From f5eb82885e9e6f7310c2570cf6bea02e3d4f49e5 Mon Sep 17 00:00:00 2001 From: Maxime Vorwerk Date: Wed, 5 Jun 2024 18:43:15 +0200 Subject: [PATCH] finally finished stonks --- stonks/data | 11 ++++ stonks/sol.py | 10 ++++ stonks/vuln.c | 148 ++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 169 insertions(+) create mode 100644 stonks/data create mode 100755 stonks/sol.py create mode 100755 stonks/vuln.c diff --git a/stonks/data b/stonks/data new file mode 100644 index 0000000..716616a --- /dev/null +++ b/stonks/data @@ -0,0 +1,11 @@ +0x6f636970 +0x7b465443 +0x306c5f49 +0x345f7435 +0x6d5f6c6c +0x306d5f79 +0x5f79336e +0x35386130 +0x32356533 +0xffc6007d +0xf7fd5af8 diff --git a/stonks/sol.py b/stonks/sol.py new file mode 100755 index 0000000..c1b3e76 --- /dev/null +++ b/stonks/sol.py @@ -0,0 +1,10 @@ +#!/usr/bin/python + +with open("data", 'r') as f: + lines = f.readlines() + for line in lines: + value = int(line.strip(), 16) + for _ in range(4): + print(chr(value%256), end='') + value >>= 8 + diff --git a/stonks/vuln.c b/stonks/vuln.c new file mode 100755 index 0000000..5b385a2 --- /dev/null +++ b/stonks/vuln.c @@ -0,0 +1,148 @@ +#include +#include +#include +#include + +#define FLAG_BUFFER 128 +#define MAX_SYM_LEN 4 + +typedef struct Stonks { + int shares; + char symbol[MAX_SYM_LEN + 1]; + struct Stonks *next; +} Stonk; + +typedef struct Portfolios { + int money; + Stonk *head; +} Portfolio; + +int view_portfolio(Portfolio *p) { + if (!p) { + return 1; + } + printf("\nPortfolio as of "); + fflush(stdout); + system("date"); // TODO: implement this in C + fflush(stdout); + + printf("\n\n"); + Stonk *head = p->head; + if (!head) { + printf("You don't own any stonks!\n"); + } + while (head) { + printf("%d shares of %s\n", head->shares, head->symbol); + head = head->next; + } + return 0; +} + +Stonk *pick_symbol_with_AI(int shares) { + if (shares < 1) { + return NULL; + } + Stonk *stonk = malloc(sizeof(Stonk)); + stonk->shares = shares; + + int AI_symbol_len = (rand() % MAX_SYM_LEN) + 1; + for (int i = 0; i <= MAX_SYM_LEN; i++) { + if (i < AI_symbol_len) { + stonk->symbol[i] = 'A' + (rand() % 26); + } else { + stonk->symbol[i] = '\0'; + } + } + + stonk->next = NULL; + + return stonk; +} + +int buy_stonks(Portfolio *p) { + if (!p) { + return 1; + } + char api_buf[FLAG_BUFFER]; + FILE *f = fopen("api","r"); + if (!f) { + printf("Flag file not found. Contact an admin.\n"); + exit(1); + } + fgets(api_buf, FLAG_BUFFER, f); + + int money = p->money; + int shares = 0; + Stonk *temp = NULL; + printf("Using patented AI algorithms to buy stonks\n"); + while (money > 0) { + shares = (rand() % money) + 1; + temp = pick_symbol_with_AI(shares); + temp->next = p->head; + p->head = temp; + money -= shares; + } + printf("Stonks chosen\n"); + + // TODO: Figure out how to read token from file, for now just ask + + char *user_buf = malloc(300 + 1); + printf("What is your API token?\n"); + scanf("%300s", user_buf); + printf("Buying stonks with token:\n"); + printf(user_buf); + + // TODO: Actually use key to interact with API + + view_portfolio(p); + + return 0; +} + +Portfolio *initialize_portfolio() { + Portfolio *p = malloc(sizeof(Portfolio)); + p->money = (rand() % 2018) + 1; + p->head = NULL; + return p; +} + +void free_portfolio(Portfolio *p) { + Stonk *current = p->head; + Stonk *next = NULL; + while (current) { + next = current->next; + free(current); + current = next; + } + free(p); +} + +int main(int argc, char *argv[]) +{ + setbuf(stdout, NULL); + srand(time(NULL)); + Portfolio *p = initialize_portfolio(); + if (!p) { + printf("Memory failure\n"); + exit(1); + } + + int resp = 0; + + printf("Welcome back to the trading app!\n\n"); + printf("What would you like to do?\n"); + printf("1) Buy some stonks!\n"); + printf("2) View my portfolio\n"); + scanf("%d", &resp); + + if (resp == 1) { + buy_stonks(p); + } else if (resp == 2) { + view_portfolio(p); + } + + free_portfolio(p); + printf("Goodbye!\n"); + + exit(0); +}