SHARE
TWEET

GCHQ CanYouCrackIt Stage 3 - C representation of keygen

a guest Dec 4th, 2011 2,793 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ; Dr Gareth Owen, University of Greenwich, England.
  2. ; Explanation: http://gchqchallenge.blogspot.com
  3.  
  4. // licence file to contain
  5. // gchqcyberwinAAAABBBBCCCC
  6. int main(int argc, char **argv) {
  7.         char buf[0x18];
  8.         long *longPtr = NULL;
  9.        
  10.         if(argc != 1)
  11.         {
  12.                 // display usage and exit
  13.         }
  14.        
  15.         memset(buf, 0, 0x18); // clear buffer
  16.        
  17.         FILE *in = fopen("license.txt", "r");
  18.         fscanf(in, "%s", buf);  // buffer overflow vulnerability - tut tut!
  19.         fclose(in);
  20.        
  21.         &longPtr = &buf;
  22.         if(*longPtr != 0x71686367) // first 4 bytes = 'gchq'?
  23.         {
  24.                 // error & exit
  25.         }
  26.  
  27.         if(strcmp(crypt(buf[4], "hq"), "hqDTK7b8K2rvw")) { //hash next 8 bytes and compare with our hash
  28.                 // invalid code - exit
  29.         }
  30.  
  31.        
  32.         // everything has checked out - construct URL
  33.         // of format /hqDTK7b8K2rvw/XX/XX/XX/key.txt
  34.         // where XX, XX, XX are taken from next 3x four bytes of licence and produced as HEX
  35.         // connect to hostname supplied on command line
  36.        
  37. }
  38.  
  39.  
RAW Paste Data
Top