diff options
| author | Louis Burda <quent.burda@gmail.com> | 2021-05-27 21:58:17 +0200 |
|---|---|---|
| committer | Louis Burda <quent.burda@gmail.com> | 2021-05-27 21:58:17 +0200 |
| commit | 8057ab1167b3c0c19f8212c86c7a849ca3997d47 (patch) | |
| tree | ff772afba37149dbfd2cab0e28b39fe2e81c61fa /checker/src/revhash | |
| parent | 002a422e321971d2c6d4c54ffe40288252299cf8 (diff) | |
| download | enowars5-service-stldoctor-8057ab1167b3c0c19f8212c86c7a849ca3997d47.tar.gz enowars5-service-stldoctor-8057ab1167b3c0c19f8212c86c7a849ca3997d47.zip | |
bumped enochecker and implemented exploits with minor tweaks to source
Diffstat (limited to 'checker/src/revhash')
| -rw-r--r-- | checker/src/revhash/.gitignore | 2 | ||||
| -rw-r--r-- | checker/src/revhash/Makefile | 11 | ||||
| -rw-r--r-- | checker/src/revhash/main.c | 80 |
3 files changed, 93 insertions, 0 deletions
diff --git a/checker/src/revhash/.gitignore b/checker/src/revhash/.gitignore new file mode 100644 index 0000000..82f9f1c --- /dev/null +++ b/checker/src/revhash/.gitignore @@ -0,0 +1,2 @@ +vgcore* +revhash diff --git a/checker/src/revhash/Makefile b/checker/src/revhash/Makefile new file mode 100644 index 0000000..b1c17df --- /dev/null +++ b/checker/src/revhash/Makefile @@ -0,0 +1,11 @@ +CFLAGS = -g + +.PHONY: all clean + +all: revhash + +clean: + rm revhash + +revhash: main.c + $(CC) -o $@ $< $(CFLAGS) diff --git a/checker/src/revhash/main.c b/checker/src/revhash/main.c new file mode 100644 index 0000000..f872e33 --- /dev/null +++ b/checker/src/revhash/main.c @@ -0,0 +1,80 @@ +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stdint.h> + +#define MAXITER 256 * 100 +#define MAX(x,y) ((x) > (y) ? (x) : (y)) +#define MIN(x,y) ((x) < (y) ? (x) : (y)) + +int +main(int argc, const char **argv) +{ + const char *hashstr; + char c, hexbuf[3] = { 0 }, *end, *buf; + int i, k, v, maxlen, sum, *hash, sublen, aftersum; + + if (argc < 2) { + fprintf(stderr, "USAGE: revhash <hash>\n"); + return EXIT_FAILURE; + } + + hashstr = argv[1]; + if (strlen(hashstr) % 2 != 0) + goto invalid; + + /* alloc */ + maxlen = strlen(hashstr) / 2; + hash = calloc(maxlen, sizeof(int)); + buf = malloc(strlen(hashstr)); + if (!hash) return EXIT_FAILURE; + + /* convert hex to int array */ + for (i = 0; i < maxlen; i++) { + memcpy(hexbuf, hashstr + 2 * i, 2); + hash[i] = strtol(hexbuf, &end, 16); + if (end && *end) goto invalid; + } + + /* bruteforce srand seed */ + for (i = 0; i < MAXITER; i++) { + srand(i); + + /* reverse chars for given sum */ + for (sum = i, k = 0; k < maxlen && sum > 0; k++) { + buf[k] = (char) hash[k] ^ (rand() % 256); + if (buf[k] < 0) break; + sum -= buf[k]; + } + + /* repeat if too short */ + if (k && sum == 0) { + sublen = k; + for (k = sublen; k < maxlen; k++) { + buf[k] = (char) hash[k] ^ (rand() % 256); + if (buf[k] < 0 || buf[k] != buf[k % sublen]) break; + } + } + + if (k < maxlen) continue; + + /* output first part we know */ + printf("%.*s", sublen, buf); + + /* add rest of chars */ + while (sum > 0) { + c = MIN(127, sum); + printf("%c", c); + sum -= c; + } + + printf("\n"); + return EXIT_SUCCESS; + } + + return EXIT_FAILURE; + +invalid: + fprintf(stderr, "Invalid hash string!\n"); + return EXIT_FAILURE; +} |