1 #include <libcgc.h>
2 #include <stdlib.h>
3 #include <string.h>
4
5 typedef unsigned char uint8_t;
6 typedef short int16_t;
7 typedef unsigned short uint16_t;
8 typedef int int32_t;
9 typedef unsigned int uint32_t;
10 typedef long long int64_t;
11 typedef unsigned long long uint64_t;
12
13 struct stack_func_1 {
14 char buf[0x20];
15 int *where;
16 int what;
17 };
18
receive_until2(int fd,char * dst,char delim,size_t max)19 size_t receive_until2(int fd, char *dst, char delim, size_t max )
20 {
21 size_t len = 0;
22 size_t rx = 0;
23 char c = 0;
24
25 while( len < max ) {
26 dst[len] = 0x00;
27
28 if ( receive( fd, &c, 1, &rx ) != 0 ) {
29 len = 0;
30 goto end;
31 }
32
33 if ( c == delim ) {
34 goto end;
35 }
36
37 dst[len] = c;
38 len++;
39 }
40 end:
41 return len;
42 }
43
rand_range(unsigned int min,unsigned int max)44 unsigned int rand_range(unsigned int min, unsigned int max) {
45 unsigned int lrand;
46 random(&lrand, 4, NULL);
47 if (max-min+1 == 0) {
48 return lrand;
49 }
50 return (lrand % (max-min+1)) + min;
51 }
52
int_to_str2(int num,int base,char * dst)53 void int_to_str2(int num, int base, char *dst) {
54 char const digit[] = "0123456789abcdefghijkl";
55 char* p = dst;
56 if(num < 0){
57 *p++ = '-';
58 num *= -1;
59 }
60 int shifter = num;
61 do{ //Move to where representation ends
62 ++p;
63 shifter = shifter/base;
64 } while (shifter);
65 *p = '\x00';
66 do{ //Move back, inserting digits as u go
67 *--p = digit[num%base];
68 num = num/base;
69 }while(num);
70 }
71
72 // STRTOL
73 #define IS_SPACE(c) ((c == ' ') || (c == '\t') || (c == '\f') || (c == '\n') || (c == '\v'))
74 #define IS_NUM(c) ((c >= '0') && (c <= '9'))
75 #define IS_ALPHA(c) (((c >= 'A') && (c <= 'Z')) || ((c >= 'a') && (c <= 'z')))
76 #define IS_UPPER(c) ((c >= 'A') && (c <= 'Z'))
77
strtol(const char * nptr,char ** endptr,int base)78 long int strtol(const char *nptr, char **endptr, int base)
79 {
80 int neg = 0, val = 0, consumed = 0, n, a;
81 const char *p = nptr;
82
83 /* Check validity of base */
84 if (base == 1 || base > 36 || base < 0)
85 goto done;
86
87 /* Skip white space */
88 while (1)
89 {
90 if (IS_SPACE(*p))
91 ++p;
92 else
93 break;
94 }
95
96 /* Check sign symbol */
97 if (*p == '-')
98 {
99 neg = 1;
100 ++p;
101 }
102 if (*p == '+')
103 ++p;
104
105 /* Handle the base & its syntax */
106 switch (base)
107 {
108 case 0:
109 if (*p == '0')
110 {
111 if (p[1] == 'x' || p[1] == 'X')
112 {
113 p += 2;
114 base = 16;
115 }
116 else
117 {
118 ++p;
119 base = 8;
120 }
121 }
122 else
123 base = 10;
124 break;
125 case 16:
126 if (*p == '0' && (p[1] == 'x' || p[1] == 'X'))
127 {
128 p += 2;
129 base = 16;
130 }
131 break;
132 }
133
134 /* Convert the rest of the string into int */
135 while ((n = IS_NUM(*p)) || (a = IS_ALPHA(*p)))
136 {
137 if (n)
138 n = *p - '0';
139 else if (a)
140 {
141 if (IS_UPPER(*p))
142 n = *p - 'A';
143 else
144 n = *p - 'a';
145 // "... In bases above 10, the letter 'A' in either upper or lower case represents 10,
146 // 'B' represents 11, and so forth, with 'Z' representing 35. ..."
147 n += 10;
148 }
149
150 // "... stopping at the first character which is not a valid digit in the given base. ..."
151 if (n >= base)
152 break;
153
154 val *= base;
155 val += n;
156 ++consumed;
157 ++p;
158 }
159
160 if (neg)
161 val = -val;
162
163 done:
164 if (endptr)
165 *endptr = (char *)(consumed > 0 ? p : nptr);
166
167 return val;
168
169 }
170
strtoul(const char * nptr,char ** endptr,int base)171 long unsigned int strtoul(const char *nptr, char **endptr, int base)
172 {
173 return (long unsigned int)strtol(nptr, endptr, base);
174 }
175 // STRTOL
176
receive_n(int fd,void * dst_a,size_t n_bytes)177 size_t receive_n( int fd, void *dst_a, size_t n_bytes )
178 {
179 char *dst = (char *)dst_a;
180 size_t len = 0;
181 size_t rx = 0;
182 while(len < n_bytes) {
183 if (receive(fd, dst + len, n_bytes - len, &rx) != 0) {
184 len = 0;
185 break;
186 }
187 len += rx;
188 }
189
190 return len;
191 }
192
send_all(int fd,const void * msg,size_t n_bytes)193 int send_all(int fd, const void *msg, size_t n_bytes)
194 {
195 size_t len = 0;
196 size_t tx = 0;
197 while(len < n_bytes) {
198 if (transmit(fd, (char *)msg + len, n_bytes - len, &tx) != 0) {
199 return 1;
200 }
201 len += tx;
202 }
203 return 0;
204 }
205
do_win()206 void do_win() {
207 const char *message = "Here's your overflow!!!\n";
208 char name[0x20];
209 send_all(1, message, strlen(message));
210 receive_until2(0, name, '\n', 0x40);
211 }
212
213 char *passes[] = {"secret_pass1", "skj3292>><>", "#12344", "abc", "Z", "TTTTTTTTTTT", "thelongsecretpass", "t23921", "1337", "zz"};
214
215
216 char ans[30] = {0};
play_game()217 int play_game() {
218 int rand = 0;
219 int *flag = (int*)0x4347c000;
220 for (int i = 0; i < 32; i++) {
221 rand += flag[i];
222 }
223
224 int choice = rand % 10;
225 puts(passes[choice]);
226
227 receive_until2(0, ans, '\n', 30);
228 if (strcmp(ans, passes[choice]))
229 return 0;
230 return 1;
231 }
232
real_main()233 void real_main() {
234 char buf[0x100];
235 if (play_game()) {
236 // send_all(1, "you answered: ", strlen("you answered: "));
237 // send_all(1, &ans, 4);
238 // send_all(1, "\n", 1);
239 send_all(1, "give me a message: ", strlen("give me a message: "));
240 receive_until2(0, buf, '\n', 0x200);
241 }
242 else {
243 send_all(1, "Nope!\n", strlen("Nope!\n"));
244 }
245 }
246
main()247 int main() {
248 char buf[0x100] = "Hello this is a test program where you must first solve a challenge response before overflow\n";
249 send_all(1, buf, strlen(buf));
250 real_main();
251
252 return 0;
253 }
254
255
256