Tech Rain

技術需要雨水滋潤才能成長茁壯

It's Inndy speaking.

某網站小遊戲加密弱點分析

2015/03/30 02:02

某網站小遊戲加密弱點分析

故事是這樣的,某~~(N)~~大~~(T)~~學~~(U)~~的某系之夜弄了一個網站,上面有幾個 JS + canvas 寫的小遊戲,看到小遊戲我怎麼能夠放過不玩~~(弄)~~呢?

先來看看原始 Code

function Encode_orig(t, n) {
    var i = 'abcdefghijklmnopqrstuvwxyz0123456789{:}"!@.$%,&*()_+ABCDEFGHIJKLMNOPQRSTUVWXYZ?',
        o = {},
        e = i.length;
    n %= e, 0 == n && (n = 2);
    for (var r = 0; e > r; r++) o[i[r]] = r;
    for (var …

Continue reading »

SQL Injection 是怎麼發生的

2015/03/29 06:10

SQL Injection 是怎麼發生的?

這篇文章原本是要寫給學校的老師看的,覺得可以拿來資安科普所以就貼到 Blog 吧!

首先,考慮以下 PHP 程式碼

<?php
function login($user, $pass) {
    $sql = "SELECT * FROM `users` WHERE `name` = '$user' AND `password` = SHA1('$pass')";
    $user = query($sql);
    if (count($user) > 0)
        return $user[0];
    else
        return false;
}

$user = login($_POST['user'], $_POST['pass']);
if ($user !== false)
    echo …

Continue reading »

C++動態二維陣列 / Dynmaic 2D Array in C++

2013/03/05 09:59

code

    #include <cstring> // for memcpy
    #define NEW2D(H, W, T) (T **)new2d(H, W, sizeof(T))
    #define CPY2D(TAR, SRC, H, W, T) cpy2d((void**)TAR, (void**)SRC, H, W, sizeof(T))
    #define DEL2D(P) (delete [] P)

    void cpy2d(void** tar, void** src, int h, int w, int size) {
     for …

Continue reading »