Hello,又是我,我又双叒叕被催更了......
首先看一下题目给我们的c语言的源代码:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
if (argc != 4) {
printf("what?\n");
exit(1);
}
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
printf("you are wrong, sorry.\n");
exit(2);
}
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}
printf("Brr wrrr grr\n");
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
分析一下:
0×1:
if (first != 0xcafe) {
printf("you are wrong, sorry.\n");
exit(2);
}显然,first的值为0xcafe
0×2:
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}看了一下这里,second的值为8就行了
0×3:
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}最后这里,argv[3]的值为“h4cky0u”
------------------------------------------------我是一条华丽的分割线---------------------------------------------------
最后,就是照题目写脚本的过程了:
#include <stdio.h>
#include <string.h>
int main(int argc, char* argv[])
{
int first = 0xcafe;
int second = 8;
argv[3] = "h4cky0u";
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}得到的flag为:
c0ffee