PDA

View Full Version : Pimps getting creative



DaveB
27th October 2015, 12:19
Before you can even apply.

Solve the code problem and provide the answer or your CV gets binned!

/*
If you would like to view this email in your browser please click
here

Are you ready for a challenging and
highly rewarding career in cyber security?

We have several vacancies that are currently advertised on CyberSecurityJobSite.com.

1. Call the 'goal' function by providing the correct value of index as a
parameter
to the program and note the output.
2. The missing piece to get the answer is 0xC0D1F1ED. You'll know it's
right when you see it.
3. For immediate consideration, apply through CyberSecurityJobSite.com
with the answer
in your covering note.
*/

//You may need to install gcc-multilib or similar package for your Linux
distribution.
//gcc -m32 chall-stack.c
#include <stdio.h>
#include <stdlib.h>
#define FTBL_LEN 5
typedef void func_t(int);

void goal(int i) {
printf("%08x\n", ((i|0x40000000) * 0x31337)^0x2c10c413);
}
void try(int i) {
printf("Incorrect index %d. Keep trying!\n");
}
int main (int argc, const char**argv) {
int i, index;
func_t *tbl[FTBL_LEN + 1];
for (i=0;i<FTBL_LEN;++i)
tbl[i] = try;
tbl[i] = goal;
index = strtol(argv[1], NULL, 10);
if (index >= FTBL_LEN)
printf("Index too high.\n");
else
(*tbl[index])(index);
return 0;
}

suityou01
27th October 2015, 14:08
I'm not even sure that would compile. The function try takes one argument. :freaky:

Edit: Unless tbl is an array of function pointers to try. :freaky:

In any case, then the try function will always say the same thing as the printf has a placeholder and no variable so will always print 0?

FatLazyContractor
27th October 2015, 14:11
I compiled it and the result is as below:


F3CK 0FF P33-1-M-PEE

suityou01
27th October 2015, 14:13
I compiled it and the result is as below:

http://www.disneyclips.com/imagesnewb/imageslwrakr01/mar235.gif

_V_
27th October 2015, 15:10
Don't tell me, permie job at GCHQ, £30K p.a.

DaveB
27th October 2015, 15:12
Don't tell me, permie job at GCHQ, £30K p.a.

Nope,

The European tentacle of a a large Chinese tech corporation.

suityou01
27th October 2015, 15:12
Nope,

The European tentacle of a a large Chinese tech corporation.

So he got the salary bit right then :D

NibblyPig
27th October 2015, 15:13
http://www.disneyclips.com/imagesnewb/imageslwrakr01/mar235.gif

That site checks the referrer url to display images, which made your post unintentionally more funny

http://imgur.com/ryLix9c.png

suityou01
27th October 2015, 15:14
That site checks the referrer url to display images, which made your post unintentionally more funny

http://imgur.com/ryLix9c.png

It works fine for everyone else which makes your post funnier still. :D

NickFitz
27th October 2015, 15:18
It works fine for everyone else which makes your post funnier still. :D

Broken for me :eyes

MrMarkyMark
27th October 2015, 15:19
It works fine for everyone else which makes your post funnier still.

Errrr, not so well for me either :D

DaveB
27th October 2015, 15:21
Broken for me :eyes


Errrr, not so well for me either :D

WTBS.

Although if I grab the image url from the page properties and load it in a seperate tab, it then appears correctly in the thread. :freaky:

MrMarkyMark
27th October 2015, 15:24
WTBS.

Although if I grab the image url from the page properties and load it in a seperate tab, it then appears correctly in the thread. :freaky:

Usual quality from Suity :eyes

FatLazyContractor
27th October 2015, 15:25
Broken for me :eyes

Same here.

Suity - What are you compiling it in? SQL ? :p

MrMarkyMark
27th October 2015, 15:26
Same here.

Suity - What are you compiling it in? SQL ? :p

Fortran.

DaveB
27th October 2015, 15:32
Fortran.

BASIC. This is Suity after all.

VectraMan
27th October 2015, 15:40
I'm not even sure that would compile. The function try takes one argument. :freaky:

Edit: Unless tbl is an array of function pointers to try. :freaky:

In any case, then the try function will always say the same thing as the printf has a placeholder and no variable so will always print 0?

Eh? tbl is an array of function pointers that take one argument. So that's fine. I guess try is okay in C because it's a keyword in C++.

Is there more to it than 5?

NickFitz
27th October 2015, 15:45
WTBS.

Although if I grab the image url from the page properties and load it in a seperate tab, it then appears correctly in the thread. :freaky:

When it's first requested from within the page, the Referer (TBL's everlasting spelling mistake) header check on the Disney server results in a 403 Forbidden response. Once you've looked at it in another tab, your browser has cached it. Thus it never makes the request after that, it just shows the cached copy.

This also explains why Suity reckons it's working for him, as obviously he had to have looked at it to get the URL to post it, so he's seeing the copy his own browser has cached.

The rest of us are left quoting T S Eliot:


What are the roots that clutch, what branches grow
Out of this stony rubbish? Son of man,
You cannot say, or guess, for you know only
A heap of broken images…

NickFitz
27th October 2015, 15:47
BTW, Suity is correct about the printf in the try function: GCC gives a warning that there are more placeholders than variables. Obviously, i should also be mentioned in that call :nerd

FatLazyContractor
27th October 2015, 15:47
When it's first requested from within the page, the Referer (TBL's everlasting spelling mistake) header check on the Disney server results in a 403 Forbidden response. Once you've looked at it in another tab, your browser has cached it. Thus it never makes the request after that, it just shows the cached copy.

This also explains why Suity reckons it's working for him, as obviously he had to have looked at it to get the URL to post it, so he's seeing the copy his own browser has cached.

The rest of us are left quoting T S Eliot:


What are the roots that clutch, what branches grow
Out of this stony rubbish? Son of man,
You cannot say, or guess, for you know only
A heap of broken images…


:eek

Did you say that you are still on bench ?!!! :suicide:

VectraMan
27th October 2015, 15:56
BTW, Suity is correct about the printf in the try function: GCC gives a warning that there are more placeholders than variables. Obviously, i should also be mentioned in that call :nerd

Won't print 0 though, probably not anyway. It'll print whatever is lurking around the stack as an integer.

DaveB
27th October 2015, 16:02
BTW, Suity is correct about the printf in the try function: GCC gives a warning that there are more placeholders than variables. Obviously, i should also be mentioned in that call :nerd

In the very dim and distant past when I actually coded stuff, I seem to remember that printf will grab the last matching variable off the stack if not told otherwise. So printf(%d) would grab the last integer value from the stack, since that seems to be i as passed to try() then it uses that. Slopping coding but it works.

Of course I could be entirely wonrg / out of date.

NickFitz
27th October 2015, 16:04
I'm also getting a warning at


index = strtol(argv[1], NULL, 10);

"Implicit conversion loses integer precision: 'long' to 'int'"

Maybe they're assuming a 32-bit system? :eyes

NickFitz
27th October 2015, 16:10
:eek

Did you say that you are still on bench ?!!! :suicide:

I haven't sought to leave it yet :D

DaveB
27th October 2015, 16:12
I'm also getting a warning at


index = strtol(argv[1], NULL, 10);

"Implicit conversion loses integer precision: 'long' to 'int'"

Maybe they're assuming a 32-bit system? :eyes

gcc -m32 is targetting it for a 32 bit system isnt it?

sbakoola
27th October 2015, 16:17
It outputs the Steam Key for Samantha Fox Strip Poker, can I have my GCHQ code breaker job now please ?

NickFitz
27th October 2015, 16:39
gcc -m32 is targetting it for a 32 bit system isnt it?

Dunno ¯\_(ツ)_/¯

I went from various assembly languages and Forth directly to JavaScript; I never did anything with C, so I only really know as much of it as I need to work in Objective C. Things like gcc command-line options are not within my ambit :ohwell

As I'm looking at it in Xcode, the warnings will be from clang, so maybe gcc wouldn't mind that bit.

suityou01
27th October 2015, 18:05
Eh? tbl is an array of function pointers that take one argument. So that's fine. I guess try is okay in C because it's a keyword in C++.

Is there more to it than 5?

I may have mentioned that tbl is an array of function pointers in the post before yours. Why not pop over and take a look?

My C coding days are long behind me, so don't judge too harshly.

darmstadt
27th October 2015, 18:17
My C coding days are long behind me, so don't judge too harshly.

Progressed onto D now? :igmc:

suityou01
27th October 2015, 18:25
Progressed onto D now? :igmc:

Seesh harp. :happy

Sysman
27th October 2015, 20:25
I'm also getting a warning at


index = strtol(argv[1], NULL, 10);

"Implicit conversion loses integer precision: 'long' to 'int'"

Maybe they're assuming a 32-bit system? :eyes

That wouldn't surprise me.

I did a course on analysing malware last year and every single research paper presented addressed 32 bit only.

Which I thought somewhat odd.

Jonesgt
28th October 2015, 04:35
Not sure what the rules of the challenge were ...

But I modified the code to:

1) include i in the printf statement in function try
2) changed the <= FTBL_LEN to < FTBL_LEN in the error/boundary check section

Call program with 5 as argument i.e. index=5 to invoke goal function which outputs the same address as the pointer stored in tbl[5].

I'll get my coat ...