https://github.com/joxon/swe266p-lab1
https://github.com/joxon/swe266p-lab1
Last synced: 3 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/joxon/swe266p-lab1
- Owner: joxon
- Created: 2020-04-30T10:55:33.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2020-05-01T21:21:44.000Z (over 5 years ago)
- Last Synced: 2025-05-20T13:56:02.718Z (5 months ago)
- Language: C
- Size: 255 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
Awesome Lists containing this project
README
# swe266p-lab1
Author: Junxian Chen
Date: April 30, 2020
## easyre_1
cs527{1_c4n_m3sS_w17H_StR1pPpPPPppPeD_b1N4Riez}
cs527{I can mess with strippppppppped binaries}
search->program text->"wrong"
## easyre_2
cs527{D0_y0u_l1ke_Kr4bbY_pAt71ez?}
cs527{do you like krabby patties?}
## findme_1
cs527{W3lc0meeeeee_to_5oF74R3_S3cUr1ty_cl4sSsSsS}
cs527{Welcomeeeeee to softare security classssss}
## findme_2
cs527{I_<3_mY_s0F7W4re_5EcUR1tY_cl4ss}
cs527{I love my software security class}
```c
// 0 cs527{I_<3
((((local_94 == 'c') &&
(local_93 == 's')) &&
(local_92 == '5')) &&
(((((local_91 == '2' &&
(local_90 == '7')) &&
((local_8f == '{' &&
((local_8e == 'I' &&
(local_8d == '_')))))) &&
(local_8c == '<')) &&
(((((local_8b == '3' &&
// 1 _mY
(local_8a == '_')) &&
((local_89 == 'm' &&
(local_88 == 'Y')))) &&
// 2 _s
((local_87 == '_' &&
(((local_86 == 's' &&
// 3 0F7
(local_85 == '0')) &&
(local_84 == 'F')) &&
((local_83 == '7' &&
// 4 W4r
((((local_82 == 'W' &&
(((((local_81 == '4' &&
(local_80 == 'r')) &&
// 5 e_5
(local_7f == 'e')) &&
(local_7e == '_')))))))) &&
((((local_7d == '5' &&
// 6 EcU
((local_7c == 'E' &&
(((local_7b == 'c' &&
(local_7a == 'U')) &&
// 7 R1
(local_79 == 'R')) &&
(local_78 == '1')) &&
// 8 tY_
(local_77 == 't')))) &&
(((local_76 == 'Y' &&
(local_75 == '_')) &&
// 9 cl
(((local_74 == 'c' &&
(local_73 == 'l')) &&
// 10 4
(local_72 == '4')))))))))))
// 11 ss}
(local_71 == 's')))) &&
((local_70 == 's' &&
((local_6f == '}' &&
(local_6e == '\0'))))))))))
```
## findme_3
cs527{H3y_MomMY_I_4m_a_h4Nds0me_R3V3rS3r}
cs527{Hey mommy I am a handsome reverser}
search->program text->"flag"
```c
char cVar1;
char *pcVar2;
int iVar3;
int in_GS_OFFSET;
char local_94 [128]; // our input
int local_14;
undefined *local_10;
local_10 = &stack0x00000004;
local_14 = *(int *)(in_GS_OFFSET + 0x14);
__printf_chk(1,"Flag: ");
__isoc99_scanf("%100s",local_94);
pcVar2 = &DAT_0804a060;
cVar1 = DAT_0804a060; // flag
while (cVar1 != '\0') {
*pcVar2 = cVar1 + -1;
cVar1 = pcVar2[1];
pcVar2 = pcVar2 + 1;
}
iVar3 = strcmp(local_94,&DAT_0804a060);
if (iVar3 == 0) {
puts("Cool! correct flag!!");
}
else {
puts("Pffff.... :\\");
}
```
```c
pcVar2 = s_dt638|I4z`NpnNZ`J`5n`b`i5Oet1nf`_0804a060;
// dt638|I4z`NpnNZ`J`5n`b`i5Oet1nf`S4W4sT4s~
// cs527{H3y_MomMY_I_4m_a_h4Nds0me_R3V3rS3r}
cVar1 = s_dt638|I4z`NpnNZ`J`5n`b`i5Oet1nf`_0804a060[0];
while (cVar1 != '\0') {
*pcVar2 = cVar1 + -1; // offset -1. Go look up ASCII table.
cVar1 = pcVar2[1]; // get next char
pcVar2 = pcVar2 + 1; // point to next char
}
```
## findme4
cs527{H0hoHOH0_m3RrY_ChR1s7m4s}
cs527{hohohoho merry christmas}
```c
undefined4 FUN_080483c0(void)
{
int iVar1;
__printf_chk(1,"Flag? ");
__isoc99_scanf("%100s",&DAT_0804a0e0);
iVar1 = 0;
do {
// read by two
// "sT5?2I7`{6Hi0@hTocH_O,Hi0:_amA32RTrJY|_^C?h^RD1gsw7:ml4Ns?}"
// s527{H0hoHOH0_m3RrY_ChR1s7m4s}
if ((&DAT_0804a0e0)[iVar1] != (&DAT_0804a040)[iVar1 * 2]) {
puts("Wrong flag :(");
return 0;
}
iVar1 = iVar1 + 1;
} while (iVar1 != 0x20);
puts("Correct flag :)");
return 0;
}
```
## findme5
cs527{I_rUn_0u7_oF_Fl4G_t3xTs}
cs527{I run out of flag texts}
```c
undefined4 FUN_080483c0(void)
{
char *ptrChar;
int i;
__printf_chk(1,"Flag? ");
__isoc99_scanf("%100s",&CHAR_??_0804a260); // our input
if (INT_0804a040 == -1) {
i = 0;
LAB_0804842e:
if ((&CHAR_??_0804a260)[i] == '\0') {
puts("Correct flag :)");
return 0;
}
}
else {
// strFlag: "c7kvTns7_}U1x}ir(Ca2$5X,QuI_58bBiE*)Y:4fu?KQ9xZVv?qC_,lW!8=6M|U8B^AzwR`op-s_4zaT;RMX]96]NPp{MG5n%Sh|iJkw"
// INT_0804a040 == 0
// CHAR_??_0804a260 == 'c'
if (CHAR_??_0804a260 == strFlag[INT_0804a040]) {
i = 0;
do {
i = i + 1;
if ((&INT_0804a040)[i] == -1) goto LAB_0804842e;
ptrChar = &CHAR_??_0804a261 + i;
i = i;
} while (strFlag[(&INT_0804a040)[i]] == *ptrChar);
}
}
puts("Wrong flag :(");
return 0;
}
```
```text
INT_ARRAY_0804a040[1] XREF[1,2]: FUN_080483c0:080483ee (R) ,
INT_ARRAY_0804a040[2] FUN_080483c0:08048422 (R) ,
INT_ARRAY_0804a040 FUN_080483c0:08048422 (R)
0804a040 00 00 00 int[32]
00 28 00
00 00 15
0804a040 [0] 0, 40, 21, 19
0804a050 [4] 7, 227, 28, 8
0804a060 [8] 15, 198, 5, 8
0804a070 [12] 146, 161, 31, 8
0804a080 [16] 207, 128, 211, 128
0804a090 [20] 190, 143, 97, 90
0804a0a0 [24] 123, 33, 181, 4
0804a0b0 [28] 6, 9, -1, 0
```
```text
s_syy=dLC)/,-Cc8q|qY9=7%Q^7k&*(#,E_0804a168 XREF[1,1]: FUN_080483c0:080483fb (R) ,
strFlag FUN_080483c0:08048417 (R)
0804a140 63 37 6b char[241] "c7kvTns7_}U1x}ir(Ca2$5X,Q', 'u', 'I', '_'
0804a1e4 [164] '5', '8', 'b', 'B'
0804a1e8 [168] 'i', 'E', '*', ')'
0804a1ec [172] 'Y', ':', '4', 'f'
0804a1f0 [176] 'u', '?', 'K', 'Q'
0804a1f4 [180] '9', 'x', 'Z', 'V'
0804a1f8 [184] 'v', '?', 'q', 'C'
0804a1fc [188] '_', ',', 'l', 'W'
0804a200 [192] '!', '8', '=', '6'
0804a204 [196] 'M', '|', 'U', '8'
0804a208 [200] 'B', '^', 'A', 'z'
0804a20c [204] 'w', 'R', '`', 'o'
0804a210 [208] 'p', '-', 's', '_'
0804a214 [212] '4', 'z', 'a', 'T'
0804a218 [216] ';', 'R', 'M', 'X'
0804a21c [220] ']', '9', '6', ']'
0804a220 [224] 'N', 'P', 'p', '{'
0804a224 [228] 'M', 'G', '5', 'n'
0804a228 [232] '%', 'S', 'h', '|'
0804a22c [236] 'i', 'J', 'k', 'w'
0804a230 [240] '\0'
```