collision
{"author": ["ret2basic"]}

Source Code

1
#include <stdio.h>
2
#include <string.h>
3
unsigned long hashcode = 0x21DD09EC;
4
unsigned long check_password(const char* p){
5
int* ip = (int*)p;
6
int i;
7
int res=0;
8
for(i=0; i<5; i++){
9
res += ip[i];
10
}
11
return res;
12
}
13
14
int main(int argc, char* argv[]){
15
if(argc<2){
16
printf("usage : %s [passcode]\n", argv[0]);
17
return 0;
18
}
19
if(strlen(argv[1]) != 20){
20
printf("passcode length should be 20 bytes\n");
21
return 0;
22
}
23
24
if(hashcode == check_password( argv[1] )){
25
system("/bin/cat flag");
26
return 0;
27
}
28
else
29
printf("wrong passcode.\n");
30
return 0;
31
}
Copied!

Solution

We need to find 5 integers in hex that sum to 0x21dd09ec. An naive idea is to divide 0x21dd09ec by 5. It won't work directly because this number isn't divisible by 5. But, following from this idea, we could find a solution by using the formula:
1
0x21dd09ec = (0x21dd09ec // 5) * 4 + <residue>
Copied!
Here we have 0x21dd09ec // 5 = 0x6c5cec8, so residue = 0x21dd09ec - 0x6c5cec8 * 4 = 0x6c5cecc. Make sure you pass the payload in little-endian form.

Get Flag

Get flag
Last modified 5mo ago