Stack 1

Last updated 5 years ago

Was this helpful?

Stack 1

About

Source Code

#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int main(int argc, char **argv)
{
  volatile int modified;
  char buffer[64];

  if(argc == 1) {
      errx(1, "please specify an argument\n");
  }

  modified = 0;
  strcpy(buffer, argv[1]);

  if(modified == 0x61626364) {
      printf("you have correctly got the variable to the right value\n");
  } else {
      printf("Try again, you got 0x%08x\n", modified);
  }
}

Analysing the Source Code

This program is similar to then one in stack0 but with some minor differences. The first one is that this program gets the input as argv instead of stdin. The second on is that instead of using the gets function, it now uses strcpy.

Looking at the strcpy man page we see that this function copies the string pointed to by source (argv[1]) to the buffer pointed to by the destination. Going a little bit further down to the bugs section we can see that if the destination is not large enough, then it is possible to overflow it.

The next thing to notice on the program is that modified is now compared to 0x61626364.

Looking at the hints, we already know that we will need to convert this hex value to its ASCII equivalent. But what about the little endian?

So basically this means the little endian will flip the bytes so that the least significant byte is placed first and the most significant byte places last. If 0x61626364 is big endian, then as little endian it will become 0x64636261.

If we look on the ASCII table we can see that " translates to dcba.

We can also use python to find out the ASCII values, which comes more in handy if we have bigger value to analyse.

Solving the Challenge

PreviousStack 0 NextStack 2

Last updated 5 years ago

Was this helpful?