【攻防世界】open-source
程序员文章站
2022-03-22 08:10:28
...
知识点:锻炼分析代码的能力
难度系数: 3.0
题目来源: HackYou CTF
题目描述:菜鸡学逆向学得头皮发麻,终于它拿到了一段源代码
源程序整到最下面吧,太长了
方法1.开始分析:
- 必须满足输入4个参数(文件名本身也算一个参数)即: 文件名.exe(参数0) 参数1 参数2 参数3
if (argc != 4) {
printf("what?\n");
exit(1);
}
2. 第二个参数等于 0xcafe 即:51966
其中atoi函数,是把字符串转为数字,如atoi("123")就是数字123
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) { //要求二
printf("you are wrong, sorry.\n");
exit(2);
}
3.第三个参数对5取余不能等于3,且对17取余等于8,发现自然数25就可以
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n"); //参数对5取余不能等于3,且对17取余等于8
exit(3);
}
4.第四个参数是:h4cky0u
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n"); //第四个参数是"h4cky0u"
exit(4);
}
最后:命令行运行a.exe 51966 25 h4cky0u
得到flag : Get your key: c0ffee
方法2:直接改程序本身--》让程序直接输出flag:
把恶心的判断句子以及参数都去掉!
因为4个条件判断句都给了我们如下的答案提示,不用去算了,直接把三个参数的值改到程序上去
first = 0xcafe , (second%17)= 8 ,strlen(argv[3]) = strlen("h4cky0u")
#include <stdio.h>
#include <string.h>
int main() {
unsigned int hash = 0xcafe * 31337 + 8 * 11 + strlen("h4cky0u") - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
源代码及简单分析:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
if (argc != 4) { //要求1,输入4个参数,注意文件名本身已经算一个了
printf("what?\n");
exit(1);
}
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) { //要求二
printf("you are wrong, sorry.\n");
exit(2);
}
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n"); //参数对5取余不能等于3,且对17取余等于8
exit(3);
}
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n"); //第四个参数是"h4cky0u"
exit(4);
}
printf("Brr wrrr grr\n");
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}