【攻防世界】Reverse——parallel-comparator-200 writeup
这道题考察c语言代码阅读能力。注意到下面这连个循环,
int highly_optimized_parallel_comparsion(char *user_string)
{
// 省略前面的代码......
for (i = 0; i < FLAG_LEN; i++) {
pthread_join(*(thread+i), &result);
generated_string[i] = *(char *)result + just_a_string[i];
free(result);
free(arguments[i]);
}
int is_ok = 1;
for (i = 0; i < FLAG_LEN; i++) {
if (generated_string[i] != just_a_string[i])
return 0;
}
return 1;
}generated_string[i] = *(char *)result + just_a_string[i]; 和 generated_string[i] == just_a_string[i]同时成立,也就是说result是个0向量或全为0的数组。
void * checking(void *arg) {
char *result = malloc(sizeof(char));
char *argument = (char *)arg;
*result = (argument[0]+argument[1]) ^ argument[2];
return result;
}
int highly_optimized_parallel_comparsion(char *user_string)
{
int initialization_number;
int i;
char generated_string[FLAG_LEN + 1];
generated_string[FLAG_LEN] = '\0';
while ((initialization_number = random()) >= 64);
int first_letter;
first_letter = (initialization_number % 26) + 97;
pthread_t thread[FLAG_LEN];
char differences[FLAG_LEN] = {0, 9, -9, -1, 13, -13, -4, -11, -9, -1, -7, 6, -13, 13, 3, 9, -13, -11, 6, -7};
char *arguments[20];
for (i = 0; i < FLAG_LEN; i++) {
arguments[i] = (char *)malloc(3*sizeof(char));
arguments[i][0] = first_letter;
arguments[i][1] = differences[i];
arguments[i][2] = user_string[i];
pthread_create((pthread_t*)(thread+i), NULL, checking, arguments[i]);
}
//省略下面的代码
}根据上面的代码,我们知道firstletter的取值是【97,122】(a-z),于是我们可以写一个程序,让它输出所有的可能结果:
argument_1 = [0, 9, -9, -1, 13, -13, -4, -11, -9, -1, -7, 6, -13, 13, 3, 9, -13, -11, 6, -7]
for i in range(97, 123):
res= ''
for j in range(len(argument_1)):
tmp = (i + argument_1[j] )
res+=chr(tmp)
print(res)这个程序的输出:
ajX`nT]VX`ZgTndjTVgZ bkYaoU^WYa[hUoekUWh[ clZbpV_XZb\iVpflVXi\ dm[cqW`Y[c]jWqgmWYj] en\drXaZ\d^kXrhnXZk^ fo]esYb[]e_lYsioY[l_ gp^ftZc\^f`mZtjpZ\m` hq_gu[d]_gan[ukq[]na ir`hv\e^`hbo\vlr\^ob jsaiw]f_aicp]wms]_pc ktbjx^g`bjdq^xnt^`qd lucky_hacker_you_are mvdlz`ibdlfs`zpv`bsf nwem{ajcemgta{qwactg oxfn|bkdfnhub|rxbduh pygo}clegoivc}sycevi qzhp~dmfhpjwd~tzdfwj r{iqengiqkxeu{egxk s|jrfohjrlyfv|fhyl t}ksgpiksmzgw}gizm u~lthqjltn{hx~hj{n vmuirkmuo|iyik|o wnv jslnvp}j zjl}p xow ktmowq~k {km~q ypxlunpxrl|lnr zqymvoqysm}mos
其中只有lucky_hacker_you_are具有意义,所以这就是flag