当前位置:网站首页>Misc advanced
Misc advanced
2022-07-22 17:39:00 【pipasound】
List of articles
Some unfinished ones will be added later
INSHack2018 so deep
First use audacity open , Found that only the lower half flag
The spectrum is resized to get the complete first half flag
use DeepSound open , Found a password
Get the password with script
#!/usr/bin/env python3
'''
deepsound2john extracts password hashes from audio files containing encrypted
data steganographically embedded by DeepSound (http://jpinsoft.net/deepsound/).
This method is known to work with files created by DeepSound 2.0.
Input files should be in .wav format. Hashes can be recovered from audio files
even after conversion from other formats, e.g.,
ffmpeg -i input output.wav
Usage:
python3 deepsound2john.py carrier.wav > hashes.txt
john hashes.txt
This software is copyright (c) 2018 Ryan Govostes <[email protected].com>, and
it is hereby released to the general public under the following terms:
Redistribution and use in source and binary forms, with or without
modification, are permitted.
'''
import logging
import os
import sys
import textwrap
def decode_data_low(buf):
return buf[::2]
def decode_data_normal(buf):
out = bytearray()
for i in range(0, len(buf), 4):
out.append((buf[i] & 15) << 4 | (buf[i + 2] & 15))
return out
def decode_data_high(buf):
out = bytearray()
for i in range(0, len(buf), 8):
out.append((buf[i] & 3) << 6 | (buf[i + 2] & 3) << 4 \
| (buf[i + 4] & 3) << 2 | (buf[i + 6] & 3))
return out
def is_magic(buf):
# This is a more efficient way of testing for the `DSCF` magic header without
# decoding the whole buffer
return (buf[0] & 15) == (68 >> 4) and (buf[2] & 15) == (68 & 15) \
and (buf[4] & 15) == (83 >> 4) and (buf[6] & 15) == (83 & 15) \
and (buf[8] & 15) == (67 >> 4) and (buf[10] & 15) == (67 & 15) \
and (buf[12] & 15) == (70 >> 4) and (buf[14] & 15) == (70 & 15)
def is_wave(buf):
return buf[0:4] == b'RIFF' and buf[8:12] == b'WAVE'
def process_deepsound_file(f):
bname = os.path.basename(f.name)
logger = logging.getLogger(bname)
# Check if it's a .wav file
buf = f.read(12)
if not is_wave(buf):
global convert_warn
logger.error('file not in .wav format')
convert_warn = True
return
f.seek(0, os.SEEK_SET)
# Scan for the marker...
hdrsz = 104
hdr = None
while True:
off = f.tell()
buf = f.read(hdrsz)
if len(buf) < hdrsz: break
if is_magic(buf):
hdr = decode_data_normal(buf)
logger.info('found DeepSound header at offset %i', off)
break
f.seek(-hdrsz + 1, os.SEEK_CUR)
if hdr is None:
logger.warn('does not appear to be a DeepSound file')
return
# Check some header fields
mode = hdr[4]
encrypted = hdr[5]
modes = {2: 'low', 4: 'normal', 8: 'high'}
if mode in modes:
logger.info('data is encoded in %s-quality mode', modes[mode])
else:
logger.error('unexpected data encoding mode %i', modes[mode])
return
if encrypted == 0:
logger.warn('file is not encrypted')
return
elif encrypted != 1:
logger.error('unexpected encryption flag %i', encrypted)
return
sha1 = hdr[6:6+20]
print('%s:$dynamic_1529$%s' % (bname, sha1.hex()))
if __name__ == '__main__':
import argparse
parser = argparse.ArgumentParser()
parser.add_argument('--verbose', '-v', action='store_true')
parser.add_argument('files', nargs='+', metavar='file',
type=argparse.FileType('rb', bufsize=4096))
args = parser.parse_args()
if args.verbose:
logging.basicConfig(level=logging.INFO)
else:
logging.basicConfig(level=logging.WARN)
convert_warn = False
for f in args.files:
process_deepsound_file(f)
if convert_warn:
print(textwrap.dedent('''
---------------------------------------------------------------
Some files were not in .wav format. Try converting them to .wav
and try again. You can use: ffmpeg -i input output.wav
---------------------------------------------------------------
'''.rstrip()), file=sys.stderr)
Untie and get flag2.txt
There is a path at the bottom , Just click on it
[UTCTF2020]sstv
stay kali In the installation QSSTV
sudo apt-get install qsstv
start-up QSSTV, Settings :qsstv->Options->Configration->Sound->from file
Open the file to decode :(start)
Audio steganography _09
Memory forensics
2 - General Info
3 - Play Time
4 - Name Game
Rock training
[PID] File offset 
Common filtering rules for traffic packets 
ctfhub- Flow packet
icmp_Length
data Back length of
99-c 116 -t
ctfhub{}
icmp_LengthBinary
icmp-Data
边栏推荐
- Rendering process of browser pages
- C static classes and static class members
- 分布式计算框架Map/Reduce
- Misc进阶
- PostgreSQL判断是否为空coalesce
- LCD笔记(3)写出LCD基本驱动框架
- (十一)51单片机——用AT24C02实现存储秒表数据(附成果展示)
- Castor realizes high-throughput analysis of large-scale cloud assembly through polygonica 3D engine, and hoops exchange helps it read CAD data files
- Family Trivia
- Overview of nftfi track layout
猜你喜欢
Critical path problem
2022-07-21:给定一个字符串str,和一个正数k, 你可以随意的划分str成多个子串, 目的是找到在某一种划分方案中,有尽可能多的回文子串,长度>=k,并且没有重合。 返回有几个回文子串。 来
"New capabilities" of rongyun Super Group
ACL和NET
What is numpy?
NFS共享存储服务
并发程序的噩梦——数据竞争
![[pictures and texts] detailed tutorial of online one click reinstallation of win7 system](/img/7c/b63e4a94eb1a9a1417d641276d73cc.png)
[pictures and texts] detailed tutorial of online one click reinstallation of win7 system
NPM warn config global ` --global `, `--local` are deprecated Use `--location=global` instead.
会议OA项目之项目简介&会议发布
随机推荐
How to solve the problem of uncontrollable win11 flashing white screen?
深说浅谈DOM对象,用4个版本demoplus让你扭断history.state头(更)
pytorch
有人知道oracle cdc这个问题吗?source没有空值,但是查询定义的cdc表时说有空值,让修
MySQL constraint_ Unique constraint
Does anyone know the problem of Oracle CDC? Source does not have a null value, but when querying the defined CDC table, it says there is a null value. Let's fix it
[external sorting] merge ideas to complete external sorting
广度优先遍历(Breath First Search)
家庭琐事问题
【数字IC】深入浅出理解AXI协议
备战攻防演练,这里有一张腾讯安全重保布防图!
Playbook 介绍
MySQL 增删改查(進階)
MySQL系列三:函数&索引&视图&错误代码编号含义
Instruction arrangement problem
【单片机仿真项目】 外部中断0控制发光二极管亮灭
信息安全CISP认证-大家关心哪些问题?
mysql查询中能否同时判断多个字段的值
Infrared remote control of FPGA
基于 Flink CDC 实现海量数据的实时同步和转换