Created
November 6, 2015 18:07
-
-
Save vqhuy/c9e89756ecac1f12bb19 to your computer and use it in GitHub Desktop.
re300 - SVATTT 2015 CTF
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <stdint.h> | |
| int dword_804B16C, dword_804B170, dword_804B174, dword_804B178, dword_804B17C, dword_804B180; | |
| int pos = 0; | |
| int v11; | |
| int v12; | |
| int v13; | |
| int v14; | |
| int v141; | |
| int v15; | |
| int v16[30] = {}; | |
| void generateRandom(int seed) | |
| { | |
| int i; | |
| srand(4919 * seed); | |
| v11 = rand(); | |
| v12 = rand(); | |
| v13 = rand(); | |
| v14 = rand(); | |
| v141 = rand(); | |
| v15 = rand(); | |
| for(i = 0; i < 30; i++) { | |
| v16[i] = rand(); | |
| } | |
| } | |
| char sub_8048AFD() | |
| { | |
| dword_804B16C = ((((unsigned int)((uint64_t)v11 >> 32) >> 28) + (unsigned char)v11) & 0xF) | |
| - ((unsigned int)((uint64_t)v11 >> 32) >> 28); | |
| return ((((unsigned int)((uint64_t)v11 >> 32) >> 28) + (unsigned char)v11) & 0xF) | |
| - ((unsigned int)((uint64_t)v11 >> 32) >> 28); | |
| } | |
| char sub_8048B3A() | |
| { | |
| dword_804B170 = ((((unsigned int)((uint64_t)v12 >> 32) >> 28) + (unsigned char)v12) & 0xF) | |
| - ((unsigned int)((uint64_t)v12 >> 32) >> 28); | |
| return (8 * dword_804B16C % (unsigned int)dword_804B170); | |
| } | |
| char sub_8048B82() | |
| { | |
| dword_804B174 = ((((unsigned int)((uint64_t)v13 >> 32) >> 28) + (unsigned char)v13) & 0xF) | |
| - ((unsigned int)((uint64_t)v13 >> 32) >> 28); | |
| return (((unsigned char)dword_804B170 + (unsigned char)dword_804B16C + (char)v13 % 16) & 0xF); | |
| } | |
| char sub_8048BCC() | |
| { | |
| char v2; // bl@1 | |
| dword_804B178 = ((((unsigned int)((uint64_t)v14 >> 32) >> 28) + (unsigned char)v14) & 0xF) | |
| - ((unsigned int)((uint64_t)v14 >> 32) >> 28); | |
| v2 = dword_804B16C - dword_804B174; | |
| return ((v2 + (unsigned char)v141) & 0xF); | |
| } | |
| char sub_8048C1D() | |
| { | |
| int v2; // eax@4 | |
| unsigned int v3; // ebx@4 | |
| int v4; // eax@4 | |
| dword_804B17C = ((((unsigned int)((uint64_t)v15 >> 32) >> 28) + (unsigned char)v15) & 0xF) | |
| - ((unsigned int)((uint64_t)v15 >> 32) >> 28); | |
| pos = dword_804B17C; | |
| v2 = v16[pos++]; | |
| v3 = ((((unsigned int)((uint64_t)v2 >> 32) >> 30) + (unsigned char)v2) & 3) | |
| - ((unsigned int)((uint64_t)v2 >> 32) >> 30); | |
| v4 = v16[pos++]; | |
| return ((((unsigned int)((uint64_t)(signed int)(v4 % 5 * v3) >> 32) >> 28) | |
| + (unsigned char)(v4 % 5) * (unsigned char)v3) & 0xF) | |
| - ((unsigned int)((uint64_t)(signed int)(v4 % 5 * v3) >> 32) >> 28); | |
| } | |
| char sub_8048CB9() | |
| { | |
| unsigned int v2; // ebx@4 | |
| unsigned int v1 = v16[pos++]; | |
| dword_804B180 = ((((unsigned int)((uint64_t)v1 >> 32) >> 28) + (unsigned char)v1) & 0xF) | |
| - ((unsigned int)((uint64_t)v1 >> 32) >> 28); | |
| pos += dword_804B180; | |
| v2 = dword_804B178 * ((dword_804B16C << dword_804B170) / (unsigned int)dword_804B174); | |
| return (((unsigned char)(v16[pos] % 5) * (unsigned char)v2 - dword_804B17C % 7u / (dword_804B180 & 0xFu)) & 0xF); | |
| } | |
| int main(int argc, char *argv[]) | |
| { | |
| int token = strtoul(argv[1], 0, 16); | |
| char a1, a2, a3, a4, a5, a6; | |
| generateRandom(token); | |
| a1 = sub_8048AFD(); | |
| a2 = sub_8048B3A(); | |
| a3 = sub_8048B82(); | |
| a4 = sub_8048BCC(); | |
| a5 = sub_8048C1D(); | |
| a6 = sub_8048CB9(); | |
| printf("%d %d %d %d %d %d\n", a1, a2, a3, a4, a5, a6); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment