代码的执行时间挺长的,好囧!
参考了https://13c5.wordpress.com/2015/04/20/plaidctf-2015-png-uncorrupt/的代码
通过这个题目,也对Png文件格式更深入地理解了!
使用这个代码的前提是将png signature里面的0x0a修改为0x0d0a
1 from itertools import combinations 2 import binascii 3 import os 4 5 6 def find_all(source,aim): 7 start=0 8 while True: 9 start=source.find(aim,start) 10 if start==-1: 11 return 12 yield start 13 start +=len(aim) 14 15 def repair(source,aim,filedes,num,crc): 16 matchlist=list(find_all(source,'x0a')) 17 18 for subnet in combinations(matchlist,num): 19 subnet=sorted(subnet) 20 temp='' 21 if(num==3): 22 temp=source[:subnet[0]]+'x0dx0a'+source[subnet[0]+1:subnet[1]]+'x0dx0a'+source[subnet[1]+1:subnet[2]]+'x0dx0a'+source[subnet[2]+1:] 23 if(num==2): 24 temp=source[:subnet[0]]+'x0dx0a'+source[subnet[0]+1:subnet[1]]+'x0dx0a'+source[subnet[1]+1:] 25 if(num==1): 26 temp=source[:subnet[0]]+'x0dx0a'+source[subnet[0]+1:] 27 if "%08x" % (binascii.crc32(temp)&0xFFFFFFFF)==crc: 28 filedes.write(temp) 29 filedes.write(binascii.a2b_hex(crc)) 30 filedes.flush() 31 print "success" 32 break; 33 print "fail" 34 35 uncfile=open("corrupt_735acee15fa4f3be8ecd0c6bcf294fd4.png","rb") 36 cocfile=open("correct.png","wb") 37 #first write 38 correct=uncfile.read(0x6d) 39 cocfile.write(correct) 40 cocfile.flush() 41 42 correct=uncfile.read(0x4)#length 43 cocfile.write(correct) 44 cocfile.flush() 45 46 uncorrect=uncfile.read(0x20000-0x1+0x4) 47 crc=uncfile.read(0x4) 48 crc=binascii.hexlify(crc) 49 print crc 50 repair(uncorrect,'x0a',cocfile,1,crc)#1 51 #second write 52 correct=uncfile.read(0x4)#length 53 cocfile.write(correct) 54 cocfile.flush() 55 uncorrect=uncfile.read(0x20000-0x3+0x4) 56 crc=uncfile.read(0x4) 57 crc=binascii.hexlify(crc) 58 print crc 59 repair(uncorrect,'x0a',cocfile,3,crc)#2 60 #third write 61 correct=uncfile.read(0x4)#length 62 cocfile.write(correct) 63 cocfile.flush() 64 uncorrect=uncfile.read(0x20000-0x1+0x4) 65 crc=uncfile.read(0x4) 66 crc=binascii.hexlify(crc) 67 print crc 68 repair(uncorrect,'x0a',cocfile,1,crc)#3 69 #fourth write 70 correct=uncfile.read(0x4+0x4+0x20000+0x4) 71 cocfile.write(correct) 72 cocfile.flush() 73 #fifth write 74 correct=uncfile.read(0x4)#length 75 cocfile.write(correct) 76 cocfile.flush() 77 uncorrect=uncfile.read(0x20000-0x3+0x4) 78 crc=uncfile.read(0x4) 79 crc=binascii.hexlify(crc) 80 print crc 81 repair(uncorrect,'x0a',cocfile,3,crc)#4 82 #6th 83 correct=uncfile.read(0x4)#length 84 cocfile.write(correct) 85 cocfile.flush() 86 uncorrect=uncfile.read(0x20000-0x1+0x4) 87 crc=uncfile.read(0x4) 88 crc=binascii.hexlify(crc) 89 print crc 90 repair(uncorrect,'x0a',cocfile,1,crc)#5 91 #7th 92 correct=uncfile.read(0x4) 93 cocfile.write(correct) 94 cocfile.flush() 95 uncorrect=uncfile.read(0x20000-0x2+0x4) 96 crc=uncfile.read(0x4) 97 crc=binascii.hexlify(crc) 98 print crc 99 repair(uncorrect,'x0a',cocfile,2,crc)#6 100 #8th 101 correct=uncfile.read(0x4+0x4+0x20000+0x4) 102 cocfile.write(correct) 103 cocfile.flush() 104 #9th 105 correct=uncfile.read(0x4) 106 cocfile.write(correct) 107 cocfile.flush() 108 uncorrect=uncfile.read(0x20000-0x1+0x4) 109 crc=uncfile.read(0x4) 110 crc=binascii.hexlify(crc) 111 print crc 112 repair(uncorrect,'x0a',cocfile,1,crc)#7 113 #10th 114 correct=uncfile.read(0x4+0x4+0x216f) 115 cocfile.write(correct) 116 cocfile.flush() 117 118 uncfile.close() 119 cocfile.close()
结果:
参考文献:
http://blog.csdn.net/gogor/article/details/5265710
http://www.libpng.org/pub/png/apps/pngcheck.html
http://www.libpng.org/pub/png/book/chapter08.html
http://stackoverflow.com/questions/27238021/png-images-not-loaded
https://13c5.wordpress.com/2015/04/20/plaidctf-2015-png-uncorrupt/