#include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { if (argc != 4) { //说明必须得是4个参数(其中注意文件名是一个) printf("what? "); exit(1); } unsigned int first = atoi(argv[1]); if (first != 0xcafe) { //说明first=0xcafe的时候才能继续向下执行 printf("you are wrong, sorry. "); exit(2); } unsigned int second = atoi(argv[2]); if (second % 5 == 3 || second % 17 != 8) { //说明要么%5!=3,要么%17=8才能继续向下执行 printf("ha, you won't get it! "); exit(3); } if (strcmp("h4cky0u", argv[3])) { //说明argv[3]="h4cky0u"才能继续向下执行 printf("so close, dude! "); exit(4); } printf("Brr wrrr grr "); unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207; printf("Get your key: "); printf("%x ", hash); return 0; }
上面的分析可以知道
first=0xcafe
second % 17 == 8
strlen(argv[3]) == strlen("h4ck0u")
所以只要将上面的进行替换后运行就可以得出flag
#include <stdio.h> #include <string.h> int main() { unsigned int hash = 0xcafe * 31337 + 8 * 11 + strlen("h4cky0u") - 1615810207; printf("Get your key: "); printf("%x ", hash); return 0; }