Pwnable.kr - blackjack

Challenge description:

Hey! check out this C implementation of blackjack game! I found it online

* http://cboard.cprogramming.com/c-programming/114023-simple-blackjack-program.html

I like to give my flags to millionares. how much money you got?

In this challenge we have a simple blackjack game source code and we have to find a bug in it that will make us millionares :)

The game is simple, you enter a bet and if you win you get the bet, otherwise you pay it.

After looking at the source code, I noticed something interesting:

int betting() //Asks user amount to bet
{
    printf("\n\nEnter Bet: $");
    scanf("%d", &bet);

    if (bet > cash) //If player tries to bet more money than player has
    {
        printf("\nYou cannot bet more money than you have.");
        printf("\nEnter Bet: ");
        scanf("%d", &bet);
        return bet;
    }
    else return bet;
} // End Function

The function checks if the bet is less than the player’s cash (which is 500$ at the beginning), there’s two solutions here to be a millionare:

1. we can enter million twice and win the game (it checks bet value only once).

2. we can enter negative million and lose the game.

As losing is much easier than winning, we will go for the second option.

Solution:

Cash: $500
-------
|H    |
|  4  |
|    H|
-------

Your Total is 4

The Dealer Has a Total of 4

Enter Bet: $-1000000

YaY_I_AM_A_MILLIONARE_LOL

Cash: $1000500
-------
|C    |
|  2  |
|    C|
-------

Your Total is 2

The Dealer Has a Total of 2

Flag: YaY_I_AM_A_MILLIONARE_LOL