random

{"author": ["ret2basic"]}

Challenge
Daddy, teach me how to use random value in programming!
ssh [email protected] -p2222 (pw:guest)
Source Code
#include <stdio.h>
​
int main(){
        unsigned int random;
        random = rand();        // random value!
​
        unsigned int key=0;
        scanf("%d", &key);
​
        if( (key ^ random) == 0xdeadbeef ){
                printf("Good!\n");
                system("/bin/cat flag");
                return 0;
        }
​
        printf("Wrong, maybe you should try 2^32 cases.\n");
        return 0;
}
​
Solution
Check out the rand(3) man page. It says "if no seed value is provided, the rand() function is automatically seeded with a value of 1". That means a seedless rand() is deterministic. We can run the following code to test our hypothesis:
#include <stdio.h>
​
int main()
{
    int random = rand();
    printf("%i", random);
​
    return 0;
}
The result is always 1804289383 no matter how many times we run this program. To find the key, do the math in a Python shell:
>>> 0xdeadbeef ^ 1804289383
3039230856
Get Flag
Get flag
Exploit
​

passcode

input

Last modified 11mo ago