Created
February 6, 2016 14:51
-
-
Save ptr-yudai/f658f25fbd5cda8cd98a to your computer and use it in GitHub Desktop.
beef_steak
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <unistd.h> | |
char cmpdata[0x28] = "\x62\x31\xaa\x85\xbd\xbf\x9f\xf3\x8a\x02\x0c\x75\xac\x23\xab\xe4\x82\xc5\x25\x7a\xef\xbd\xc9\x61\x00\x54\x68\x61"; | |
/* 0x400da6 */ | |
char key[0x28]; /* 0x6020e0 */ | |
char output[0x28]; /* 0x602120 */ | |
unsigned char state[0x100]; /* 0x602160 */ | |
/* | |
Initialize RC4 Crypt | |
*/ | |
void rc4_init() | |
{ | |
int len; /* rbp-0x4 */ | |
int i; /* rbp-0x8 */ | |
unsigned char tmp; /* rbp-0x9 */ | |
unsigned char j; /* rbp-0xa */ | |
for(i = 0; i <= 0xff; i++) { | |
state[i] = (unsigned char)i; | |
} | |
len = strlen(key); | |
for(j = i = 0; i <= 0xff; i++) { | |
j += state[i]; | |
j += key[i % len]; | |
/* swap */ | |
tmp = state[i]; | |
state[i] = state[j]; | |
state[j] = tmp; | |
} | |
} | |
/* | |
Encrypt data with RC4 | |
*/ | |
void rc4_encrypt(char in[], char out[], int in_len) | |
{ | |
int buflen = strlen(in); /* rbp-0x4 */ | |
int i; /* rbp-0x8 */ | |
unsigned char tmp; | |
unsigned char index1, index2; /* rbp-0xa, rbp-0xb*/ | |
unsigned char j; | |
for(i = 0; i < buflen; i++) { | |
index1++; | |
index2 += state[index1]; | |
tmp = state[index1]; | |
state[index1] = state[index2]; | |
state[index2] = tmp; | |
j = state[index1] + state[index2]; | |
out[i] = in[i] ^ state[j]; | |
} | |
} | |
/* | |
MAIN ROUTINE | |
*/ | |
int main() | |
{ | |
FILE *fp; /* rbp-0x38 */ | |
char input[0x40]; /* rbp-0x30 */ | |
int counter; /* rbp-0x3c */ | |
chdir("/home/steak"); | |
/* | |
Read 0x28(40) bytes from /home/steak/flag | |
*/ | |
fp = fopen("/home/steak/flag", "r"); | |
fgets(key, 0x28, fp); | |
fclose(fp); | |
/* | |
Initialize RC4 and remove 'key' | |
*/ | |
rc4_init(); | |
memset(key, 0, 0x28); | |
/* | |
Get input | |
*/ | |
puts("What's your favirite food?"); | |
fflush(stdout); | |
fgets(input, 0x200, stdin); | |
/* | |
Encrypt data | |
*/ | |
rc4_encrypt(input, output, strlen(input)-1); | |
printf("Hmm..."); | |
fflush(stdout); | |
/* | |
Time spends... | |
*/ | |
for(counter = 0; counter <= 4; counter++) { | |
sleep(1); | |
putchar(0x2e); | |
fflush(stdout); | |
} | |
/* | |
check | |
*/ | |
if ( strcmp(output, cmpdata) == 0 ) { | |
puts("That's my favorite!"); | |
puts("You may leave a message"); | |
fflush(stdout); | |
system("/bin/cat > ./message"); | |
} else { | |
puts("I don't like that!"); | |
} | |
memset(output, 0, 0x28); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment