【pwnable.kr】 blackjack
阿新 • • 發佈:2018-12-14
看了一下游戲規則,玩家和AI一起玩牌,起初有500塊,首先下注,之後每次各自會收到一張隨機的牌(點數1-13),最先達到21點的人贏。每次拿到牌之後,你可以選擇hit(繼續拿牌)或者是stay(不拿)。如果繼續拿了牌之後超過21點,那麼你就輸了。如果你選擇stay,那麼AI可能拿到超過你的點數贏你,或者超過21點輸掉。
我們的目標是每次下注贏到millionare。由於發牌是隨機的,不想一直靠運氣玩下去的話就來審一下程式碼吧。
漏洞位置在下注bet這裡:
int betting() //Asks user amount to bet { printf("\n\nEnter Bet: $"); scanf("%d", &bet); if (bet > cash) //If player tries to bet more money than player has { printf("\nYou cannot bet more money than you have."); printf("\nEnter Bet: "); scanf("%d", &bet); return bet; } else return bet; } // End Function
如果下注的錢bet超過了你擁有的錢cash,那麼會讓你再輸入一次,再輸入下注的錢的時候居然沒有繼續判斷。
那麼,不管你選擇stay還是選擇hint,輸贏對於cash的修改是一致的,以stay為例,贏了cash+bet。輸了cash-bet。
void stay() //Function for when user selects 'Stay' { dealer(); //If stay selected, dealer continues going if(dealer_total>=17) { if(player_total>=dealer_total) //If player's total is more than dealer's total, win { printf("\nUnbelievable! You Win!\n"); won = won+1; cash = cash+bet; printf("\nYou have %d Wins and %d Losses. Awesome!\n", won, loss); dealer_total=0; askover(); } if(player_total<dealer_total) //If player's total is less than dealer's total, loss { printf("\nDealer Has the Better Hand. You Lose.\n"); loss = loss+1; cash = cash - bet; printf("\nYou have %d Wins and %d Losses. Awesome!\n", won, loss); dealer_total=0; askover(); } ... } // End Function
那麼cash輸入一個負數,繼續輸,cash=cash-bet。cash輸入一個正數,贏一次,cash=cash+bet。
flag
Cash: $500 ------- |C | | 5 | | C| ------- Your Total is 5 The Dealer Has a Total of 8 Enter Bet: $501 You cannot bet more money than you have. Enter Bet: -10000000 Would You Like to Hit or Stay? Please Enter H to Hit or S to Stay. s You Have Chosen to Stay at 5. Wise Decision! The Dealer Has a Total of 16 The Dealer Has a Total of 24 Dealer Has the Better Hand. You Lose. You have 0 Wins and 1 Losses. Awesome! Would You Like To Play Again? Please Enter Y for Yes or N for No y ================================================== YaY_I_AM_A_MILLIONARE_LOL Cash: $10000500 ------- |S | | 1 | | S| ------- Your Total is 1 The Dealer Has a Total of 9 Enter Bet: $
嗯,找漏洞的時候需要明確我們的目標,比如cash>1000000,只看cash相關的程式碼就可以更快一點。