代码的执行时间挺长的,好囧!
参考了https://13c5.wordpress.com/2015/04/20/plaidctf-2015-png-uncorrupt/的代码
通过这个题目,也对Png文件格式更深入地理解了!
使用这个代码的前提是将png signature里面的0x0a修改为0x0d0a
1 from itertools import combinations
2 import binascii
3 import os
4
5
6 def find_all(source,aim):
7 start=0
8 while True:
9 start=source.find(aim,start)
10 if start==-1:
11 return
12 yield start
13 start +=len(aim)
14
15 def repair(source,aim,filedes,num,crc):
16 matchlist=list(find_all(source,‘\x0a‘))
17
18 for subnet in combinations(matchlist,num):
19 subnet=sorted(subnet)
20 temp=‘‘
21 if(num==3):
22 temp=source[:subnet[0]]+‘\x0d\x0a‘+source[subnet[0]+1:subnet[1]]+‘\x0d\x0a‘+source[subnet[1]+1:subnet[2]]+‘\x0d\x0a‘+source[subnet[2]+1:]
23 if(num==2):
24 temp=source[:subnet[0]]+‘\x0d\x0a‘+source[subnet[0]+1:subnet[1]]+‘\x0d\x0a‘+source[subnet[1]+1:]
25 if(num==1):
26 temp=source[:subnet[0]]+‘\x0d\x0a‘+source[subnet[0]+1:]
27 if "%08x" % (binascii.crc32(temp)&0xFFFFFFFF)==crc:
28 filedes.write(temp)
29 filedes.write(binascii.a2b_hex(crc))
30 filedes.flush()
31 print "success"
32 break;
33 print "fail"
34
35 uncfile=open("corrupt_735acee15fa4f3be8ecd0c6bcf294fd4.png","rb")
36 cocfile=open("correct.png","wb")
37 #first write
38 correct=uncfile.read(0x6d)
39 cocfile.write(correct)
40 cocfile.flush()
41
42 correct=uncfile.read(0x4)#length
43 cocfile.write(correct)
44 cocfile.flush()
45
46 uncorrect=uncfile.read(0x20000-0x1+0x4)
47 crc=uncfile.read(0x4)
48 crc=binascii.hexlify(crc)
49 print crc
50 repair(uncorrect,‘\x0a‘,cocfile,1,crc)#1
51 #second write
52 correct=uncfile.read(0x4)#length
53 cocfile.write(correct)
54 cocfile.flush()
55 uncorrect=uncfile.read(0x20000-0x3+0x4)
56 crc=uncfile.read(0x4)
57 crc=binascii.hexlify(crc)
58 print crc
59 repair(uncorrect,‘\x0a‘,cocfile,3,crc)#2
60 #third write
61 correct=uncfile.read(0x4)#length
62 cocfile.write(correct)
63 cocfile.flush()
64 uncorrect=uncfile.read(0x20000-0x1+0x4)
65 crc=uncfile.read(0x4)
66 crc=binascii.hexlify(crc)
67 print crc
68 repair(uncorrect,‘\x0a‘,cocfile,1,crc)#3
69 #fourth write
70 correct=uncfile.read(0x4+0x4+0x20000+0x4)
71 cocfile.write(correct)
72 cocfile.flush()
73 #fifth write
74 correct=uncfile.read(0x4)#length
75 cocfile.write(correct)
76 cocfile.flush()
77 uncorrect=uncfile.read(0x20000-0x3+0x4)
78 crc=uncfile.read(0x4)
79 crc=binascii.hexlify(crc)
80 print crc
81 repair(uncorrect,‘\x0a‘,cocfile,3,crc)#4
82 #6th
83 correct=uncfile.read(0x4)#length
84 cocfile.write(correct)
85 cocfile.flush()
86 uncorrect=uncfile.read(0x20000-0x1+0x4)
87 crc=uncfile.read(0x4)
88 crc=binascii.hexlify(crc)
89 print crc
90 repair(uncorrect,‘\x0a‘,cocfile,1,crc)#5
91 #7th
92 correct=uncfile.read(0x4)
93 cocfile.write(correct)
94 cocfile.flush()
95 uncorrect=uncfile.read(0x20000-0x2+0x4)
96 crc=uncfile.read(0x4)
97 crc=binascii.hexlify(crc)
98 print crc
99 repair(uncorrect,‘\x0a‘,cocfile,2,crc)#6
100 #8th
101 correct=uncfile.read(0x4+0x4+0x20000+0x4)
102 cocfile.write(correct)
103 cocfile.flush()
104 #9th
105 correct=uncfile.read(0x4)
106 cocfile.write(correct)
107 cocfile.flush()
108 uncorrect=uncfile.read(0x20000-0x1+0x4)
109 crc=uncfile.read(0x4)
110 crc=binascii.hexlify(crc)
111 print crc
112 repair(uncorrect,‘\x0a‘,cocfile,1,crc)#7
113 #10th
114 correct=uncfile.read(0x4+0x4+0x216f)
115 cocfile.write(correct)
116 cocfile.flush()
117
118 uncfile.close()
119 cocfile.close()
结果:
参考文献:
http://blog.csdn.net/gogor/article/details/5265710
http://www.libpng.org/pub/png/apps/pngcheck.html
http://www.libpng.org/pub/png/book/chapter08.html
http://stackoverflow.com/questions/27238021/png-images-not-loaded
https://13c5.wordpress.com/2015/04/20/plaidctf-2015-png-uncorrupt/
时间: 2024-11-05 17:28:13