toasterbirb's argc

Author:
toasterbirb

Language:
C/C++

Upload:
2025-07-05 20:16

Download

Platform:
Unix/linux etc.

Difficulty:
1.3

Quality:
4.4

Arch:
x86-64

Downloads:
55

Size:
18.17 KB

Writeups:
1

Comments:
8

Description

Something's wrong... I can feel it

Comments (8)
Writeups (1)

You must be logged in to post a comment

Boozy on 2025-07-06 13:57: so in _start u can see the param's thats being passed to main is under going 1(so if x its passed as x/2) so when u pass ./argc x x,u are correct but not correct as in main the first param is being compared to 3(param_1==3) so,u either have to patch so param_1 == 1 or remove the 1.hope it helps :)

Ja4V8s28Ck on 2025-07-06 14:17: @Boozy, You are right the argument count is cut in half during the `cmp`, So './argc deadbeef deadbeef deadbeef deadbeef deadbeef deadbeef' will work, but my question is why is the argument halved, I dont see any line of code that explain this behavior, So did you find any reason??

subham on 2025-07-06 14:31: Help me , I am so confused !! it simply asks for 3 args I did ./argc hello hello doesn't it should be 3 ? Then i patched the je to jmp and still i am stuck at please provide valid args !

Ja4V8s28Ck on 2025-07-06 15:15: @subham, There are 2 ways to solve this 1. Giving the proper number of arguments 2. Patching So if you properly patch, it will definitely work.

Boozy on 2025-07-07 04:36: @Ja48s28Ck it haves the number of arguments becaus in the _start function,the func which calls the main along with the arguments does a right shift by 1 on the first parameter which is basically dividing by 2,the first parameter holds the value of number of arguments entered

mabdelou on 2025-07-20 14:01: as Boozy says. the argc are getting dividing by 2 in _start lable exactly at "10e1: d0 e8 shr al, 1" which means shift al by 1 or in another word dividing by 2. so to solve the issue you need to pass the five or six parameters which will be later dividing by two to be 3 before pass to main function. or you just simply change "d0 e8" from the argc binary in line "10e1" or "10e0" to "04 00" which mean add al, 0 this just overrid the shifting logic and do logic that do nothing. so by that we can now run ./argc 1 1 and it will work just fine. i hope you find my explaining usefull.

chai_homack on 2025-08-02 19:38: [Click to reveal]

Elyrial on 2025-10-05 16:34: Just wanted to test how many arguments i needed, solved it by accident... elyrial@fedora:~/Downloads$ ./argc please try again and make sure to give the correct amount of arguments („ᵕᴗᵕ„) elyrial@fedora:~/Downloads$ ./argc 1 please try again and make sure to give the correct amount of arguments („ᵕᴗᵕ„) elyrial@fedora:~/Downloads$ ./argc 1 1 please try again and make sure to give the correct amount of arguments („ᵕᴗᵕ„) elyrial@fedora:~/Downloads$ ./argc 1 1 1 please try again and make sure to give the correct amount of arguments („ᵕᴗᵕ„) elyrial@fedora:~/Downloads$ ./argc 1 1 1 1 please try again and make sure to give the correct amount of arguments („ᵕᴗᵕ„) elyrial@fedora:~/Downloads$ ./argc 1 1 1 1 1 correct! (˶ᵔ ᵕ ᵔ˶)

Show all spoilers

You must be logged in to submit a writeup

Solution by stefa9 on 2025-12-23 20:43:
spoiler: ⁶🤷⁷

Download

crackmes.one

crackmes.one

toasterbirb's argc