nullcon2023-chall-spygame

Python C-binding object leak challenge for NullCon 2023 Berlin
git clone https://git.sinitax.com/sinitax/nullcon2023-chall-spygame
Log | Files | Refs | sfeed.txt

spymodule.c (2776B)

      1#define PY_SSIZE_T_CLEAN
      2#include <Python.h>
      3
      4#include <bits/time.h>
      5#include <stdbool.h>
      6#include <stdio.h>
      7
      8static PyObject *spy_easy(PyObject *self, PyObject *args);
      9static PyObject *spy_hard(PyObject *self, PyObject *args);
     10
     11static PyMethodDef spy_methods[] = {
     12	{ "easy", spy_easy, METH_VARARGS, "Play Spy Game (Easy)" },
     13	{ "hard", spy_hard, METH_VARARGS, "Play Spy Game (Hard)" },
     14	{ 0 }
     15};
     16
     17static struct PyModuleDef spy_module = {
     18	PyModuleDef_HEAD_INIT,
     19	"spy",
     20	"Spy Game Module",
     21	-1,
     22	spy_methods,
     23};
     24
     25PyObject *
     26spy_game(PyObject *self, PyObject *args, unsigned count)
     27{
     28	char user_input[256];
     29	uint8_t numbers[count];
     30	struct timespec start, end;
     31	uint64_t start_ns, end_ns;
     32	uint64_t total_ns, total_ok;
     33	size_t swap1, swap2;
     34	size_t swap1_in, swap2_in;
     35	size_t i, k;
     36	bool ok;
     37
     38	if (!PyArg_ParseTuple(args, ""))
     39		return NULL;
     40
     41	printf("Ready? ");
     42	getchar();
     43	printf("\n");
     44
     45	total_ok = 0;
     46	total_ns = 0;
     47	for (i = 0; i < 8; i++) {
     48		for (k = 0; k < count; k++)
     49			numbers[k] = k;
     50
     51		swap1 = rand() % count;
     52		swap2 = (swap1 + 1 + rand() % (count - 1)) % count;
     53
     54		numbers[swap1] ^= numbers[swap2];
     55		numbers[swap2] ^= numbers[swap1];
     56		numbers[swap1] ^= numbers[swap2];
     57
     58		printf("Before: ");
     59		for (k = 0; k < count; k++)
     60			printf("%u ", numbers[k]);
     61		printf("\n");
     62
     63		clock_gettime(CLOCK_REALTIME, &start);
     64		start_ns = start.tv_nsec + start.tv_sec * 1e9;
     65
     66		fflush(stdin);
     67
     68		printf("Index 1: ");
     69		(void)fgets(user_input, sizeof(user_input), stdin);
     70		swap1_in = strtoull(user_input, NULL, 10);
     71
     72		printf("Index 2: ");
     73		(void)fgets(user_input, sizeof(user_input), stdin);
     74		swap2_in = strtoull(user_input, NULL, 10);
     75
     76		clock_gettime(CLOCK_REALTIME, &end);
     77		end_ns = end.tv_nsec + end.tv_sec * 1e9;
     78
     79		numbers[swap1_in] ^= numbers[swap2_in];
     80		numbers[swap2_in] ^= numbers[swap1_in];
     81		numbers[swap1_in] ^= numbers[swap2_in];
     82
     83		printf("After: ");
     84		for (k = 0; k < count; k++)
     85			printf("%u ", numbers[k]);
     86		printf("\n");
     87
     88		ok = (swap1_in == swap1 && swap2_in == swap2)
     89			|| (swap1_in == swap2 && swap2_in == swap1);
     90		printf("You answered %s in %lu nanoseconds!\n",
     91			ok ? "correctly" : "incorrectly",
     92			end_ns - start_ns);
     93		printf("\n");
     94
     95		total_ok += ok;
     96		total_ns += end_ns - start_ns;
     97	}
     98
     99	if (count == 256 && total_ok == 5 && total_ns < 1000) {
    100		return PyUnicode_FromString("REWARD");
    101	} else if (count == 10 && total_ok == 5 && total_ns < 1e9 * 60) {
    102		return PyUnicode_FromString("MOTIVATE");
    103	}
    104
    105	return PyUnicode_FromString("SLOW");
    106}
    107
    108PyObject *
    109spy_easy(PyObject *self, PyObject *args)
    110{
    111	return spy_game(self, args, 10);
    112}
    113
    114PyObject *
    115spy_hard(PyObject *self, PyObject *args)
    116{
    117	return spy_game(self, args, 256);
    118}
    119
    120PyMODINIT_FUNC PyInit_spy(void) {
    121	setvbuf(stdout, NULL, _IONBF, 0);
    122	return PyModule_Create(&spy_module);
    123};