Created
October 11, 2016 10:52
-
-
Save quandqn/97edf04b38828d35d17abb18727e968a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// This file was generated by the Retargetable Decompiler | |
// Website: https://retdec.com | |
// Copyright (c) 2016 Retargetable Decompiler <info@retdec.com> | |
// | |
#include <stdbool.h> | |
#include <stdint.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <string.h> | |
// --------------------- Global Variables --------------------- | |
char * g1; // 0x1007899c | |
// ------------------------ Functions ------------------------- | |
// Address range: 0x1000078c - 0x100009bf | |
int main(int argc, char ** argv) { | |
int32_t v1; // bp-432 | |
v1 = &v1; | |
int32_t v2; | |
memcpy((char *)&v2, (char *)&g1, 140); | |
puts("*************************************"); | |
puts("* *"); | |
puts("* HITCON CTF 2016 Flag Verifier *"); | |
puts("* *"); | |
puts("*************************************"); | |
printf("Check your flag before submission: "); | |
int32_t str; | |
scanf("%s", &str); | |
if (strlen((char *)&str) != 35) { | |
// 0x10000964 | |
puts("Your flag is incorrect :("); | |
// branch -> 0x10000974 | |
// 0x10000974 | |
return 0; | |
} | |
// 0x1000084c | |
srandom(0x1e61); | |
int32_t v3; | |
int32_t v4 = &v3; // 0x10000874_0 | |
int32_t v5 = 0; | |
// branch -> 0x10000860 | |
int32_t v6; | |
while (true) { | |
uint32_t v7 = rand() % 0x1000; // 0x10000868 | |
int32_t * v8 = (int32_t *)(v4 - 384 + 4 * v5); // 0x10000880_0 | |
*v8 = v7; | |
unsigned char v9 = *(char *)(v5 + (int32_t)&str); // 0x100008ac | |
*v8 = (int32_t)v9 ^ v7; | |
if (v5 > 33) { | |
v6 = 0; | |
// break -> 0x100008f4 | |
break; | |
} | |
v5++; | |
// continue -> 0x10000860 | |
} | |
while (true) { | |
int32_t v10 = 4 * v6 + v4; // 0x10000900 | |
if (*(int32_t *)(v10 - 244) == *(int32_t *)(v10 - 384)) { | |
// 0x10000938 | |
if (v6 > 33) { | |
// break -> 0x10000944 | |
break; | |
} | |
v6++; | |
// continue -> 0x100008f4 | |
continue; | |
} | |
} | |
// 0x10000944 | |
puts("Good job!! now you can submit your flag :)"); | |
// branch -> 0x10000974 | |
// 0x10000974 | |
return 0; | |
} | |
// --------------- Statically Linked Functions ---------------- | |
// void * memcpy(void * restrict dest, const void * restrict src, size_t n); | |
// int printf(const char * restrict format, ...); | |
// int puts(const char * s); | |
// int rand(void); | |
// int scanf(const char * restrict format, ...); | |
// void srandom(unsigned int seed); | |
// size_t strlen(const char * s); | |
// --------------------- Meta-Information --------------------- | |
// Detected compiler/packer: gcc (5.4.0) | |
// Detected functions: 1 | |
// Decompiler release: v2.2.1 (2016-09-07) | |
// Decompilation date: 2016-10-08 12:26:09 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment