攻防世界xctf reverse：open-source

程序员文章站 2022-05-15 12:26:07

...

附件为源码，如下

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    if (argc != 4) {
    	printf("what?\n");
    	exit(1);
    }

    unsigned int first = atoi(argv[1]);
    if (first != 0xcafe) {
    	printf("you are wrong, sorry.\n");
    	exit(2);
    }

    unsigned int second = atoi(argv[2]);
    if (second % 5 == 3 || second % 17 != 8) {
    	printf("ha, you won't get it!\n");
    	exit(3);
    }

    if (strcmp("h4cky0u", argv[3])) {
    	printf("so close, dude!\n");
    	exit(4);
    }

    printf("Brr wrrr grr\n");

    unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

    printf("Get your key: ");
    printf("%x\n", hash);
    return 0;
}

给了源码，逐个分析参数的值即可

#python2
first=0xcafe
second=8
argv3="h4cky0u"
hash =  first* 31337 + (second % 17) * 11 + 7 - 1615810207
print hex(hash)

hash：0xc0ffee

flag：c0ffee

攻防世界xctf reverse：open-source

攻防世界 reverse 新手题wp

【XCTF 攻防世界】WEB 高手进阶区 supersqli(三种方法)

攻防世界XCTF：supersqli

stack2 [XCTF-PWN][高手进阶区]CTF writeup攻防世界题解系列15

攻防世界XCTF：easytornado

【XCTF 攻防世界】WEB 高手进阶区 Web_php_include

攻防世界xctf reverse：open-source

攻防世界 reverse之 elrond32

攻防世界xctf reverse：no-strings-attached

攻防世界xctf reverse：Hello, CTF