4nIctsvr3vpTaLPpDayRSR5v7ZZuIw6mvyRZAYFZxYxMZfgXQvYSZFCEDoVtV90EjqiTmWpNz_bFHY5eSseHiCP6HJHNNbbNnfCQsGa64Ty6cB0xPed4CJgltGUeEVCJ2bzj_9j3IWkiSYFvc_mCM4s5dfg4D--cq2n2iVX0nI5bns_KnVMrnRT7lF3oqxT4nbNBaB9y3FGhXlaatWnkq6S2hF50SnEtdiksSV8tZGYJpMY86UCM5E0NFjHX6jeCQkRBOqpP6L2wLf299xXRmpawND9VYNvkDdDfP8z1tSou4bSGME8c7CCg9OcwEbSxsbk5pXDAqOdZYbNwFur5mC1m-TQCjvXIPM4bnLntaBNrq98bcsmKczgqGZkJNgQT0ARwo0iWuiji0t1V3canUoLgb4sGRoU_PjsQ-Y11baUNQDV2lIrkQJBg4b20JaN291ZToK0a_Zcc9-WMLiAEqynms8Tz-SCELM1GnKhSQ6yYxNSDWmBgu9gSj7I37nxusrMAFXEQOLb4WXSbsGiK0cA-M1aalj_8HaRlom2F4oWVPSd3RdezQlR5nU1NaV9rhZUjEbypBdsMr6rJgXL4V3XQ053nI8P0_UignHzk8r5b3q6xtiaeVV-8AyooCY0GsFinnSf1c_5gcH2uwJEkD0JJVnDJZaorhBHJL8zSsaGYWfKA2Cmzx8CYH1X6nf5pnthKuru5Vkme1BgUm_qKekU_3279p05ZIyNLkKfShrKTHmzDCgBkefPhw2pSFEAwKkmUoWpTipgdxsgigvwa3QEofyNuNu87cVjZGv8nr2g7aMwz2AYZpg3xJEnU9HiEN5OEN9OyQiIU0dIIFKw8g0KLsdc4ymb_HHL8D6SAH7ViDhDUzhFxalPh9dlEdJi7fOWcBUOIwSq2DMegxnl3aSOgbxRkOwc-yIT3g54YShTmhK6iRTHqOEPlg4qTZOxCynkKL2FBKhFRtqSmZgTAVc4OT4U88LJ7S8W8XbUYKfslQibcTWTdvQGB0CBui43cUzXZx12HzjDHXejlqyk1nAP9YJP4KWArnDwXETE2wUwHWwdT00sPUtQ4kwx-zgAP-P66kGbN32Nq0woS59uQ74mntXzmGewqsFzXADv2gIaXwqQNl21TlBEIDk1KDogkWsUg1UNCwtV5AYif8e9OFBS0x4snnJYtg7p7AfmpPaDS-3DtROg_Ne7gmq6yQyUVgsWFLf6CGlyIz067Yr8TTj9DPQBrIAuM1aAkDNw7-TJGLJ-M44FagoOhglCsEnqtqVZt0ELV60RbBybGi6J4N9R6pW9iZJamNPUUNJQzBJQ6eA41xmYTxGJ6ZIAQJQ93oo_cSMsDkNzKQwE9smZvKq9ny5CQSFu8w-MupksReUF5hdKYyBTLkuvuFzrjFboK__d-8xDsuECvNHTQhiI3rpzCCZUZ1fpV4WmcEJAnRbefvERfD2rj0Osedr1A9QKkAn3YvGJkHJ9LFHIrmRrLABSzw1ZfRKlpGi7J3LjDb06D7SPYb122KL4o7HTgHv98HtV52WhLaPahPszbEZ4Iuwyt1XyG0jq4_n0Hud9t7O0Z0iRnLk5vuFJzTkVfo5985Kv3Q2Cd4bIlWYX-_of7AYnHPqRGcpqbiTUutTw9ZPPst5um5gK66aN5MWHpqrKdDKO73P6FNkSCzaQOBJ6PUmmLDwPj0q3hBDWt2MVNTUOuCj5OcVHBIsGTLYRXlyE_lGDv1hK7wGHoyjYYiSZpEfNyGWv6yUTBqQUdu7-uXjKE5uFqrh00VDmdAuXR56KR0DeT7--KPkS6FcWdeDW66Teaqq-NG-D5ONauNa2iMdUgZcBkX3qSa5A_Jv5hkE12xADr4-piYBPmPYFx9WXgo4R4b8DrZXMIgsT6jCyVdbs41ch8IyZO_bCE6366z3N6GTxeYCfOMywaK5TjUjvRbKx5irkgm_W3gcj47kmJdKkFYGmVgF8j5iJvClQnHADzkFUYZ3rtUuJZV5CR9Yl4juZdcx0rid9E3-Iy7hpITwE0uSbc8F-a85WB1E4fkjddFdqwTFue7MuyQ98GTAewV0qv817_zAyrRRzIK0LnntUBFlJ_yGy0OrT5YmcNgDfCAe0LjGafHz1xo2OEqjPcmoPTuS2XMD4X1S0WcloMlMdCCKgE73ifWEH5u90pSdA3tycUGt4lmoVIskAlxXDsNHDO7gWuWkHBSgaWXv8WwkF_fS9kFL7G0aw8WNKEs9e8elb_IFyrOmYjgR_fldEGC5kGX1oM91bfl6I_k7J6y-DbcWL7sFLJzMSVv6nFLjNQ7om1OFD7kFVSBRw3Nj1HMOpWobcVXoppbcYJ9Y_lw9DPWonTM3jbCMrKPtc59D0opu4Te5Il1_YatjbLbktQ7Xh0hr0nje8m9_n2Ek8wz-2zh8HMftCY_CNmqUtm6OiQxzzgfmA1C9nCohNprp6IpuO4zqGf9XekTavDc15UgOWbLJn5BzFVRIAnydYIzKRwDa62t4gntXKGH882KVDbLASueC7ms1vUJ_SzCSlzwC7WYerwi9p7tCmN7lzf7kuR4fTMDPNCaK52xNTMnZ9ZFqDqhfRlmqBj5LCps3xpHWFUPoWZLGWNVqRKKLvSLDNLHezYR-Q7np1Fp-10iCyjSslRzqBMeLHfZpFus_teKIfEupgUlbOJ1VpMWhgt4O1aD_PRvHMLLdN6U5QrtYn4N6d209VTEERYx4LE3SH7IjgV7_nHzzPhW_Z_G05S-AFSb_fd7aH4fJ7uHoT_W-24exJ46lKJ1xDJAq-1w7Mbwjlm_8lptuuDezyNYlI4woAPTFRZWXEUdVJ859zKSGL0fg-PR5ypUTnFkNkTjQ=='
print("Decrypted data: ", f.decrypt(token).decode())

数据安全-逆向部分

有两个是逆向题

一个看着吓人, 其实就是个RC4算法,而且还没魔改(不对, RC4确实不好魔改, 但是呢,也没有结合别的算法)挺好解的, 就是有点唬人了

而另一个不出意外的话就出意外了(BUSHI) 爆零了

letsGO

用go语言写的

总体思路就是

  1. 发现是RC4加密
  2. 找到密文
  3. 找流密钥(没有就暴破)
  4. 解密

ida64分析

image-20230403133430785

image-20230403133535399

image-20230403134818076

image-20230403142146129

贴exp

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#include<stdio.h>
#include <Windows.h>
#include <iostream>
using namespace std;
/*
RC4初始化函数
*/
void rc4_init(unsigned char* s, unsigned char* key, unsigned long Len_k)
{
	int i = 0, j = 0;
	char k[256] = { 0 };
	unsigned char tmp = 0;
	for (i = 0; i < 256; i++) {
		s[i] = i;
		k[i] = key[i % Len_k];
	}
	for (i = 0; i < 256; i++) {
		j = (j + s[i] + k[i]) % 256;
		tmp = s[i];
		s[i] = s[j];
		s[j] = tmp;

	}

}

/*
RC4加解密函数
unsigned char* Data     加解密的数据
unsigned long Len_D     加解密数据的长度
unsigned char* key      密钥
unsigned long Len_k     密钥长度
*/
void rc4_crypt(unsigned char* Data, unsigned long Len_D, unsigned char* key, unsigned long Len_k) //加解密
{
	unsigned char s[256];
	rc4_init(s, key, Len_k);
	int i = 0, j = 0, t = 0;
	unsigned long k = 0;
	unsigned char tmp;
	for (k = 0; k < Len_D; k++) {
		i = (i + 1) % 256;
		j = (j + s[i]) % 256;
		tmp = s[i];
		s[i] = s[j];
		s[j] = tmp;
		t = (s[i] + s[j]) % 256;
		Data[k] = Data[k] ^ s[t];
	}
	if (Data[0] == 'f' && Data[1] == 'l' && Data[2] == 'a' && Data[3] == 'g')
	{
		printf("ok");
		cout << Data << endl;
	}

}
void main()
{
	//字符串密钥
	unsigned char key[3] = { 0 };
	unsigned long key_len = sizeof(key);
	
	//密文
	unsigned char data[] = { 0x6,0x74,0xb4,0xe2,0x49,0xd,0x91,0x36,0x95,0x9d,0x7a,0xfe,0xc7,0xa9,0xa4,0xa1,0xf0,0xf6,0x3,0x56,0x90,0xfa,0x1a,0x32,0xa7,0x6d,0x39,0xee };
	unsigned char datas[] = { 0x6,0x74,0xb4,0xe2,0x49,0xd,0x91,0x36,0x95,0x9d,0x7a,0xfe,0xc7,0xa9,0xa4,0xa1,0xf0,0xf6,0x3,0x56,0x90,0xfa,0x1a,0x32,0xa7,0x6d,0x39,0xee };

	//加解密
	//rc4_crypt(data, sizeof(data), key, key_len);
	for (int i1 = 0; i1 < 256; i1++)
	{
		for (int i2 = 0; i2 < 256; i2++)
		{
			for (int i3 = 0; i3 < 256; i3++)
			{
				key[0] = i1;
				key[1] = i2;
				key[2] = i3;
				rc4_crypt(datas, sizeof(data), key, key_len);
				memcpy(datas, data, sizeof(data));

			}
		}
	}

	return;
}

# flag{Go_1an9_1s_n07_s0_Hard}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# # def RC4(keys):
# #     cipher = [0x6, 0x74, 0xb4, 0xe2, 0x49, 0xd, 0x91, 0x36, 0x95, 0x9d, 0x7a, 0xfe, 0xc7, 0xa9, 0xa4, 0xa1, 0xf0, 0xf6,
# #               0x3, 0x56, 0x90, 0xfa, 0x1a, 0x32, 0xa7, 0x6d, 0x39, 0xee]
# #
# #     key = list(keys)
# #     # KSA
# #     S = [i for i in range(256)]
# #     j = 0
# #     for i in range(256):
# #         j = (j + S[i] + ord(key[i % len(key)])) % 256
# #         S[i], S[j] = S[j], S[i]
# #     # PRGA
# #     i = 0
# #     j = 0
# #     keystream = []
# #     for k in range(26):
# #         i = (i + 1) % 256
# #         j = (j + S[i]) % 256
# #         S[i], S[j] = S[j], S[i]
# #         keystream.append(S[(S[i] + S[j]) % 256])
# #
# #     enc = "".join(map(chr, [(cipher[i] ^ keystream[i]) for i in range(len(keystream))]))
# #     if "flag" in enc:
# #         print(key)
# #
# #
# # for i in range(256):  # 48-57 ---- 0-9
# #     for j in range(256):
# #         for k in range(256):
# #             RC4(chr(i) + chr(j) + chr(k))
#
# def Rc4_Encrypt(m, key):
#     s = []
#     t = []
#     out = []  # putput
#     for i in range(256):
#         s.append(i)
#         t.append(ord(key[i % len(key)]))
#
#     j = 0
#     for i in range(256):
#         j = (j + s[i] + t[i]) % 256
#         s[i], s[j] = s[j], s[i]
#
#     i, j = 0, 0
#     for p in range(len(m)):
#         i = (i + 1) % 256
#         j = (j + s[i]) % 256
#
#         s[i], s[j] = s[j], s[i]
#
#         index = (s[i] + s[j]) % 256
#         out.append(s[index] ^ m[p])
#     return (bytes(out))
#
#
# import itertools
#
# c = [0x6, 0x74, 0xb4, 0xe2, 0x49, 0xd, 0x91, 0x36, 0x95, 0x9d, 0x7a, 0xfe, 0xc7, 0xa9, 0xa4, 0xa1, 0xf0, 0xf6, 0x3,
#      0x56, 0x90, 0xfa, 0x1a, 0x32, 0xa7, 0x6d, 0x39, 0xee]
#
# k = []
# for i in itertools.product([str(i) for i in range(256)], repeat=3):
#     k.append(i)
# for j in itertools.product([str(j) for j in range(256)], repeat=3):
#     k.append(j)
# for m in itertools.product([str(m) for m in range(256)], repeat=3):
#     k.append(m)
# # k = []
# # for i in range(256):
# #     for j in range(256):
# #         for m in range(256):
# #             k = '2023'
#
#     out = Rc4_Encrypt(bytes(c), k)
#
#     try:
#         print(out.decode())
#     except:
#         print("err")
def RC4(keys):
    cipher = [0x6, 0x74, 0xb4, 0xe2, 0x49, 0xd, 0x91, 0x36, 0x95, 0x9d, 0x7a, 0xfe, 0xc7, 0xa9, 0xa4, 0xa1, 0xf0, 0xf6, 0x3, 0x56, 0x90, 0xfa, 0x1a, 0x32, 0xa7, 0x6d, 0x39, 0xee]
    key = list(keys)
    # KSA
    S = [i for i in range(256)]
    j = 0
    for i in range(256):
        j = (j + S[i] + ord(key[i % len(key)])) % 256
        S[i], S[j] = S[j], S[i]
    # PRGA
    i = 0
    j = 0
    keystream = []
    for k in range(len(cipher)):
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        keystream.append(S[(S[i] + S[j]) % 256])

    enc = "".join(map(chr, [(cipher[i] ^ keystream[i]) for i in range(len(keystream))]))
    if "flag" in enc:
        print(key)
        print(enc)


for i in range(126):  # 48-57 ---- 0-9
    for j in range(126):
        for m in range(126):
            RC4(chr(i) + chr(j) + chr(m))

# ['r', 'd', '}']
# flag{Go_1an9_1s_n07_s0_Hard}

python 比较慢

image-20230403160016011