- random

less than 1 minute read

Challenge description:

Daddy, teach me how to use random value in programming!

#include <stdio.h>

int main(){
	unsigned int random;
	random = rand();	// random value!

	unsigned int key=0;
	scanf("%d", &key);

	if( (key ^ random) == 0xdeadbeef ){
		system("/bin/cat flag");
		return 0;

	printf("Wrong, maybe you should try 2^32 cases.\n");
	return 0;

This challenge focuses on pseudo-random number generators, the randomness of the generated numbers depends on the seed, different seeds result in different sequence of numbers each time.

The bug in this code is that it uses the default seed each time, which is 1. This will generate the same sequence every time and we can predict the first number in the sequence.

If we compile this code and add printf("%d", random), we get the value 1804289383. This value XORed with 0xdeadbeef will get us -1255736440 which is the key (the unsigned value works as well).


random@pwnable:~$ ./random 
Mommy, I thought libc random is unpredictable...

Flag: Mommy, I thought libc random is unpredictable...