edit: i was told to post the text of the code so here it is:
int local_24;
int local_20;
int local_1c;
void **fourStrings;
giveUp = 0;
fourStrings = store_strings(param_1,&giveUp);
scanFresult = __isoc99_sscanf(*fourStrings,&DAT_0010324d,&local_1c);
if (scanFresult != 1) {
avoid();
}
scanFresult = __isoc99_sscanf(fourStrings[1],&DAT_00103090,&local_20);
if (scanFresult != 1) {
avoid();
}
scanFresult = __isoc99_sscanf(fourStrings[2],&DAT_00103251,&local_24);
if (scanFresult != 1) {
avoid();
}
local_14 = func_1221((char *)fourStrings[3]);
if (local_14 local_1c local_20 local_24 != 0x7264) {
avoid();
}
And here is the function call to store_strings:
void **ppvVar1;
int iVar2;
void *pvVar3;
undefined8 uVar4;
char local_228 [520];
void **local_20;
local_20 = (void **)malloc(0x20);
pvVar3 = malloc(0x80);
*local_20 = pvVar3;
ppvVar1 = local_20 1;
pvVar3 = malloc(0x80);
*ppvVar1 = pvVar3;
ppvVar1 = local_20 2;
pvVar3 = malloc(0x80);
*ppvVar1 = pvVar3;
ppvVar1 = local_20 3;
pvVar3 = malloc(0x80);
*ppvVar1 = pvVar3;
memset(local_228,0,0x200);
fgets(local_228,0x1ff,param_1);
iVar2 = __isoc99_sscanf(local_228," %s %s %s %s",*local_20,local_20[1],local_20[2],local_20[3]);
func1221:
uint func_1221(char *param_1)
{
size_t sVar1;
uint local_10;
uint local_c;
local_c = 0;
sVar1 = strlen(param_1);
for (local_10 = 0; local_10 < (uint)sVar1; local_10 = local_10 1) {
if (param_1[(int)local_10] == '1') {
local_c = local_c | 1 << (((char)sVar1 - (char)local_10) - 1U & 0x1f);
}
else if (param_1[(int)local_10] != '0') {
explode();
}
}
return local_c;
}
My task is to provide an input which avoids the function call to avoid(). My understanding of it is that i have a **fourstrings containing four inputted strings. the sscanf converts these strings to ints and stores them in the local variables. At the end these variables are added up and are checked to see if they add up to the decimal value of 0x7264.
However, i provided the ints (or i guess strings that are converted to ints) that add up to 29284 and somewhere along the away the avoid() function gets called.
CodePudding user response:
We don't know what the format strings are but you are telling us that we are reading 4 words and converting them to integers. The 4th string is converted infunc_1221()
from a string of 0
and 1
characters to the corresponding value reversed. As the sum of the 4 must must be 0x7264 which is 0x0111001001100100 so this input should do the trick:
0 0 0 0010011001001110