逆向之旅002_攻防世界open-source

• 一、分析
• 總結

一、分析

這是一個原始碼題，程式碼如下：

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    if (argc != 4) {
    	printf("what?\n");
    	exit(1);
    }

    unsigned int first = atoi(argv[1]);
    if (first != 0xcafe) {
    	printf("you are wrong, sorry.\n"
 
);
    	exit(2);
    }

    unsigned int second = atoi(argv[2]);
    if (second % 5 == 3 || second % 17 != 8) {
    	printf("ha, you won't get it!\n");
    	exit(3);
    }

    if (strcmp("h4cky0u", argv[3])) {
    	printf("so close, dude!\n");
    	exit(4);
    }

    printf
 
("Brr wrrr grr\n");

    unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

    printf("Get your key: ");
    printf("%x\n", hash);
    return 0;
}

分析第一個if語句，如果argc！=4，就會輸出“what”然後退出程式，說明argc正確值應該為4；
同理分析第2,3，4個if語句可以得到

argv[1]=0xcafe
 
 //換算十進位制是51996
argv[2]=17*x+8 且 argv[2]!=5*x+3
argv[3]= "h4cky0u"

得到上述資訊後就可以計算引數hash的值了。以下是我修改後的程式碼，可以輸出hash的16進位制形式的值。

在#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
    if (argc == 4) {
    	printf("what?\n");
    	exit(1);
    }
    /*
    unsigned int first = atoi(argv[1]);
    if (first != 0xcafe) {
    	printf("you are wrong, sorry.\n");
    	exit(2);
    }
    */
    /*
    unsigned int second = atoi(argv[2]);
    if (second % 5 == 3 || second % 17 != 8) {
    	printf("ha, you won't get it!\n");
    	exit(3);
    }
    */
    unsigned int first = 51966;
    unsigned int second = 25;
    /*
    if (strcmp("h4cky0u", argv[3])) {
    	printf("so close, dude!\n");
    	exit(4);
    }
    */
    int len = 7;
    printf("Brr wrrr grr\n");

    //unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
    unsigned int hash = first * 31337 + (second % 17) * 11 + len - 1615810207;
    printf("Get your key: ");
    printf("%x\n", hash);
    return 0;
}

結果如下：

總結

這道題比較簡單，就不多說了。