#include <stdio.h> #include <string.h> int main(int argc, char *argv[]) { if (argc != 4) { //說明必須得是4個參數(其中注意文件名是一個) printf("what?\n"); exit(1); } unsigned int first = atoi(argv[1]); if (first != 0xcafe) { //說明first=0xcafe的時候才能繼續向下執行 printf("you are wrong, sorry.\n"); exit(2); } unsigned int second = atoi(argv[2]); if (second % 5 == 3 || second % 17 != 8) { //說明要么%5!=3,要么%17=8才能繼續向下執行 printf("ha, you won't get it!\n"); exit(3); } if (strcmp("h4cky0u", argv[3])) { //說明argv[3]="h4cky0u"才能繼續向下執行 printf("so close, dude!\n"); exit(4); } printf("Brr wrrr grr\n"); unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207; printf("Get your key: "); printf("%x\n", hash); return 0; }
上面的分析可以知道
first=0xcafe
second % 17 == 8
strlen(argv[3]) == strlen("h4ck0u")
所以只要將上面的進行替換后運行就可以得出flag
#include <stdio.h> #include <string.h> int main() { unsigned int hash = 0xcafe * 31337 + 8 * 11 + strlen("h4cky0u") - 1615810207; printf("Get your key: "); printf("%x\n", hash); return 0; }