Binary 1: C Integer Range Limitations
In the first program, accumulator.c, we are looking at an int variable ('n') being assigned to user's input, but it only allows us to have access to the (secret) flag if the variable is negative. The problem is that it doesn't let us enter negative values. If we enter a "too high" value, it also fails to give us the flag.
The secret I found here was to understand the limits of signed integers in a C program. As you can see in the table below, the maximum range in which an signed integer can go is 2147483647. If we enter that value, and then add one to it, the variable will go out of range causing the program to give us the minimum value of int, which is –2147483647 –1 and that will be placed into the variable giving us the flag.
Binary 2: Buffer Overflow in 'gets()' function
In this challenge we have to use a disassembler (such as gdb or objdump) to see which functions are used in the program to give/retrieve data. After a little time examining the main() function, we can see that the C program is retrieving data using the gets() function instead of fgets(). By doing a little Google search, it appears to be a common issue which leads to a buffer overflow.
By running a one liner in python we are overflowing the buffer with 500 A's, causing a segmentation fault; and because gets() does not check for bounds in the buffer, it simply gives us all the data available in the array, including the flag.
There is a simple fix for this. By using fgets() to read data, instead of gets().
I hope you enjoyed this video and learned a few things just like I did. Cheers!