steghide info Extinction.jpg
查看数据
steghide extract -sf Extinction.jpg
提取
简单逆向
r2 文件
[0x00001060]> aaa
INFO: Analyze all flags starting with sym. and entry0 (aa)
INFO: Analyze all functions arguments/locals (afva@@@F)
INFO: Analyze function calls (aac)
INFO: Analyze len bytes of instructions for references (aar)
INFO: Finding and parsing C++ vtables (avrr)
INFO: Type matching analysis for all functions (aaft)
INFO: Propagate noreturn information (aanr)
INFO: Use -AA or aaaa to perform additional experimental analysis
[0x00001060]> afl
0x00001060 1 43 entry0
0x00003fe0 6 179 fcn.00003fe0
0x00001090 4 34 sym.deregister_tm_clones
0x000010c0 4 51 sym.register_tm_clones
0x00001100 5 50 sym.__do_global_dtors_aux
0x00001050 1 6 sym.imp.__cxa_finalize
0x00001140 1 5 sym.frame_dummy
0x00001000 3 23 sym._init
0x000011e0 1 1 sym.__libc_csu_fini
0x00001145 1 24 sym.skip
0x00001040 1 6 sym.imp.printf
0x000011e4 1 9 sym._fini
0x00001180 4 93 sym.__libc_csu_init
0x0000115d 1 23 main
0x00001030 1 6 sym.imp.puts
[0x00001060]> pdf @main
; DATA XREF from entry0 @ 0x107d(r)
┌ 23: int main (int argc, char **argv, char **envp);
│ 0x0000115d 55 push rbp
│ 0x0000115e 4889e5 mov rbp, rsp
│ 0x00001161 488d3db80e00. lea rdi, str.Hello_there__wish_you_have_a_nice_day ; 0x2020 ; "Hello there, wish you have a nice day" ; const char *s
│ 0x00001168 e8c3feffff call sym.imp.puts ; int puts(const char *s)
│ 0x0000116d b800000000 mov eax, 0
│ 0x00001172 5d pop rbp
└ 0x00001173 c3 ret
[0x00001060]>
|
xxd -p spoil.png > spoil转16进制导出
加上png头89504E47,还要对齐数量?
从这个头往后删除
s1 = "44585d6b2368737c65252166234f20626d"
s2 = "1010101010101010101010101010101010"
a = hex(int(s1, 16) ^ int(s2, 16))[2:]
print(bytes.fromhex(a).decode('utf-8'))
|
异或
Wayback machine
历史快照,貌似关闭了
密码…敏锐的观察力
