攻防世界open-source_逆向之旅002
阿新 • • 發佈:2020-12-31
逆向之旅002_攻防世界open-source
一、分析
這是一個原始碼題,程式碼如下:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
if (argc != 4) {
printf("what?\n");
exit(1);
}
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
printf("you are wrong, sorry.\n" );
exit(2);
}
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}
printf ("Brr wrrr grr\n");
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
分析第一個if語句,如果argc!=4,就會輸出“what”然後退出程式,說明argc正確值應該為4;
同理分析第2,3,4個if語句可以得到
argv[1]=0xcafe //換算十進位制是51996
argv[2]=17*x+8 且 argv[2]!=5*x+3
argv[3]= "h4cky0u"
得到上述資訊後就可以計算引數hash的值了。以下是我修改後的程式碼,可以輸出hash的16進位制形式的值。
在#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
if (argc == 4) {
printf("what?\n");
exit(1);
}
/*
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
printf("you are wrong, sorry.\n");
exit(2);
}
*/
/*
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}
*/
unsigned int first = 51966;
unsigned int second = 25;
/*
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}
*/
int len = 7;
printf("Brr wrrr grr\n");
//unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
unsigned int hash = first * 31337 + (second % 17) * 11 + len - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
結果如下:
總結
這道題比較簡單,就不多說了。