open-source

open-source
难度系数： ⭐⭐⭐
题目来源： HackYou CTF
题目描述：菜鸡学逆向学得头皮发麻，终于它拿到了一段源代码

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    if (argc != 4) {
        printf("what?\n");
        exit(1);
    }

    unsigned int first = atoi(argv[1]);
    if (first != 0xcafe) {
        printf("you are wrong, sorry.\n");
        exit(2);
    }

    unsigned int second = atoi(argv[2]);
    if (second % 5 == 3 || second % 17 != 8) {
        printf("ha, you won't get it!\n");
        exit(3);
    }

    if (strcmp("h4cky0u", argv[3])) {
        printf("so close, dude!\n");
        exit(4);
    }

    printf("Brr wrrr grr\n");

    unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

    printf("Get your key: ");
    printf("%x\n", hash);
    return 0;
}

开始分析：

从头到尾看一遍，可知hash就是flag，而且由三部分组成

unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

从代码中找这三个变量

atoi()函数是把字符串转为数字，first在数组argv的第二位上，first要等于0xcafe，0xcafe是16进制转为10进制就是51966

unsigned int first = atoi(argv[1]);
    if (first != 0xcafe) {
        printf("you are wrong, sorry.\n");
        exit(2);
    }

atoi()函数是把字符串转为数字，first在数组argv的第三位上，second要对5取余不等于3，对17取余等于8，计算发现数字25可以

unsigned int second = atoi(argv[2]);
    if (second % 5 == 3 || second % 17 != 8) {
        printf("ha, you won't get it!\n");
        exit(3);
    }

argv的第四位是"h4ck0u"

if (strcmp("h4cky0u", argv[3])) {
        printf("so close, dude!\n");
        exit(4);
    }

所以我们直接编写代码输出flag

#include <stdio.h>
#include <string.h>

int main () {
    int hash = 0xcafe * 31337 + (25 % 17) * 11 + strlen("h4cky0u") - 1615810207;
    printf("%x\n", hash);
}

还有第一个判断，是要求输入四个参数，本身的.exe文件名就算一个

posted @ 2020-05-13 10:08 非凡的静静阅读(278) 评论(0) 编辑收藏举报

刷新页面返回顶部

非凡的静静

open-source

公告