Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <string.h>
- #include <unistd.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include <fcntl.h>
- #define KEY_SIZE 8
- /*
- * Scenario:
- * Adam is a security researcher for a well known security company, he has
- * intercepted the code below as well as an encrypted PNG from the notorious
- * hacker "HaPPi". Unfortunately C code confuses Adam, can you help Adam decrypt
- * the PNG file?
- *
- * Objectives:
- * - Compile the code
- * - Make comments on the general security of the code and how it is vulnerable
- * - Reveal the contents of the encrypted file, preferably using the vulnerability!
- * - How would you fix the code so that it is not vulnerable
- */
- int main(int argc, char **argv)
- {
- char static key[] = {0xD, 0xE, 0xA, 0xD, 0xB, 0xE, 0xE, 0xF};
- int fd_in, fd_out, i;
- char store[KEY_SIZE];
- char buff[30];
- int flag = 0;
- setuid(0); // This makes things work...
- if ( argc < 2 )
- {
- printf("Usage: %s <password>\n", argv[0]);
- exit(1);
- }
- strcpy(buff,argv[1]);
- if(strcmp(buff, "IamSuperL33t"))
- {
- printf("Wrong Password\n");
- }
- else
- {
- flag++;
- }
- if(flag)
- {
- printf("Correct Password\n");
- if ((fd_in = open("encrypted.png", O_RDONLY)) < 0)
- {
- perror("Could not open in_file")
- exit(1);
- }
- if ((fd_out = open("decrypted.png", O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR)) < 0)
- {
- perror("Could not open out_file!");
- exit(1);
- }
- while (read(fd_in, &store, KEY_SIZE))
- {
- for (i=0; i<KEY_SIZE; i++)
- {
- store[i] = store[i] ^ key[i];
- }
- if (!write(fd_out, &store, KEY_SIZE))
- {
- perror("This shouldn't have happened, contact Techsupport");
- exit(-1);
- }
- }
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement