open-source
难度系数: ⭐⭐⭐
题目来源: HackYou CTF
题目描述:菜鸡学逆向学得头皮发麻,终于它拿到了一段源代码
#include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { if (argc != 4) { printf("what? "); exit(1); } unsigned int first = atoi(argv[1]); if (first != 0xcafe) { printf("you are wrong, sorry. "); exit(2); } unsigned int second = atoi(argv[2]); if (second % 5 == 3 || second % 17 != 8) { printf("ha, you won't get it! "); exit(3); } if (strcmp("h4cky0u", argv[3])) { printf("so close, dude! "); exit(4); } printf("Brr wrrr grr "); unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207; printf("Get your key: "); printf("%x ", hash); return 0; }
开始分析:
从头到尾看一遍,可知hash就是flag,而且由三部分组成
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
从代码中找这三个变量
atoi()函数是把字符串转为数字,first在数组argv的第二位上,first要等于0xcafe,0xcafe是16进制转为10进制就是51966
unsigned int first = atoi(argv[1]); if (first != 0xcafe) { printf("you are wrong, sorry. "); exit(2); }
atoi()函数是把字符串转为数字,first在数组argv的第三位上,second要对5取余不等于3,对17取余等于8,计算发现数字25可以
unsigned int second = atoi(argv[2]); if (second % 5 == 3 || second % 17 != 8) { printf("ha, you won't get it! "); exit(3); }
argv的第四位是"h4ck0u"
if (strcmp("h4cky0u", argv[3])) { printf("so close, dude! "); exit(4); }
所以我们直接编写代码输出flag
#include <stdio.h> #include <string.h> int main () { int hash = 0xcafe * 31337 + (25 % 17) * 11 + strlen("h4cky0u") - 1615810207; printf("%x ", hash); }
还有第一个判断,是要求输入四个参数,本身的.exe文件名就算一个