[mrctf2020] thousand layer routine

[MRCTF2020] Thousand layer routine

Title address : https://buuoj.cn/challenges#[MRCTF2020]%E5%8D%83%E5%B1%82%E5%A5%97%E8%B7%AF

Decompress the package , It is found that the password is actually the name of the compressed package , Then according to the topic ,tnnd It's a doll problem again

import zipfile

file_path = input('path : ')# Compress package path 
path = "/Users/mzq/Desktop/ctf/buuctf/misc/[MRCTF2020] Thousand layer routine /"
# path = file_path[0:len(file_path)-len(file_path.split('//')[-1])]
print(path)
n = 0
s2 = ""

def extract():
    i = file_path.split('\\')[-1]# Recursive decompression package name 
    print(i)


    str1 = ''
    for x in range(1000):
        ss = i[:i.find(".")]
        print(ss)

        zpf = zipfile.ZipFile( path+ss + ".zip")
        list = zpf.namelist()
        #print(list)
        print(x + 1)
        for f in list:

            #print(f)
            passwd = ss
            #passwd = f.split('.')[0]# Zip code 
            #print(passwd)
            zpf.extract(f, path, bytes(passwd.encode('utf-8')))
            if 'zip' in f:
                print(path, passwd)
                i = str(f)


extract()

In the end, we solved a qr.zip

qr.zip After unzipping, we get qr.txt , There are some pixel values , Or coordinate value

Use script puzzles

from PIL import Image


file=open('qr.txt')
MAX=200
 
picture=Image.new("RGB",(MAX,MAX))
for y in range(MAX):
    for x in range(MAX):
        string =file.readline()
        picture.putpixel([x,y],eval(string)) # Use it directly eval() Can be converted to tuples 
picture.show()

MRCTF{ta01uyout1nreet1n0usandtimes}