# two-sum

## Description

> Can you solve this?
>
> What two positive numbers can make this possible: `n1 > n1 + n2 OR n2 > n1 + n2`
>
> Enter them here `nc saturn.picoctf.net 61200`. [Source](https://artifacts.picoctf.net/c/456/flag.c)

## Hints

<details>

<summary>1</summary>

Integer overflow

</details>

<details>

<summary>2</summary>

Not necessarily a math problem

</details>

## Algebra

Of course `n1 > n1 + n2 OR n2 > n1 + n2` is impossible for positive integers `n1` and `n2` so let's look into the `flag.c` source file

First we have a function which adds two integers

```c
static int addIntOvf(int result, int a, int b) {
    result = a + b;
    if(a > 0 && b > 0 && result < 0)
        return -1;
    if(a < 0 && b < 0 && result > 0)
        return -1;
    return 0;
}
```

It returns -1 if `a` and `b` are negative but `a + b` is positive, or `a` and `b` are positive but `a + b` is negative

Then in the main function we have the following if statment which may print the flag

```c
if (scanf("%d", &num1) && scanf("%d", &num2)) {
    printf("You entered %d and %d\n", num1, num2);
    fflush(stdout);
    sum = num1 + num2;
    if (addIntOvf(sum, num1, num2) == 0) {
        printf("No overflow\n");
        fflush(stdout);
        exit(0);
    } else if (addIntOvf(sum, num1, num2) == -1) {
        printf("You have an integer overflow\n");
        fflush(stdout);
    }

    if (num1 > 0 || num2 > 0) {
        flag = fopen("flag.txt","r");
        if(flag == NULL){
            printf("flag not found: please run this on the server\n");
            fflush(stdout);
            exit(0);
        }
        char buf[60];
        fgets(buf, 59, flag);
        printf("YOUR FLAG IS: %s\n", buf);
        fflush(stdout);
        exit(0);
    }
}
```

* Reads in numbers `num1` and `num2` from input and gets the `sum = num1 + num2`
* If `addIntOvf(sum, num1, num2)` is 0, then there is "No overflow" and the program exits
* Otherwise `addIntOvf(sum, num1, num2)` is -1 and there's an integer overflow, so the program continues
* Then the program checks if at least one of `num1` and `num2` are positive, then it will print out the flag for us

So we need `addIntOvf` to return -1 for two positive integers. Of course, this isn't possible with normal integers, but we can try to remedy this with an *integer overflow*

<figure><img src="/files/Ay1xoY4kdg5w9bTgBJvS" alt=""><figcaption></figcaption></figure>

In C, the maximum possible value of an int is 2147483647

We can try passing in 2147483647 and 1, so the sum causes a buffer overflow and the result is negative, which will return -1 for `addIntOvf`

<figure><img src="/files/ymhewlhSQVMsaKWMBJqs" alt=""><figcaption></figcaption></figure>

## Flag

`picoCTF{Tw0_Sum_Integer_Bu773R_0v3rfl0w_ccd078bd}`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://soyabeanboi.gitbook.io/bag-of-flags/2023/picoctf-2023/two-sum.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.