Skip to content

Latest commit

 

History

History
132 lines (109 loc) · 2.83 KB

lotto.md

File metadata and controls

132 lines (109 loc) · 2.83 KB

lotto

The home folder of this challenge contains the following:

lotto@ubuntu:~$ ls -l
total 24
-r--r----- 1 lotto_pwn root     55 Feb 18  2015 flag
-r-sr-x--- 1 lotto_pwn lotto 13081 Feb 18  2015 lotto
-r--r--r-- 1 root      root   1713 Feb 18  2015 lotto.c

lotto.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <fcntl.h>

unsigned char submit[6];

void play(){

	int i;
	printf("Submit your 6 lotto bytes : ");
	fflush(stdout);

	int r;
	r = read(0, submit, 6);

	printf("Lotto Start!\n");
	//sleep(1);

	// generate lotto numbers
	int fd = open("/dev/urandom", O_RDONLY);
	if(fd==-1){
		printf("error. tell admin\n");
		exit(-1);
	}
	unsigned char lotto[6];
	if(read(fd, lotto, 6) != 6){
		printf("error2. tell admin\n");
		exit(-1);
	}
	for(i=0; i<6; i++){
		lotto[i] = (lotto[i] % 45) + 1;		// 1 ~ 45
	}
	close(fd);

	// calculate lotto score
	int match = 0, j = 0;
	for(i=0; i<6; i++){
		for(j=0; j<6; j++){
			if(lotto[i] == submit[j]){
				match++;
			}
		}
	}

	// win!
	if(match == 6){
		system("/bin/cat flag");
	}
	else{
		printf("bad luck...\n");
	}

}

void help(){
	printf("- nLotto Rule -\n");
	printf("nlotto is consisted with 6 random natural numbers less than 46\n");
	printf("your goal is to match lotto numbers as many as you can\n");
	printf("if you win lottery for *1st place*, you will get reward\n");
	printf("for more details, follow the link below\n");
	printf("http://www.nlotto.co.kr/counsel.do?method=playerGuide#buying_guide01\n\n");
	printf("mathematical chance to win this game is known to be 1/8145060.\n");
}

int main(int argc, char* argv[]){

	// menu
	unsigned int menu;

	while(1){

		printf("- Select Menu -\n");
		printf("1. Play Lotto\n");
		printf("2. Help\n");
		printf("3. Exit\n");

		scanf("%d", &menu);

		switch(menu){
			case 1:
				play();
				break;
			case 2:
				help();
				break;
			case 3:
				printf("bye\n");
				return 0;
			default:
				printf("invalid menu\n");
				break;
		}
	}
	return 0;
}

The mistake that the programmer has made, is that it allows duplicate numbers to be entered as input. When the logic calculates the score, every number from the random pool will be matched against every number from the input. Therefore if we use six identical numbers as input, and one of the numbers from the random pool matches the input numbers, the score will be six and we will obtain the flag. This decreases the chance of winning drastically.

The input bytes needs to be between 1 and 45, because the numbers from the random pool will be n mod 45 + 1. I chose the ASCII character !, which is 33 in decimal representation.

It will take a couple of tries to get the flag.

- Select Menu -
1. Play Lotto
2. Help
3. Exit
1
Submit your 6 lotto bytes : !!!!!!
Lotto Start!
sorry mom... I FORGOT to check duplicate numbers... :(
- Select Menu -
1. Play Lotto
2. Help
3. Exit