Hi,

The picoCTF 2019 "flag shop" challenge is almost identical to the picoCTF 2018 "store" challenge.
Using the diff command I wanted to display the differences between the 2018 challenge and the 2019 challenge. The diff command shows us that most of the differences are cosmetic (changing the wording of various sentences). There is only one "real" difference between the two challenges: In the 2018 challenge, fake flags cost 1000 each, while in the 2019 challenge fake flags cost 900 each.

This is essentially a "integer overflow" challenge, where we need to provide input that will cause an overflow of fake_flag_price * number_flags in order to make total_cost negative. The change in the flag price throws off our math from the 2018 writeup.

When fake_flag_price was 1000, we could use 2222222 as the number of flags to overflow total_cost:

#include <stdio.h>

int main()
{
    int number_flags = 2222222;
    int total_cost = 1000 * number_flags;
    printf("%d", total_cost); // Output is: -2072745296 (negative, like we wanted)

    return 0;
}

But look what happens if we change the price to 900 and stick to 2222222 as the number of flags:

#include <stdio.h>

int main()
{
    int number_flags = 2222222;
    int total_cost = 1000 * number_flags;
    printf("%d", total_cost); // Output is: 1999999800 (positive - not good for us)

    return 0;
}

So, we must adjust the number of flags to the price of the flag to cause the overflow:

#include <stdio.h>

int main()
{
    int number_flags = 3333333;
    int total_cost = 900 * number_flags;
    printf("%d", total_cost); // Output is -1294967596 (back to negative)

    return 0;
}

In general, instead of following the 2019 writeup, one can just follow the 2018 writeup which is self-contained. The principal is the same.