Guest User

GCHQ CanYouCrackIt Stage 3 - C representation of keygen

a guest
Dec 4th, 2011
2,955
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ; Dr Gareth Owen, University of Greenwich, England.
  2. ; Explanation: http://gchqchallenge.blogspot.com
  3.  
  4. // licence file to contain
  5. // gchqcyberwinAAAABBBBCCCC
  6. int main(int argc, char **argv) {
  7.     char buf[0x18];
  8.     long *longPtr = NULL;
  9.    
  10.     if(argc != 1)
  11.     {
  12.         // display usage and exit
  13.     }
  14.    
  15.     memset(buf, 0, 0x18); // clear buffer
  16.    
  17.     FILE *in = fopen("license.txt", "r");
  18.     fscanf(in, "%s", buf);  // buffer overflow vulnerability - tut tut!
  19.     fclose(in);
  20.    
  21.     &longPtr = &buf;
  22.     if(*longPtr != 0x71686367) // first 4 bytes = 'gchq'?
  23.     {
  24.         // error & exit
  25.     }
  26.  
  27.     if(strcmp(crypt(buf[4], "hq"), "hqDTK7b8K2rvw")) { //hash next 8 bytes and compare with our hash
  28.         // invalid code - exit
  29.     }
  30.  
  31.    
  32.     // everything has checked out - construct URL
  33.     // of format /hqDTK7b8K2rvw/XX/XX/XX/key.txt
  34.     // where XX, XX, XX are taken from next 3x four bytes of licence and produced as HEX
  35.     // connect to hostname supplied on command line
  36.    
  37. }
  38.  
  39.  
RAW Paste Data