知識點:鍛煉分析代碼的能力
難度系數: 3.0
題目來源: HackYou CTF
題目描述:菜雞學逆向學得頭皮發麻,終於它拿到了一段源代碼
源程序整到最下面吧,太長了
方法1.開始分析:
- 必須滿足輸入4個參數(文件名本身也算一個參數)即: 文件名.exe(參數0) 參數1 參數2 參數3
if (argc != 4) {
printf("what?\n");
exit(1);
}
\2. 第二個參數等於 0xcafe 即:51966
其中atoi函數,是把字符串轉為數字,如atoi("123")就是數字123
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) { //要求二
printf("you are wrong, sorry.\n");
exit(2);
}
3.第三個參數對5取余不能等於3,且對17取余等於8,發現自然數25就可以
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n"); //參數對5取余不能等於3,且對17取余等於8
exit(3);
}
4.第四個參數是:h4cky0u
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n"); //第四個參數是"h4cky0u"
exit(4);
}
最后:命令行運行a.exe 51966 25 h4cky0u
得到flag : Get your key: c0ffee
方法2:直接改程序本身--》讓程序直接輸出flag:
把惡心的判斷句子以及參數都去掉!
因為4個條件判斷句都給了我們如下的答案提示,不用去算了,直接把三個參數的值改到程序上去
first = 0xcafe , (second%17)= 8 ,strlen(argv[3]) = strlen("h4cky0u")
#include <stdio.h>
#include <string.h>
int main() {
unsigned int hash = 0xcafe * 31337 + 8 * 11 + strlen("h4cky0u") - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
源代碼及簡單分析:
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
if (argc != 4) { //要求1,輸入4個參數,注意文件名本身已經算一個了
printf("what?\n");
exit(1);
}
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) { //要求二
printf("you are wrong, sorry.\n");
exit(2);
}
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n"); //參數對5取余不能等於3,且對17取余等於8
exit(3);
}
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n"); //第四個參數是"h4cky0u"
exit(4);
}
printf("Brr wrrr grr\n");
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}