[英]wrong user and password in C code reverse engineering
I have this piece of code from a binary file that asks for user and password, I managed to find the user "mari" and the password "luig" but it says wrong userName here is the code:我从一个二进制文件中获得了这段代码,它要求输入用户名和密码,我设法找到了用户“mari”和密码“luig”,但它说用户名错误,这里是代码:
undefined8 main(void)
{
int iVar1;
undefined4 local_96;
undefined2 local_92;
undefined local_90;
undefined4 local_8f;
undefined2 local_8b;
undefined local_89;
char local_88 [64];
char local_48 [64];
local_8f = 0x6769756c;
local_8b = 0x3169;
local_89 = 0;
local_96 = 0x6972616d;
local_92 = 0x316f;
local_90 = 0;
printf("enter username :");
__isoc99_scanf(&DAT_00102019,local_48);
iVar1 = strcmp(local_48,(char *)&local_96);
if (iVar1 == 0) {
printf("enter password :");
__isoc99_scanf(&DAT_00102019,local_88);
iVar1 = strcmp(local_88,(char *)&local_8f);
if (iVar1 == 0) {
printf("welldone use it to submit the flag :D");
}
else {
printf("wrong password");
}
}
else {
printf("wrong username");
}
return 0;
}
why "mari" as user and "luig" as password doesn't work?为什么“mari”作为用户而“luig”作为密码不起作用?
The user name and password to compare with are stored in integer variables as hex:要比较的用户名和密码以十六进制形式存储在 integer 变量中:
local_8f = 0x6769756c; // 4 byte variable: g i u l
local_8b = 0x3169; // 2 byte variable: 1 i
local_89 = 0; // 1 byte variable: \0
local_96 = 0x6972616d; // 4 byte variable: i r a m
local_92 = 0x316f; // 2 byte variable: 1 o
local_90 = 0; // 1 byte variable: \0
These variables are stored in memory with the bytes reversed.这些变量存储在 memory 中,字节反转。
So variable local_8f
when interpreted as a string in memory, actually reads luigi1\0
and variable local_96
when interpreted as a string in memory, actually reads mario1\0
.因此,变量
local_8f
在 memory 中解释为字符串时,实际上读取luigi1\0
,而变量local_96
在 memory 中解释为字符串时,实际上读取mario1\0
。 And those are the uid/pwd you must enter.这些是您必须输入的 uid/pwd。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.