源代码 ：

#include 
     
      #include 
      
       #include 
       
        #include 
        
         unsigned char submit[6];void play(){        int i;    printf("Submit your 6 lotto bytes : ");    fflush(stdout);    int r;    r = read(0, submit, 6);    printf("Lotto Start!\n");    //sleep(1);    // generate lotto numbers    int fd = open("/dev/urandom", O_RDONLY);    if(fd==-1){        printf("error. tell admin\n");        exit(-1);    }    unsigned char lotto[6];    if(read(fd, lotto, 6) != 6){        printf("error2. tell admin\n");        exit(-1);    }    for(i=0; i<6; i++){        lotto[i] = (lotto[i] % 45) + 1;        // 1 ~ 45    }    close(fd);        // calculate lotto score    int match = 0, j = 0;    for(i=0; i<6; i++){        for(j=0; j<6; j++){            if(lotto[i] == submit[j]){                match++;            }        }    }    // win!    if(match == 6){        system("/bin/cat flag");    }    else{        printf("bad luck...\n");    }}void help(){    printf("- nLotto Rule -\n");    printf("nlotto is consisted with 6 random natural numbers less than 46\n");    printf("your goal is to match lotto numbers as many as you can\n");    printf("if you win lottery for *1st place*, you will get reward\n");    printf("for more details, follow the link below\n");    printf("http://www.nlotto.co.kr/counsel.do?method=playerGuide#buying_guide01\n\n");    printf("mathematical chance to win this game is known to be 1/8145060.\n");}int main(int argc, char* argv[]){    // menu    unsigned int menu;    while(1){        printf("- Select Menu -\n");        printf("1. Play Lotto\n");        printf("2. Help\n");        printf("3. Exit\n");        scanf("%d", &menu);        switch(menu){            case 1:                play();                break;            case 2:                help();                break;            case 3:                printf("bye\n");                return 0;            default:                printf("invalid menu\n");                break;        }    }    return 0;}
        
       
      
     

关键程序 ：

1  int match = 0, j = 0; 2     for(i=0; i<6; i++){ 3         for(j=0; j<6; j++){ 4             if(lotto[i] == submit[j]){ 5                 match++; 6             } 7         } 8     } 9 10     // win!11     if(match == 6){12         system("/bin/cat flag");13     }

题中让输入的Lotto在1-45范围之内，并且当lotto等于submit的时候，match加1，当match回到6的时候得到flag。而lotto是本地生成的，那么看一下它是怎么生成的：

1 for(i=0; i<6; i++){2         lotto[i] = (lotto[i] % 45) + 1;        // 1 ~ 453     }4     close(fd);

思路是在1-45范围内随机生成。

看一下assic表：

真正符号输入是从33开始的，那我们在这个范围内选择字符输入。

如图选择一个字符一直输入，总能找到相等的字符，达到6个得到flag:

sorry mom... I FORGOT to check duplicate numbers... :(