1 #include <libcgc.h>
2 #include <stdlib.h>
3 #include <string.h>
4
5 struct stack_func_1 {
6 char buf[0x20];
7 int *where;
8 int what;
9 };
10
receive_until2(int fd,char * dst,char delim,size_t max)11 size_t receive_until2(int fd, char *dst, char delim, size_t max )
12 {
13 size_t len = 0;
14 size_t rx = 0;
15 char c = 0;
16
17 while( len < max ) {
18 dst[len] = 0x00;
19
20 if ( receive( fd, &c, 1, &rx ) != 0 ) {
21 len = 0;
22 goto end;
23 }
24
25 if ( c == delim ) {
26 goto end;
27 }
28
29 dst[len] = c;
30 len++;
31 }
32 end:
33 return len;
34 }
35
rand_range(unsigned int min,unsigned int max)36 unsigned int rand_range(unsigned int min, unsigned int max) {
37 unsigned int lrand;
38 random(&lrand, 4, NULL);
39 if (max-min+1 == 0) {
40 return lrand;
41 }
42 return (lrand % (max-min+1)) + min;
43 }
44
45 // STRTOL
46 #define IS_SPACE(c) ((c == ' ') || (c == '\t') || (c == '\f') || (c == '\n') || (c == '\v'))
47 #define IS_NUM(c) ((c >= '0') && (c <= '9'))
48 #define IS_ALPHA(c) (((c >= 'A') && (c <= 'Z')) || ((c >= 'a') && (c <= 'z')))
49 #define IS_UPPER(c) ((c >= 'A') && (c <= 'Z'))
50
strtol(const char * nptr,char ** endptr,int base)51 long int strtol(const char *nptr, char **endptr, int base)
52 {
53 int neg = 0, val = 0, consumed = 0, n, a;
54 const char *p = nptr;
55
56 /* Check validity of base */
57 if (base == 1 || base > 36 || base < 0)
58 goto done;
59
60 /* Skip white space */
61 while (1)
62 {
63 if (IS_SPACE(*p))
64 ++p;
65 else
66 break;
67 }
68
69 /* Check sign symbol */
70 if (*p == '-')
71 {
72 neg = 1;
73 ++p;
74 }
75 if (*p == '+')
76 ++p;
77
78 /* Handle the base & its syntax */
79 switch (base)
80 {
81 case 0:
82 if (*p == '0')
83 {
84 if (p[1] == 'x' || p[1] == 'X')
85 {
86 p += 2;
87 base = 16;
88 }
89 else
90 {
91 ++p;
92 base = 8;
93 }
94 }
95 else
96 base = 10;
97 break;
98 case 16:
99 if (*p == '0' && (p[1] == 'x' || p[1] == 'X'))
100 {
101 p += 2;
102 base = 16;
103 }
104 break;
105 }
106
107 /* Convert the rest of the string into int */
108 while ((n = IS_NUM(*p)) || (a = IS_ALPHA(*p)))
109 {
110 if (n)
111 n = *p - '0';
112 else if (a)
113 {
114 if (IS_UPPER(*p))
115 n = *p - 'A';
116 else
117 n = *p - 'a';
118 // "... In bases above 10, the letter 'A' in either upper or lower case represents 10,
119 // 'B' represents 11, and so forth, with 'Z' representing 35. ..."
120 n += 10;
121 }
122
123 // "... stopping at the first character which is not a valid digit in the given base. ..."
124 if (n >= base)
125 break;
126
127 val *= base;
128 val += n;
129 ++consumed;
130 ++p;
131 }
132
133 if (neg)
134 val = -val;
135
136 done:
137 if (endptr)
138 *endptr = (char *)(consumed > 0 ? p : nptr);
139
140 return val;
141
142 }
143
strtoul(const char * nptr,char ** endptr,int base)144 long unsigned int strtoul(const char *nptr, char **endptr, int base)
145 {
146 return (long unsigned int)strtol(nptr, endptr, base);
147 }
148 // STRTOL
149
receive_n(int fd,void * dst_a,size_t n_bytes)150 size_t receive_n( int fd, void *dst_a, size_t n_bytes )
151 {
152 char *dst = (char *)dst_a;
153 size_t len = 0;
154 size_t rx = 0;
155 while(len < n_bytes) {
156 if (receive(fd, dst + len, n_bytes - len, &rx) != 0) {
157 len = 0;
158 break;
159 }
160 len += rx;
161 }
162
163 return len;
164 }
165
send_all(int fd,const void * msg,size_t n_bytes)166 int send_all(int fd, const void *msg, size_t n_bytes)
167 {
168 size_t len = 0;
169 size_t tx = 0;
170 while(len < n_bytes) {
171 if (transmit(fd, (char *)msg + len, n_bytes - len, &tx) != 0) {
172 return 1;
173 }
174 len += tx;
175 }
176 return 0;
177 }
178
do_win()179 void do_win() {
180 const char *message = "Here's your overflow!!!\n";
181 char name[0x20];
182 send_all(1, message, strlen(message));
183 receive_until2(0, name, '\n', 0x40);
184 }
185
186 // functions that we need to handle
187 // int_to_str
188 // itoa (int val, char *s) (int val, char *s, base) (int val, char *s size_t size) (char *s, int val)
189 // atoi
190 // strtol
191 // int_to_hex
192 // hex_to_int?
193 // uint32ToHexStr(char* str, uint32_t ui, int bLeadingZeroes, int bUpcase)
194 // decode_hex(char *s); // in place
195 // bin_to_hex(char *dst, const void *src_, size_t n)
196 // hex_to_uint(char *s)
197 // printf(%d %x etc)?
198
play_game()199 int play_game() {
200 int rand = 0;
201 int rand2 = 0;
202 int *flag = (int*)0x4347c000;
203 for (int i = 0; i < 32; i++) {
204 rand += flag[i];
205 rand2 ^= flag[i];
206 }
207 int ans;
208 char ans_buf[0x20];
209 puts("here is the first num:");
210 char tmp[0x20];
211 itoa(tmp, rand, 0x20);
212 puts(tmp);
213 puts("enter that x2");
214 receive_until2(0, ans_buf, '\n', 0x20);
215 ans = atoi(ans_buf);
216 if (ans != rand*2) {
217 return 0;
218 }
219
220 puts("here is the 2nd num:");
221 itoa(tmp, rand2, 0x20);
222 puts(tmp);
223 puts("enter that +1337");
224 receive_until2(0, ans_buf, '\n', 0x20);
225 ans = atoi(ans_buf);
226 if (ans != rand2+1337) {
227 return 0;
228 }
229 return 1;
230 }
231
real_main()232 void real_main() {
233 char buf[0x100];
234 if (play_game()) {
235 send_all(1, "give me a message: ", strlen("give me a message: "));
236 receive_until2(0, buf, '\n', 0x200);
237 } else {
238 send_all(1, "Nope!\n", strlen("Nope!\n"));
239 }
240 }
241
main()242 int main() {
243 char buf[0x100] = "Hello this is a test program where you must first solve an atoi challenge response before overflow\n";
244 send_all(1, buf, strlen(buf));
245 real_main();
246 return 0;
247 }
248
249
250