Abdallah Elshinbary

Abdallah Elshinbary

Malware Analysis & Reverse Engineering Adventures.

Pwnable.kr - random

less than 1 minute read

Challenge description:

Daddy, teach me how to use random value in programming!

#include <stdio.h>

int main(){
	unsigned int random;
	random = rand();	// random value!

	unsigned int key=0;
	scanf("%d", &key);

	if( (key ^ random) == 0xdeadbeef ){
		printf("Good!\n");
		system("/bin/cat flag");
		return 0;
	}

	printf("Wrong, maybe you should try 2^32 cases.\n");
	return 0;
}

This challenge focuses on pseudo-random number generators, the randomness of the generated numbers depends on the seed, different seeds result in different sequence of numbers each time.

The bug in this code is that it uses the default seed each time, which is 1. This will generate the same sequence every time and we can predict the first number in the sequence.

If we compile this code and add printf("%d", random), we get the value 1804289383. This value XORed with 0xdeadbeef will get us -1255736440 which is the key (the unsigned value works as well).

Solution:

random@pwnable:~$ ./random 
-1255736440
Good!
Mommy, I thought libc random is unpredictable...

Flag: Mommy, I thought libc random is unpredictable...