【CTF】攻防世界·Reverse(二)open-source

Hello,又是我,我又双叒叕被催更了......

首先看一下题目给我们的c语言的源代码:

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    if (argc != 4) {
    	printf("what?\n");
    	exit(1);
    }

    unsigned int first = atoi(argv[1]);
    if (first != 0xcafe) {
    	printf("you are wrong, sorry.\n");
    	exit(2);
    }

    unsigned int second = atoi(argv[2]);
    if (second % 5 == 3 || second % 17 != 8) {
    	printf("ha, you won't get it!\n");
    	exit(3);
    }

    if (strcmp("h4cky0u", argv[3])) {
    	printf("so close, dude!\n");
    	exit(4);
    }

    printf("Brr wrrr grr\n");

    unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

    printf("Get your key: ");
    printf("%x\n", hash);
    return 0;
}

分析一下:

0×1:

    if (first != 0xcafe) {
        printf("you are wrong, sorry.\n");
        exit(2);
    }

显然,first的值为0xcafe

0×2:

    if (second % 5 == 3 || second % 17 != 8) {
        printf("ha, you won't get it!\n");
        exit(3);
    }

看了一下这里,second的值为8就行了

0×3:

    if (strcmp("h4cky0u", argv[3])) {
        printf("so close, dude!\n");
        exit(4);
    }

最后这里,argv[3]的值为“h4cky0u”

------------------------------------------------我是一条华丽的分割线---------------------------------------------------

最后,就是照题目写脚本的过程了:

#include <stdio.h>
#include <string.h>

int main(int argc, char* argv[])
 {

    int first = 0xcafe;
    int second = 8;
    argv[3] = "h4cky0u";


    unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

    printf("Get your key: ");
    printf("%x\n", hash);

    return 0;
}

得到的flag为:

c0ffee

那么,下一期再见,嘻嘻!

上一篇:js实现随机生成4位数验证码


下一篇:shell 变量