diff --git a/pwn/rps/game-redacted.c b/pwn/rps/game-redacted.c new file mode 100644 index 0000000..e29d851 --- /dev/null +++ b/pwn/rps/game-redacted.c @@ -0,0 +1,154 @@ +#include +#include +#include +#include +#include +#include +#include +#include + + +#define WAIT 60 + + + +static const char* flag = "[REDACTED]"; + +char* hands[3] = {"rock", "paper", "scissors"}; +char* loses[3] = {"paper", "scissors", "rock"}; +int wins = 0; + + + +int tgetinput(char *input, unsigned int l) +{ + fd_set input_set; + struct timeval timeout; + int ready_for_reading = 0; + int read_bytes = 0; + + if( l <= 0 ) + { + printf("'l' for tgetinput must be greater than 0\n"); + return -2; + } + + + /* Empty the FD Set */ + FD_ZERO(&input_set ); + /* Listen to the input descriptor */ + FD_SET(STDIN_FILENO, &input_set); + + /* Waiting for some seconds */ + timeout.tv_sec = WAIT; // WAIT seconds + timeout.tv_usec = 0; // 0 milliseconds + + /* Listening for input stream for any activity */ + ready_for_reading = select(1, &input_set, NULL, NULL, &timeout); + /* Here, first parameter is number of FDs in the set, + * second is our FD set for reading, + * third is the FD set in which any write activity needs to updated, + * which is not required in this case. + * Fourth is timeout + */ + + if (ready_for_reading == -1) { + /* Some error has occured in input */ + printf("Unable to read your input\n"); + return -1; + } + + if (ready_for_reading) { + read_bytes = read(0, input, l-1); + if(input[read_bytes-1]=='\n'){ + --read_bytes; + input[read_bytes]='\0'; + } + if(read_bytes==0){ + printf("No data given.\n"); + return -4; + } else { + return 0; + } + } else { + printf("Timed out waiting for user input. Press Ctrl-C to disconnect\n"); + return -3; + } + + return 0; +} + + +bool play () { + char player_turn[100]; + srand(time(0)); + int r; + + printf("Please make your selection (rock/paper/scissors):\n"); + r = tgetinput(player_turn, 100); + // Timeout on user input + if(r == -3) + { + printf("Goodbye!\n"); + exit(0); + } + + int computer_turn = rand() % 3; + printf("You played: %s\n", player_turn); + printf("The computer played: %s\n", hands[computer_turn]); + + if (strstr(player_turn, loses[computer_turn])) { + puts("You win! Play again?"); + return true; + } else { + puts("Seems like you didn't win this time. Play again?"); + return false; + } +} + + +int main () { + char input[3] = {'\0'}; + int command; + int r; + + puts("Welcome challenger to the game of Rock, Paper, Scissors"); + puts("For anyone that beats me 5 times in a row, I will offer up a flag I found"); + puts("Are you ready?"); + + while (true) { + puts("Type '1' to play a game"); + puts("Type '2' to exit the program"); + r = tgetinput(input, 3); + // Timeout on user input + if(r == -3) + { + printf("Goodbye!\n"); + exit(0); + } + + if ((command = strtol(input, NULL, 10)) == 0) { + puts("Please put in a valid number"); + + } else if (command == 1) { + printf("\n\n"); + if (play()) { + wins++; + } else { + wins = 0; + } + + if (wins >= 5) { + puts("Congrats, here's the flag!"); + puts(flag); + } + } else if (command == 2) { + return 0; + } else { + puts("Please type either 1 or 2"); + } + } + + return 0; +} + diff --git a/pwn/rps/solve.py b/pwn/rps/solve.py new file mode 100755 index 0000000..5c7dc49 --- /dev/null +++ b/pwn/rps/solve.py @@ -0,0 +1,34 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i python3 -p python3 python3Packages.pwntools + +import ctypes + +from pwn import * + +player_moves = ["paper", "scissors", "rock"] +# computer_moves = ["rock", "paper", "scissors"] + +libc_path = ctypes.util.find_library("c") +if libc_path is None: + print("Error: could not find libc") + exit(1) +libc = ctypes.CDLL(libc_path) + +ADDR, PORT, *_ = "saturn.picoctf.net 50666".split() + +p = remote(ADDR, PORT) + +x = 0 +for i in range(5): + p.recvuntil(b'Type \'2\' to exit the program') + p.sendline(b'1') + libc.srand(libc.time(None)) + p.recvuntil(b'Please make your selection (rock/paper/scissors)') + choice = libc.rand() % 3 + player_move = player_moves[choice] + p.sendline(player_move.encode()) + print(f'Round {i + 1}') + p.recvuntil(b'You win!') +p.recvuntil(b'Congrats, here\'s the flag!\r\n') +print(p.recvline().decode().strip()) +p.close()