49 lines
1.4 KiB
Plaintext
49 lines
1.4 KiB
Plaintext
Welcome to lance1!
|
|
-----
|
|
We have implemented a rudimentary class system in C, but somehow
|
|
our internal logic is missing. So there is this binary which has
|
|
several functions (and none of them are called anywhere). You have
|
|
to figure out, what the functions are doing and insert function
|
|
calls to execute the actions described below. To patch the binary,
|
|
simply put the address of the function to call and it's arguments
|
|
in the patches.yaml file in the following format:
|
|
|
|
```
|
|
- - <func-addr>
|
|
- - <arg 1>
|
|
- <arg 2>
|
|
- <arg 3>
|
|
...
|
|
```
|
|
|
|
Arguments can be addresses or numbers. Afterwards, run patch.py
|
|
which will generate a new binary called `patched` with the new
|
|
calls in it.
|
|
|
|
```
|
|
$ ./patch.py
|
|
$ ./patched
|
|
```
|
|
|
|
To get the flag, call the right functions with the correct
|
|
arguments in the described order and provide the execution hash
|
|
to `get_token`.
|
|
|
|
You should "implement" the following actions:
|
|
|
|
John prints the information about his account. After he
|
|
recognizes that he has not enough money on it, he deposits
|
|
another 25€.
|
|
Felicity transfers some money to Laurel, so that their accounts
|
|
have the exact same balance.
|
|
John, Felicity and Laurel all check (in this order) their
|
|
new balances.
|
|
|
|
The flag is also the password for lance2.
|
|
|
|
|
|
Hints
|
|
-----
|
|
You don't need to reverse the functions updateExecutionHash, printExcHash, argHashToSign, appendArgToSign.
|
|
Just skip calls to them, since they are only needed to check which functions you've called.
|