Jump to content

Recommended Posts

Posted

We have to debug/reverse engineer a program written in c called "bomb"

It asks for a password and if you don't get it right, then it blows up. There are 4 levels you have to get through (4 passwords).

I have run GDB on the program and this is all I have been able to come up with.... any help would be great!

* Oh and found out c = 1 and v = 0xFFBFFBEC from within GDB

int main (int c, char **v)
{
        char buffer4[8];
	char buffer3[8];
	char buffer2[8];
	char buffer1[8];
	sleepfor = !getenv("accel") * sleepfor;

	prompt();
	gets(buffer1);
	if (strcmp(buffer1, P1) == 0)
		click();
	else
		kaboom();
	prompt();
	gets(buffer2);



	if ((buffer2[0] == P2[0]) &&
		(buffer2[1] == P2[1]) &&
		(buffer2[2] == P2[2]) &&
		(strlen(buffer2) == 1<<2))
		click();
	else
		kaboom();
	prompt();
	gets(buffer2);


	if (strcmp(buffer3, P3) == 0)
		click();
	else 
		kaboom();
	prompt();

	gets(buffer4);
	if (fopen(buffer4,"r"))
		fizzle();
	else
		kaboom();

	return 0;

}

Posted

$ gcc bomb.c -o bomb -Wall
bomb.c: In function ‘main’:
bomb.c:7: error: ‘sleepfor’ undeclared (first use in this function)
bomb.c:7: error: (Each undeclared identifier is reported only once
bomb.c:7: error: for each function it appears in.)
bomb.c:7: warning: implicit declaration of function ‘getenv’
bomb.c:9: warning: implicit declaration of function ‘prompt’
bomb.c:10: warning: implicit declaration of function ‘gets’
bomb.c:11: warning: implicit declaration of function ‘strcmp’
bomb.c:11: error: ‘P1’ undeclared (first use in this function)
bomb.c:12: warning: implicit declaration of function ‘click’
bomb.c:14: warning: implicit declaration of function ‘kaboom’
bomb.c:20: error: ‘P2’ undeclared (first use in this function)
bomb.c:23: warning: implicit declaration of function ‘strlen’
bomb.c:23: warning: incompatible implicit declaration of built-in function ‘strlen’
bomb.c:31: error: ‘P3’ undeclared (first use in this function)
bomb.c:38: warning: implicit declaration of function ‘fopen’
bomb.c:39: warning: implicit declaration of function ‘fizzle’

That's what your code gives...

"c", and "v", as you call them, are the argument count, and the argument value. argc and argv in short.

If you launch it by executing ./bomb, argc (c for you) will be = 1. If you launch it by executing "./bomb is da shit", argc will be = 4.

The "v", or usually called "argv", is a pointer which points to an array of arrays of characters. In other words, it's an array of C-type strings. You can access each string by using something like:

printf("%s\n", argv[0]); // in general
printf("%s\n", v[0]);  // for you

The value of "v" is thus just an address of a memory strip. Nothing to worry about.

You're not using the arguments, so you can just leave both of those out by using int main (void).

Try this:

#define INPUT_BUFFER 10

#include <stdio.h>
#include <string.h>


int main (void)
{

        char * passwordList[] = {"first", "second", "third", "fourth"};
        int i = 0;
        char answer[INPUT_BUFFER];

        for (i = 0; i < 4; i++)
        {

                printf("Password?\n");

                if (fgets(answer, INPUT_BUFFER, stdin) == NULL)
                        printf ("Oh shit, something went wrong\n");

                answer[strlen(answer) - 1] = 0;

                if (strcmp(passwordList[i], answer) != 0)
                {
                        printf ("KABOOM !\n");
                        return 0;
                }

        }

        printf("You won!\n");

        return 0;

}

  • 2 weeks later...
Posted

is this a hackits.de challenge?

  • 2 years later...
Posted
We have to debug/reverse engineer a program written in c called "bomb"

It asks for a password and if you don't get it right, then it blows up. There are 4 levels you have to get through (4 passwords).

I have run GDB on the program and this is all I have been able to come up with.... any help would be great!

* Oh and found out c = 1 and v = 0xFFBFFBEC from within GDB

int main (int c, char **v)
{
        char buffer4[8];
	char buffer3[8];
	char buffer2[8];
	char buffer1[8];
	sleepfor = !getenv("accel") * sleepfor;

	prompt();
	gets(buffer1);
	if (strcmp(buffer1, P1) == 0)
		click();
	else
		kaboom();
	prompt();
	gets(buffer2);



	if ((buffer2[0] == P2[0]) &&
		(buffer2[1] == P2[1]) &&
		(buffer2[2] == P2[2]) &&
		(strlen(buffer2) == 1<<2))
		click();
	else
		kaboom();
	prompt();
	gets(buffer2);


	if (strcmp(buffer3, P3) == 0)
		click();
	else 
		kaboom();
	prompt();

	gets(buffer4);
	if (fopen(buffer4,"r"))
		fizzle();
	else
		kaboom();

	return 0;

}

Posted
        answer[strlen(answer) - 1] = 0;

For people that don't know that code above strips the NULL ('\0') away from the end of the string.

Otherwise the strcmp() wouldn't work.

Took me a while to realise that >.<"

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...