# Stack 1 ## About ![](/files/-M7uWdmodOyJ5DwGTcIV) ## Source Code ```c #include #include #include #include int main(int argc, char **argv) { volatile int modified; char buffer[64]; if(argc == 1) { errx(1, "please specify an argument\n"); } modified = 0; strcpy(buffer, argv[1]); if(modified == 0x61626364) { printf("you have correctly got the variable to the right value\n"); } else { printf("Try again, you got 0x%08x\n", modified); } } ``` ## Analysing the Source Code This program is similar to then one in stack0 but with some minor differences. The first one is that this program gets the input as `argv` instead of `stdin`. The second on is that instead of using the `gets` function, it now uses `strcpy`. Looking at the `strcpy` man page we see that this function copies the string pointed to by source (`argv[1]`) to the buffer pointed to by the destination. Going a little bit further down to the bugs section we can see that if the destination is not large enough, then it is possible to overflow it. ![](/files/-M7uXzSswHsHj4T1ziT7) The next thing to notice on the program is that `modified` is now compared to `0x61626364`. Looking at the hints, we already know that we will need to convert this hex value to its ASCII equivalent. But what about the `little endian`? ![](/files/-M7uYrZUmWgUc-YejqdU) So basically this means the little endian will flip the bytes so that the least significant byte is placed first and the most significant byte places last. If `0x61626364` is big endian, then as little endian it will become `0x64636261`. If we look on the ASCII table we can see that `"` translates to `dcba`. ![](/files/-M7u_1uUgfyqRNISdtLW) We can also use python to find out the ASCII values, which comes more in handy if we have bigger value to analyse. ![](/files/-M7uagPSs5OP4v7OhliM) ## Solving the Challenge ![](/files/-M7ubOPA7BnSEEz4y4of) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://666isildur.gitbook.io/ethical-hacking/protostar/stack-1.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.