${
import
random, os
random.seed(os.urandom(
8
))
userdef_charset
=
'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
userdef
=
''.join(random.choice(userdef_charset)
for
_
in
range
(
8
))
def
check_string_recursive(array0, array1, random_list, bit):
if
bit <
0
:
write(
'aas(%s, %s);'
%
(array0, array1))
else
:
if
random_list[
0
]:
write(
'if (CHECK_BIT(%s, %d) == CHECK_BIT(%s, %d)) {'
%
(array0, bit, array1, bit))
check_string_recursive(array0, array1, random_list[
1
:], bit
-
1
)
write(
'} else { aaz(); '
)
check_string_recursive(array0, array1, random_list[
1
:], bit
-
1
)
write(
'}'
)
else
:
write(
'if (CHECK_BIT(%s, %d) != CHECK_BIT(%s, %d)) { aaz();'
%
(array0, bit, array1, bit))
check_string_recursive(array0, array1, random_list[
1
:], bit
-
1
)
write(
'} else { '
)
check_string_recursive(array0, array1, random_list[
1
:], bit
-
1
)
write(
'}'
)
}$
/
/
return
true
if
nth bit of array
is
1
char msg[]
=
"${ description }$"
;
uint8_t should_succeed
=
1
;
void print_msg() {
printf(
"%s"
, msg);
}
int
complex_function(
int
value,
int
i) {
/
/
。。。复杂运算,直接就遍历出来了,应该改复杂一些的
if
(!(
'A'
<
=
value && value <
=
'Z'
)) {
printf(
"Try again.\n"
);
exit(
1
);
}
return
((value
-
'A'
+
(LAMBDA
*
i))
%
(
'Z'
-
'A'
+
1
))
+
'A'
;
}
void aaz() {
should_succeed
=
0
;
}
void get_sh(){
system(
"/bin/sh"
);
}
int
login_again() {
setbuf(stdout, NULL);
setbuf(stderr, NULL);
setbuf(stdin, NULL);
char pwd[
64
];
printf(
"Enter the password again: "
);
gets(&pwd);
/
/
栈溢出
if
(strcmp(pwd,
"deadbeef"
)
=
=
0
){
puts(
"I think you can't get shell"
);
}
else
{
puts(
"Error."
);
}
return
0
;
}
void aas(char
*
compare0, char
*
compare1) {
if
(should_succeed && !strncmp(compare0, compare1,
8
)) {
/
/
如果should_succeed为真,且进行复杂运算之后的输入和userdef相等,就进入下一步
login_again();
}
else
{
printf(
"Error.\n"
);
}
}
int
main(
int
argc, char
*
argv[]) {
char
buffer
[
20
];
char password[
20
];
/
/
print_msg();
for
(
int
i
=
0
; i <
20
;
+
+
i) {
password[i]
=
0
;
}
strncpy(password, USERDEF, LEN_USERDEF);
/
/
password
=
USERDEF,最后要和输入比较的字符串
printf(
"Enter the password: "
);
/
/
输入
scanf(
"%8s"
,
buffer
);
for
(
int
i
=
0
; i<LEN_USERDEF;
+
+
i) {
/
/
对输入进行复杂运算
buffer
[i]
=
(char) complex_function(
buffer
[i], i);
}
/
/
递归调用,也就是这里生成很多函数
${ check_string_recursive(
'buffer'
,
'password'
, random_list,
12
) }$
}