png图片IDAT块异常

png图片套路走一波，什么查看属性，stegsolve，binwalk

用 tweakpng 查看一下png图片

其它数据块都是导论65524满，倒数第二个还没有满就有下一个数据块了，说明最后一个有问题

用 Hex Workshop 打开，用ctrl搜索关键字IDAT，找到最后一个IDAT所在位置，将这一部分的数据抠出来

如图阴影部分，IDAT只是数据块标识和结束标识一样，不用将它拿出来

那么抠出来的这部分是什么数据呢？查找以78 9c开头的文件是什么，得知是zlib压缩的标志

python编程（基于python3）

import zlib
import binascii

IDAT ="789C5D91011280400802BF04FFFF5C75294B5537738A21A27D1E49CFD17DB3937A92E7E603880A6D485100901FB0410153350DE8311
2EA2D51C54CE2E585B15A2FC78E8872F51C6FC1881882F93D372DEF78E665B0C36C529622A0A45588138833A170A2071DDCD18219DB8C0D465
D8B6989719645ED9C11C36AE3ABDAEFCFC0ACF023E77C17C7897667"
IDAT =bytes.fromhex(IDAT)#默认会将十六进制做为字符串解码，此时就会出现错误，就需要转换成字节码
#HEX_str = IDAT.hex()#字节码转换成十六进制
#print(HEX_str)#检查一下是否有误
result = binascii.hexlify(zlib.decompress(IDAT))
print(result)

然后得到了

b'3131313131313130303031303030303131303131313131313131303030303031303131313030313031313031303030303031313031313130
313031303030303030303030313031313130313130313131303130303130303030303030303130313131303131303131313031303131313031
313031303031303131313031313030303030313031303130313130313130313030303030313131313131313130313031303130313031303131
313131313130303030303030303130313131303131313030303030303030313130313030313130303030303130313030313131303131303131
313130313031303130303130303030313131303030303030303030303031303130303030303030303130303130303131303130303031303031
313130303131313130313131303031313131303030303131313031313131313030303131303031303130303031313030313131303030303130
313031303030313130313030303131313130313031313030303030313031303030313031313030303030313130313131303131303031303030
303131313030313131303031303030303130313131313131313031303030303030303031313031303130303130303031313131303131313131
313130313131303030303131303130313130313131303030303031303030303131303031313030303131313130313031313130313030303131
303130303131313131303030303130313131303130313130303031313130313030313131303031303131313031303031303031313130313130
3131303030313130303030303130313130303031313031303030313130303031313131313131303131303130313130313131303131303131'

（可能手动分割出现了点错误。。。）

30 31是hex编码，30 31分别代表hex的0 1编码
hex在线转换成ASCII：https://www.asciitohex.com/
得到01字符串不是8 6的倍数没办法转换为ASCII的字符,刚好625个 625 = 25 *25
再次编程画出图片

from PIL import Image

MAX = 25
pic = Image.new("RGB",(MAX, MAX))
str = "1111111000100001101111111100000101110010110100000110111010100000000010111011011101001000000001011101101110101110110100101110110000010101011011010000011111111010101010101111111000000001011101110000000011010011000001010011101101111010101001000011100000000000101000000001001001101000100111001111011100111100001110111110001100101000110011100001010100011010001111010110000010100010110000011011101100100001110011100100001011111110100000000110101001000111101111111011100001101011011100000100001100110001111010111010001101001111100001011101011000111010011100101110100100111011011000110000010110001101000110001111111011010110111011011"
i=0
for y in range (0,MAX):
    for x in range (0,MAX):
        if(str[i] == '1'):
            pic.putpixel([x,y],(0, 0, 0))
        else:
            pic.putpixel([x,y],(255,255,255))
        i = i+1
pic.show()
pic.save("flag.png")

得到二维码图片，扫码即可。