1 #include <libcgc.h>
2 #include <stdlib.h>
3 #include <string.h>
4 
5 typedef unsigned char uint8_t;
6 typedef short int16_t;
7 typedef unsigned short uint16_t;
8 typedef int int32_t;
9 typedef unsigned int uint32_t;
10 typedef long long int64_t;
11 typedef unsigned long long uint64_t;
12 
13 struct stack_func_1 {
14   char buf[0x20];
15   int *where;
16   int what;
17 };
18 
receive_until2(int fd,char * dst,char delim,size_t max)19 size_t receive_until2(int fd, char *dst, char delim, size_t max )
20 {
21     size_t len = 0;
22     size_t rx = 0;
23     char c = 0;
24 
25     while( len < max ) {
26         dst[len] = 0x00;
27 
28         if ( receive( fd, &c, 1, &rx ) != 0 ) {
29             len = 0;
30             goto end;
31         }
32 
33         if ( c == delim ) {
34             goto end;
35         }
36 
37         dst[len] = c;
38         len++;
39     }
40 end:
41     return len;
42 }
43 
rand_range(unsigned int min,unsigned int max)44 unsigned int rand_range(unsigned int min, unsigned int max) {
45   unsigned int lrand;
46   random(&lrand, 4, NULL);
47   if (max-min+1 == 0) {
48     return lrand;
49   }
50   return (lrand % (max-min+1)) + min;
51 }
52 
int_to_str2(int num,int base,char * dst)53 void int_to_str2(int num, int base, char *dst) {
54   char const digit[] = "0123456789abcdefghijkl";
55   char* p = dst;
56   if(num < 0){
57       *p++ = '-';
58       num *= -1;
59   }
60   int shifter = num;
61   do{ //Move to where representation ends
62       ++p;
63       shifter = shifter/base;
64   } while (shifter);
65   *p = '\x00';
66   do{ //Move back, inserting digits as u go
67       *--p = digit[num%base];
68       num = num/base;
69   }while(num);
70 }
71 
72 // STRTOL
73 #define IS_SPACE(c) ((c == ' ') || (c == '\t') || (c == '\f') || (c == '\n') || (c == '\v'))
74 #define IS_NUM(c) ((c >= '0') && (c <= '9'))
75 #define IS_ALPHA(c) (((c >= 'A') && (c <= 'Z')) || ((c >= 'a') && (c <= 'z')))
76 #define IS_UPPER(c) ((c >= 'A') && (c <= 'Z'))
77 
strtol(const char * nptr,char ** endptr,int base)78 long int strtol(const char *nptr, char **endptr, int base)
79 {
80     int neg = 0, val = 0, consumed = 0, n, a;
81     const char *p = nptr;
82 
83     /* Check validity of base */
84     if (base == 1 || base > 36 || base < 0)
85         goto done;
86 
87     /* Skip white space */
88     while (1)
89     {
90         if (IS_SPACE(*p))
91             ++p;
92         else
93             break;
94     }
95 
96     /* Check sign symbol */
97     if (*p == '-')
98     {
99         neg = 1;
100         ++p;
101     }
102     if (*p == '+')
103         ++p;
104 
105     /* Handle the base & its syntax */
106     switch (base)
107     {
108         case 0:
109             if (*p == '0')
110             {
111                 if (p[1] == 'x' || p[1] == 'X')
112                 {
113                     p += 2;
114                     base = 16;
115                 }
116                 else
117                 {
118                     ++p;
119                     base = 8;
120                 }
121             }
122             else
123                 base = 10;
124             break;
125         case 16:
126             if (*p == '0' && (p[1] == 'x' || p[1] == 'X'))
127             {
128                 p += 2;
129                 base = 16;
130             }
131             break;
132     }
133 
134     /* Convert the rest of the string into int */
135     while ((n = IS_NUM(*p)) || (a = IS_ALPHA(*p)))
136     {
137         if (n)
138             n = *p - '0';
139         else if (a)
140         {
141             if (IS_UPPER(*p))
142                 n = *p - 'A';
143             else
144                 n = *p - 'a';
145             // "... In bases above 10, the letter 'A' in either upper  or  lower case represents 10,
146             //      'B' represents 11, and so forth, with 'Z' representing 35. ..."
147             n += 10;
148         }
149 
150         // "... stopping at the first character which is not a valid digit in the given base. ..."
151         if (n >= base)
152             break;
153 
154         val *= base;
155         val += n;
156         ++consumed;
157         ++p;
158     }
159 
160     if (neg)
161         val = -val;
162 
163 done:
164     if (endptr)
165         *endptr = (char *)(consumed > 0 ? p : nptr);
166 
167     return val;
168 
169 }
170 
strtoul(const char * nptr,char ** endptr,int base)171 long unsigned int strtoul(const char *nptr, char **endptr, int base)
172 {
173     return (long unsigned int)strtol(nptr, endptr, base);
174 }
175 // STRTOL
176 
receive_n(int fd,void * dst_a,size_t n_bytes)177 size_t receive_n( int fd, void *dst_a, size_t n_bytes )
178 {
179   char *dst = (char *)dst_a;
180   size_t len = 0;
181   size_t rx = 0;
182   while(len < n_bytes) {
183     if (receive(fd, dst + len, n_bytes - len, &rx) != 0) {
184       len = 0;
185       break;
186     }
187     len += rx;
188   }
189 
190   return len;
191 }
192 
send_all(int fd,const void * msg,size_t n_bytes)193 int send_all(int fd, const void *msg, size_t n_bytes)
194 {
195   size_t len = 0;
196   size_t tx = 0;
197   while(len < n_bytes) {
198     if (transmit(fd, (char *)msg + len, n_bytes - len, &tx) != 0) {
199       return 1;
200     }
201     len += tx;
202   }
203   return 0;
204 }
205 
do_win()206 void do_win() {
207     const char *message = "Here's your overflow!!!\n";
208     char name[0x20];
209     send_all(1, message, strlen(message));
210     receive_until2(0, name, '\n', 0x40);
211 }
212 
213 char *passes[] = {"secret_pass1", "skj3292>><>", "#12344", "abc", "Z", "TTTTTTTTTTT", "thelongsecretpass", "t23921", "1337", "zz"};
214 
215 
216 char ans[30] = {0};
play_game()217 int play_game() {
218     int rand = 0;
219     int *flag = (int*)0x4347c000;
220     for (int i = 0; i < 32; i++) {
221         rand += flag[i];
222     }
223 
224     int choice = rand % 10;
225     puts(passes[choice]);
226 
227     receive_until2(0, ans, '\n', 30);
228     if (strcmp(ans, passes[choice]))
229       return 0;
230     return 1;
231 }
232 
real_main()233 void real_main() {
234   char buf[0x100];
235   if (play_game()) {
236    // send_all(1, "you answered: ", strlen("you answered: "));
237    // send_all(1, &ans, 4);
238    // send_all(1, "\n", 1);
239     send_all(1, "give me a message: ", strlen("give me a message: "));
240     receive_until2(0, buf, '\n', 0x200);
241   }
242   else {
243     send_all(1, "Nope!\n", strlen("Nope!\n"));
244   }
245 }
246 
main()247 int main() {
248   char buf[0x100] = "Hello this is a test program where you must first solve a challenge response before overflow\n";
249   send_all(1, buf, strlen(buf));
250   real_main();
251 
252   return 0;
253 }
254 
255 
256