random

{"author": ["ret2basic"]}

Challenge

Daddy, teach me how to use random value in programming!

ssh random@pwnable.kr -p2222 (pw:guest)

Source Code

#include <stdio.h>

int main(){
        unsigned int random;
        random = rand();        // random value!

        unsigned int key=0;
        scanf("%d", &key);

        if( (key ^ random) == 0xdeadbeef ){
                printf("Good!\n");
                system("/bin/cat flag");
                return 0;
        }

        printf("Wrong, maybe you should try 2^32 cases.\n");
        return 0;
}

Solution

Check out the rand(3) man page. It says "if no seed value is provided, the rand() function is automatically seeded with a value of 1". That means a seedless rand() is deterministic. We can run the following code to test our hypothesis:

#include <stdio.h>

int main()
{
    int random = rand();
    printf("%i", random);

    return 0;
}

The result is always 1804289383 no matter how many times we run this program. To find the key, do the math in a Python shell:

>>> 0xdeadbeef ^ 1804289383
3039230856

Get Flag

Get flag

Exploit