# c - Given password validation code, how do i reverse engineer the password

The C code that validates a password:

``bool check(const char *password){int val=1,pospassword=0,posletters;int primes [] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101};char letters []= "abcdefghijklmnopqrstuvwxyz";do {posletters=0;do {if (password[pospassword]==letteres[posletters])val*=primes[posletters];} while(++posletters<26);} while (password[++pospassword]!='\0');if (val==1066849907)return true;return false;}``

Is there a way to reverse engineer the password from this code?

EDIT: The factors for that number are: 2237 and 476911. This is the problem since they are not found in the first 26 primes.

It just multiplies together numbers matching characters in the password, the order doesn't matter, so all you need is to factor the number. This is complicated by the fact that val is a 32-bit value so multiplications can overflow. In this case that happens 16527 times for the simplest matching password. To solve the puzzle you need to use 64-bit integers to brute-force the number of overflows and try factoring each option. Simply trying all lowercase strings would also work, the password has only 9 letters.

What this code seems to do is match a password regardless of the order in which it appears. For example, if my password was "BugsBunny" it will accept "BBgnsuuy". You can obtain this, but not the original order.

The method will always return false, since the variable "val" will never have the value 1066849907 because 2237 and 476911 (the primes which multiplied give this value) are not in the primes array.
So either there is no valid password either there is a mistake in the code and there should've been a different number than 1066849907.
Anyway, a highly ineffective and insecure way to verify a password. It ignores all uppercase letters from "password", all digits and special chars and does not take into account the position of a character within the password string.
For example if the last condition would've been

``````if (val == 30)
``````

then all of the following would have passed as valid passwords: "abc", "acb", "bac", "bca", "cab", "cba", "123aSOMEcCHARSbHERE!\$#"...
Basically as long as the number which is compared against "val" can be divided as a product of prime numbers from the primes array there's an infinite number of strings which would pass as valid passwords.