random
{"author": ["ret2basic"]}
Challenge
Daddy, teach me how to use random value in programming!
ssh random@pwnable.kr -p2222 (pw:guest)
Source Code
#include <stdio.h>
int main(){
unsigned int random;
random = rand(); // random value!
unsigned int key=0;
scanf("%d", &key);
if( (key ^ random) == 0xdeadbeef ){
printf("Good!\n");
system("/bin/cat flag");
return 0;
}
printf("Wrong, maybe you should try 2^32 cases.\n");
return 0;
}
Solution
Check out the rand(3) man page. It says "if no seed value is provided, the rand() function is automatically seeded with a value of 1". That means a seedless rand()
is deterministic. We can run the following code to test our hypothesis:
#include <stdio.h>
int main()
{
int random = rand();
printf("%i", random);
return 0;
}
The result is always 1804289383
no matter how many times we run this program. To find the key, do the math in a Python shell:
>>> 0xdeadbeef ^ 1804289383
3039230856
Get Flag

Exploit
Last updated