题目内容

“Welcome to the XCTF-*CTF2022, I’m Alice and interested in AI security. I prepared a easy warm-up for you before you enjoy those pure AI security challenges.Like humans, AI also needs to warm up before running. Can you find something strange in these initialized parameters?”

题目在附件中

思路

看到题目和附件，知道这是跟模型参数初始化有关，看到给的附件也是个zip＋hint.py，想到torch保存模型的时候也是zip文件（后缀为.pt，但是就是zip格式的），所以要先加载一下模型

解题

1.加载一下模型，看看参数

查看参数代码

import os
# 允许 OpenMP 运行时加载多个副本，强行绕过 DLL 冲突检查
os.environ["KMP_DUPLICATE_LIB_OK"] = "TRUE"
import torch
import torch.nn as nn
import string  
import matplotlib.pyplot as plt  
import numpy as np 

#傀儡模型欺骗反序列化，不加AliceNet1会报错
class AliceNet1(nn.Module):
    def __init__(self):
        super(AliceNet1, self).__init__()

path="alice.zip"
net =torch.load(path,weights_only=False)
for name,value in net.state_dict().items():
    print(name)
    print(value)
    print(value.shape)
#或者是下面这样写
# for name in net.state_dict():
#     state_dict = net.state_dict()
#	  print(name)
#     print(state_dict[name])
#	  print(state_dict[name].shape)

只看有用的结果，这里有个小坑不加AliceNet1会报错

fc.0.weight
tensor([[0., 0., 1.,  ..., 0., 0., 0.],
        [0., 0., 0.,  ..., 0., 0., 0.],
        [0., 0., 0.,  ..., 0., 0., 0.],
        ...,
        [0., 0., 0.,  ..., 0., 0., 0.],
        [0., 0., 0.,  ..., 0., 0., 0.],
        [0., 0., 0.,  ..., 0., 0., 0.]])
torch.Size([47, 47])

报错代码

AttributeError: Can't get attribute 'AliceNet1' on <module '__main__' from 'e:\\AI安全\\CTF\\Alice_warm_up\\solve.py'>

2.看到参数还有hint.py

第 0 层的 fc.0.weight 知道看着像是邻接矩阵 且矩阵是 47*47看到 hint.py 里面的内容,把字符串打印出来看到也是 47 个字符想到可能是邻接矩阵

0123456789abcdefghijklmnopqrstuvwxyz*CTF{ALIZE}

3.想到用dfs求解

不过这里还有一个小坑，因为PyTorch 的 Linear 权重形状是 [out_features, in_features]，所以我在找路的时候把current_node和next_node反着写了一直没找出来。后来还是正着写就出来了。

import os
os.environ["KMP_DUPLICATE_LIB_OK"] = "TRUE"
import torch.nn as nn
import torch
import string
#傀儡模型欺骗反序列化
class AliceNet1(nn.Module):
    def __init__(self):
        super(AliceNet1, self).__init__()
path='alice.zip'
net = torch.load(path, weights_only=False) #不加的话会报反序列化的错误
#查看模型参数
# for name in net.state_dict():
#     print(name)
#     state_dict=net.state_dict()
#     print(state_dict[name])
#     print(state_dict[name].shape)

#知道了是linear0的权重参数是邻接矩阵47*47，且有hint提示字符串那个字符串长度为47

flagset =string.printable[0:36]+"*CTF{ALIZE}"
# print(flagset)

NODE_COUNT = len(flagset)  # 总节点数 47
TARGET_LENGTH = 16        # Flag固定长度16
END_NODE = 46             # 终点 '}' 的索引
START_NODE = 36           # 起点 '*' 的索引
mymat=net.state_dict()["fc.0.weight"].tolist()
used = [False] * NODE_COUNT
def dfs(current_node, current_length, path):
    if current_length == TARGET_LENGTH:
        if current_node == END_NODE:
            flag_str = "".join([flagset[idx] for idx in path])
            print(f"找到了Flag: {flag_str}")
        return

    for next_node in range(NODE_COUNT):
        if not used[next_node]:
            if mymat[current_node][next_node] == 1.0: 
                used[next_node] = True
                #递归
                dfs(next_node, current_length + 1, path + [next_node])
                # 回溯,取消标记（允许其他路径使用）
                used[next_node] = False
used[START_NODE] = True  # 起点先标记为已访问
dfs(START_NODE, 1, [START_NODE])

[培训]Windows内核深度攻防：从Hook技术到Rootkit实战！