Hack You CTF 2012 - Reverse 100

In this puzzle, a C source file was given to us.

#include
#include

int main(int argc, char *argv[]) {
	if (argc != 4) {
		printf("what?n");
		exit(1);
	}

	unsigned int first = atoi(argv[1]);
	if (first != 0xcafe) {
		printf("you are wrong, sorry.n");
		exit(2);
	}

	unsigned int second = atoi(argv[2]);
	if (second % 5 == 3 || second % 17 != 8) {
		printf("ha, you won't get it!n");
		exit(3);
	}

	if (strcmp("h4cky0u", argv[3])) {
		printf("so close, dude!n");
		exit(4);
	}

	printf("Brr wrrr grrn");

	unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

	printf("Get your key: ");
	printf("%xn", hash);
	return 0;
}

The objective is to place the proper arguments when executing the program in order to obtain the answer.

if (argc != 4) {
    printf("what?n");
    exit(1);
}

The program takes three arguments on the command line.

unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
    printf("you are wrong, sorry.n");
    exit(2);
}

The first argument is converted to an unsigned integer. It has to match the constant hexadecimal value of 0xcafe or 51966 in decimal.

unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!n");
exit(3);
}

The second argument is also converted to an unsigned integer. This argument has to not yield 3 when mod with 5 and yield 8 when mod with 17.

The first number that matches the second condition is 17 + 8 = 25.

This number also passes the first condition, 25 mod 5 is 0 not 3.

if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!n");
exit(4);
}

The third argument is simply “h4cky0u”. It is validated by a simple string compare.

The result of executing the program with the discovered arguments:

amon@Alyx:~/hackyou/rev100$ ./code 51966 25 h4cky0u
Brr wrrr grr
Get your key: c0ffee
amon@Alyx:~/hackyou/rev100$