题目

解题思路
查看文件格式
使用FFV,未发现文件格式,但发现文件头未KP,和常见的压缩包PK是反着的,由此揣测用010Editor查看文件原始数据

010查看字节
发现pk头但是被反转了

按照8字节反转回来
参考文章:https://blog.csdn.net/2402_87950092/article/details/159728592?spm=1001.2014.3001.5506
python
import struct
def solve():
input_file = "哦"
output_file = "flag.zip"
try:
with open(input_file, 'rb') as f:
content = f.read()
except FileNotFoundError:
print(f"找不到文件: {input_file},请确认文件名或路径。")
return
recovered_data = bytearray()
# 全文按8字节块反转的
chunk_size = 8
for i in range(0, len(content), chunk_size):
chunk = content[i : i + chunk_size]
recovered_data.extend(chunk[::-1])
with open(output_file, 'wb') as f:
f.write(recovered_data)
print(f"处理完成!已生成文件: {output_file}")
print(" flag.zip 。")
if __name__ == '__main__':
solve()
运行代码,生成zip文件

打开后发现有密码

bkcarck破解压缩包
发现是ZipCrypto加密,使用bkcarck破解压缩包

跑了15分钟才出结果
bash
bkcrack.exe -C "flag.zip" -c a.png -x 0 89504E470D0A1A0A0000000D
bash
bkcrack 1.8.1 - 2025-10-25
[15:24:29] Z reduction using 5 bytes of known plaintext
100.0 % (5 / 5)
[15:24:29] Attack on 1132332 Z values at index 6
Keys: d590788c b34e73fb 40e733d1
88.6 % (1003400 / 1132332)
Found a solution. Stopping.
You may resume the attack with the option: --continue-attack 1003400
[15:39:25] Keys
d590788c b34e73fb 40e733d1

bash
bkcrack.exe -C "flag.zip" -k d590788c b34e73fb 40e733d1 -D decrypted.zip
bash
bkcrack 1.8.1 - 2025-10-25
[15:41:17] Writing decrypted archive decrypted.zip
100.0 % (1 / 1)


双图盲水印



答案
flag{01d38cf8-e6f9-11f0-8fcd-11155d4a}