这次根据题目描述,我们将得到源代码,就先将附件下载出来
以下为本题提供的源码
#include <stdio.h>
#include <string.h>
int main(int argc, char *argv[]) {
if (argc != 4) {
printf("what?\n");
exit(1);
}
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
printf("you are wrong, sorry.\n");
exit(2);
}
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}
printf("Brr wrrr grr\n");
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
分析代码
if (argc != 4) {
printf("what?\n");
exit(1);
}
这个if语句是判断所给出数据的个数,无具体作用
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
printf("you are wrong, sorry.\n");
exit(2);
}
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}
以上三个if语句分别给出三个参数,由代码可以直接知道第一、三个参数分别为
first = 0xcafe
argv[3] = "h4cky0u"
第二个需要编写一个简单的脚本去得到数值
for(int i=0;i<100;++i)
{
if(i % 5 != 3 && i % 17 == 8)
printf("%d\n",i);
}
得到第二个参数为最小的 25
最后编写总代码,把三个参数带入,由最后面的公式计算得出flag
#include <stdio.h>
#include <string.h>
int main()
{
int first = 0xcafe;
int second = 25;
char argv[] = "h4cky0u";
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv) - 1615810207;
printf("Get your key: ");
printf("%x\n", hash);
return 0;
}
得到本题flag为
c0ffee