78 lines
1.5 KiB
C
78 lines
1.5 KiB
C
// gcc ./cxxdition_rxxe.c -o pwn
|
|
#include <pthread.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <fcntl.h>
|
|
#include <unistd.h>
|
|
|
|
#define ROUNDS 1000000
|
|
|
|
int passwd[4];
|
|
int input[4];
|
|
|
|
void init() {
|
|
setvbuf(stdin, 0LL, 2, 0LL);
|
|
setvbuf(stdout, 0LL, 2, 0LL);
|
|
setvbuf(stderr, 0LL, 2, 0LL);
|
|
}
|
|
|
|
|
|
void *init_passwd(void *arg) {
|
|
init();
|
|
srand(time(NULL));
|
|
for(int i = 0; i < ROUNDS; ++i) {
|
|
passwd[i%4] ^= rand();
|
|
}
|
|
int fd = open("/dev/urandom", O_RDONLY);
|
|
int key[4] = {};
|
|
for(int i = 0; i < ROUNDS; ++i) {
|
|
int tmp;
|
|
read(fd, (char *) &tmp, sizeof(tmp));
|
|
key[i%4] ^= tmp;
|
|
}
|
|
for(int i = 0; i < 4; ++i) {
|
|
passwd[i] ^= key[i];
|
|
}
|
|
close(fd);
|
|
return NULL;
|
|
}
|
|
|
|
|
|
void win() {
|
|
init();
|
|
char buf[0x30];
|
|
int fd = open("flag", O_RDONLY);
|
|
if(fd < 0) {
|
|
perror("Open flag error!");
|
|
}
|
|
read(fd, buf, sizeof(buf));
|
|
puts(buf);
|
|
close(fd);
|
|
}
|
|
|
|
|
|
void *check_passwd(void * arg) {
|
|
init();
|
|
if(!memcmp(input, passwd, sizeof(passwd))) {
|
|
puts("Login success!");
|
|
puts("This is your flag:");
|
|
win();
|
|
} else {
|
|
puts("Login failed!");
|
|
}
|
|
}
|
|
|
|
int main() {
|
|
pthread_t init_passwd_tid;
|
|
pthread_create(&init_passwd_tid, NULL, init_passwd, NULL);
|
|
while(1) {
|
|
// sleep(1);
|
|
puts("Password: ");
|
|
read(0, (char *) &input, sizeof(input));
|
|
pthread_t check_passwd_tid;
|
|
pthread_create(&check_passwd_tid, NULL, check_passwd, NULL);
|
|
}
|
|
return 0;
|
|
}
|