#include <string.h>#include <unistd.h>#include <stdlib.h>#include <stdio.h

1. #include <string.h>
2. #include <unistd.h>
3. #include <stdlib.h>
4. #include <stdio.h>
5. #include <fcntl.h>
6.  
7. #define KEY_SIZE 8
8.  
9. /*
10. * Scenario:
11. * Adam is a security researcher for a well known security company, he has
12. * intercepted the code below as well as an encrypted PNG from the notorious
13. * hacker "HaPPi". Unfortunately C code confuses Adam, can you help Adam decrypt
14. * the PNG file?
15. *
16. * Objectives:
17. * - Compile the code
18. * - Make comments on the general security of the code and how it is vulnerable
19. * - Reveal the contents of the encrypted file, preferably using the vulnerability!
20. * - How would you fix the code so that it is not vulnerable
21. */
22.  
23. int main(int argc, char **argv)
24. {
25. char static key[] = {0xD, 0xE, 0xA, 0xD, 0xB, 0xE, 0xE, 0xF};
26. int fd_in, fd_out, i;
27. char store[KEY_SIZE];
28. char buff[30];
29. int flag = 0;
30.  
31. setuid(0); // This makes things work...
32.  
33. if ( argc < 2 )
34. {
35. printf("Usage: %s <password>\n", argv[0]);
36. exit(1);
37. }
38.  
39. strcpy(buff,argv[1]);
40.  
41. if(strcmp(buff, "IamSuperL33t"))
42. {
43. printf("Wrong Password\n");
44. }
45. else
46. {
47. flag++;
48. }
49. if(flag)
50. {
51. printf("Correct Password\n");
52. if ((fd_in = open("encrypted.png", O_RDONLY)) < 0)
53. {
54. perror("Could not open in_file")
55. exit(1);
56. }
57.  
58. if ((fd_out = open("decrypted.png", O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR)) < 0)
59. {
60. perror("Could not open out_file!");
61. exit(1);
62. }
63.  
64. while (read(fd_in, &store, KEY_SIZE))
65. {
66. for (i=0; i<KEY_SIZE; i++)
67. {
68. store[i] = store[i] ^ key[i];
69. }
70.  
71. if (!write(fd_out, &store, KEY_SIZE))
72. {
73. perror("This shouldn't have happened, contact Techsupport");
74. exit(-1);
75. }
76. }
77. }
78. return 0;
79. }