• open-source


    open-source
    难度系数: ⭐⭐⭐
    题目来源: HackYou CTF
    题目描述:菜鸡学逆向学得头皮发麻,终于它拿到了一段源代码
    #include <stdio.h>
    #include <string.h>
    
    int main(int argc, char *argv[]) {
        if (argc != 4) {
            printf("what?
    ");
            exit(1);
        }
    
        unsigned int first = atoi(argv[1]);
        if (first != 0xcafe) {
            printf("you are wrong, sorry.
    ");
            exit(2);
        }
    
        unsigned int second = atoi(argv[2]);
        if (second % 5 == 3 || second % 17 != 8) {
            printf("ha, you won't get it!
    ");
            exit(3);
        }
    
        if (strcmp("h4cky0u", argv[3])) {
            printf("so close, dude!
    ");
            exit(4);
        }
    
        printf("Brr wrrr grr
    ");
    
        unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
    
        printf("Get your key: ");
        printf("%x
    ", hash);
        return 0;
    }

    开始分析:

    从头到尾看一遍,可知hash就是flag,而且由三部分组成

    unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

    从代码中找这三个变量

    atoi()函数是把字符串转为数字,first在数组argv的第二位上,first要等于0xcafe,0xcafe是16进制转为10进制就是51966

    unsigned int first = atoi(argv[1]);
        if (first != 0xcafe) {
            printf("you are wrong, sorry.
    ");
            exit(2);
        }

    atoi()函数是把字符串转为数字,first在数组argv的第三位上,second要对5取余不等于3,对17取余等于8,计算发现数字25可以

    unsigned int second = atoi(argv[2]);
        if (second % 5 == 3 || second % 17 != 8) {
            printf("ha, you won't get it!
    ");
            exit(3);
        }

    argv的第四位是"h4ck0u"

    if (strcmp("h4cky0u", argv[3])) {
            printf("so close, dude!
    ");
            exit(4);
        }

    所以我们直接编写代码输出flag

    #include <stdio.h>
    #include <string.h>
    
    int main () {
        int hash = 0xcafe * 31337 + (25 % 17) * 11 + strlen("h4cky0u") - 1615810207;
        printf("%x
    ", hash);
    }

    还有第一个判断,是要求输入四个参数,本身的.exe文件名就算一个

  • 相关阅读:
    oracle a:=100 和 b=:c 区别
    Oracle为表或字段添加备注
    oracle删除表字段和oracle表增加字段
    oracle数据库的一个表中,怎么设置字段的默认值
    VS2015密钥
    C# 调用WebApi
    OCX ClassId查看
    C++ 调用类的函数
    如何做一个标记为安全的ACTIVEX控件
    Java内存通道
  • 原文地址:https://www.cnblogs.com/rebirther/p/12880721.html
Copyright © 2020-2023  润新知