我如何检查base64字符串是否是文件(什么类型?)? [英] How can i check a base64 string is a file(what type?) or not?
问题描述
我在 https://2020.ractf.co.uk/上接受了Spentalkux挑战. 这是我第一次进行CTF挑战,所以我在 https://github.com/W3rni0/RACTF_2020/blob/master/readme.md#spentalkux
I took the Spentalkux challenge on https://2020.ractf.co.uk/. This is the first time I do a CTF challenge so I went through a solution on https://github.com/W3rni0/RACTF_2020/blob/master/readme.md#spentalkux
当我收到此base64字符串时:
When I receive this base64 string :
JA2HGSKBJI4DSZ2WGRAS6KZRLJKVEYKFJFAWSOCTNNTFCKZRF5HTGZRXJV2EKQTGJVTXUOLSIMXWI2KYNVEUCNLIKN5HK3RTJBHGIQTCM5RHIVSQGJ3C6MRLJRXXOTJYGM3XORSIJN4FUYTNIU4XAULGONGE6YLJJRAUYODLOZEWWNCNIJWWCMJXOVTEQULCJFFEGWDPK5HFUWSLI5IFOQRVKFWGU5SYJF2VQT3NNUYFGZ2MNF4EU5ZYJBJEGOCUMJWXUN3YGVSUS43QPFYGCWSIKNLWE2RYMNAWQZDKNRUTEV2VNNJDC43WGJSFU3LXLBUFU3CENZEWGQ3MGBDXS4SGLA3GMS3LIJCUEVCCONYSWOLVLEZEKY3VM4ZFEZRQPB2GCSTMJZSFSSTVPBVFAOLLMNSDCTCPK4XWMUKYORRDC43EGNTFGVCHLBDFI6BTKVVGMR2GPA3HKSSHNJSUSQKBIE
我不知道如何检查它是否是文件,但是求解器说它是gz压缩数据文件.
I don't know how to check if it is a file, but the solver said that it is a gz compressed data file.
可以帮我吗? 详细信息
链接到文件: https://github.com/W3rni0/RACTF_2020/blob/master/assets/files/Spentalkux.gz
推荐答案
许多文件类型都有一个标头(文件的前几个字节),并带有一些固定信息,通过这些信息可以将文件标识为gz,png,pdf,等等
Many filetypes have a header (the first few bytes of the file) with some fixed information by which a file can be identified as a gz, png, pdf, etc.
因此,每个base64编码的gz文件也将以一定的base64字符序列开头,从而可以识别该序列.
So every base64 encoded gz file would also start with a certain sequence of base64 characters, by which it can be recognized.
gzip文件始终以两个字节序列0x1f 0x1b开头,该序列以base64为基础编码为H4加上s至v范围内的第三个字符.
A gzip-file always starts with the two byte sequence 0x1f 0x1b, which in base64 encoding is H4 plus a third character in the range of s to v.
原因是,每个base64字符代表原始字节的6位,因此,两个字节0x1f 0x1b用两个base64字符(12位)加上第三个字符的前4位进行编码.
The reason is, that every base64 character represents 6 bits of the original bytes, so the two bytes 0x1f 0x1b are encoded with two base64 characters (12 bits) plus the first 4 bits of the third character.
基于此,我想说的是您在那里显示的不是base64编码的gzip.
Based on that, I would say that's no base64 encoded gzip that you show there.
另一个例子是
开始于:0x89 0x50 0x4e 0x47 0x0d 0x0a 0x1a 0x0a
starts with: 0x89 0x50 0x4e 0x47 0x0d 0x0a 0x1a 0x0a
base64编码:iVBORw0KGg...
base64 encoded: iVBORw0KGg...
Update: in the updated question there's a hint in the attached picture that the data is first base32 encoded and then base64 encoded.
当我们通过在线base32解码器输入问题(JA2HGSKBJI4DSZ2WGRAS...),我们得到:
When we feed an online base32 decoder with the string given in the question (JA2HGSKBJI4DSZ2WGRAS...), we get:
H4sIAJ89gV4A/+1ZURaEIAi8SkfQ+1/O3f7MtEBfMgz9rC/diXmIA5hSzun3HNdBbgbtVP2v/2+LowM837wFHKxZbmE9pQfsLOaiLAL8kvIk4MBma17ufHQbIJCXoWNZZKGPWB5QljvXIuXOmm0SgLixJw8HRC8Tbmz7x5eIspypaZHSWbj8cAhdjli2WUkR1sv2dZmwXhZlDnIcCl0GyrFX6fKkBEBTBsq+9uY2Ecug2Rf0xtaJlNdYJuxjP9kcd1LOW/fQXtb1sd3fSTGXFTx3UjfGFx6uJGjeIAAA
它以H4s开头,因此根据我写的有关如何识别base64编码的文件类型的内容,它是base64编码的gzip文件.
It starts with H4s, so according to what I wrote about how to recognize file types in base64 encoding, it's a base64 encoded gzip file.
可以将其保存在文本文件中,然后上传到 base64decode.org 上,在该文件中将对其进行转换到一个gzip文件中.当您下载并打开该gzip文件时,它包含一个带有如下文本的文件:
This can be saved in a text file and then uploaded on base64decode.org where it will be converted into a gzip file. When you download and open that gzip file it contains a file with text like this:
00110000 00110000 00110001 00110001 00110000 00110001 00110000 00110000 00100000 00110000 00110000 00110001 00110001 00110000 00110001 00110000 00110001 00100000 ...
在这种情况下的结论:原始字符串/文件是gzip文件,该文件首先经过base64编码,而base64编码的部分再次使用base32进行了编码.
Conclusion for this case: The original string/file is a gzip file that was first base64 encoded and the base64 encoded part was again encoded with base32.
这篇关于我如何检查base64字符串是否是文件(什么类型?)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
