From 8057ab1167b3c0c19f8212c86c7a849ca3997d47 Mon Sep 17 00:00:00 2001
From: Louis Burda <quent.burda@gmail.com>
Date: Thu, 27 May 2021 21:58:17 +0200
Subject: bumped enochecker and implemented exploits with minor tweaks to
 source

---
 checker/src/revhash/main.c | 80 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 80 insertions(+)
 create mode 100644 checker/src/revhash/main.c

(limited to 'checker/src/revhash/main.c')

diff --git a/checker/src/revhash/main.c b/checker/src/revhash/main.c
new file mode 100644
index 0000000..f872e33
--- /dev/null
+++ b/checker/src/revhash/main.c
@@ -0,0 +1,80 @@
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdint.h>
+
+#define MAXITER   256 * 100
+#define MAX(x,y)  ((x) > (y) ? (x) : (y))
+#define MIN(x,y)  ((x) < (y) ? (x) : (y))
+
+int
+main(int argc, const char **argv)
+{
+	const char *hashstr;
+	char c, hexbuf[3] = { 0 }, *end, *buf;
+	int i, k, v, maxlen, sum, *hash, sublen, aftersum;
+
+	if (argc < 2) {
+		fprintf(stderr, "USAGE: revhash <hash>\n");
+		return EXIT_FAILURE;
+	}
+
+	hashstr = argv[1];
+	if (strlen(hashstr) % 2 != 0)
+		goto invalid;
+
+	/* alloc */
+	maxlen = strlen(hashstr) / 2;
+	hash = calloc(maxlen, sizeof(int));
+	buf = malloc(strlen(hashstr));
+	if (!hash) return EXIT_FAILURE;
+
+	/* convert hex to int array */
+	for (i = 0; i < maxlen; i++) {
+		memcpy(hexbuf, hashstr + 2 * i, 2);
+		hash[i] = strtol(hexbuf, &end, 16);
+		if (end && *end) goto invalid;
+	}
+
+	/* bruteforce srand seed */
+	for (i = 0; i < MAXITER; i++) {
+		srand(i);
+
+		/* reverse chars for given sum */
+		for (sum = i, k = 0; k < maxlen && sum > 0; k++) {
+			buf[k] = (char) hash[k] ^ (rand() % 256);
+			if (buf[k] < 0) break;
+			sum -= buf[k];
+		}
+
+		/* repeat if too short */
+		if (k && sum == 0) {
+			sublen = k;
+			for (k = sublen; k < maxlen; k++) {
+				buf[k] = (char) hash[k] ^ (rand() % 256);
+				if (buf[k] < 0 || buf[k] != buf[k % sublen]) break;
+			}
+		}
+
+		if (k < maxlen) continue;
+
+		/* output first part we know */
+		printf("%.*s", sublen, buf);
+
+		/* add rest of chars */
+		while (sum > 0) {
+			c = MIN(127, sum);
+			printf("%c", c);
+			sum -= c;
+		}
+
+		printf("\n");
+		return EXIT_SUCCESS;
+	}
+
+	return EXIT_FAILURE;
+
+invalid:
+	fprintf(stderr, "Invalid hash string!\n");
+	return EXIT_FAILURE;
+}
-- 
cgit v1.2.3-71-gd317