random

  • source code

    #include <stdio.h>
#include <stdlib.h>
int main(){
    unsigned int random;
    random = rand();    // random value!

    unsigned int key=0;
    scanf("%d", &key);

    if( (key ^ random) == 0xdeadbeef ){
        printf("Good!\n");
        system("/bin/cat flag");
        return 0;
    }

    printf("Wrong, maybe you should try 2^32 cases.\n");
    return 0;
}
  • (key ^ random) == 0xdeadbeefkeyrandom做XOR運算,若等於0xdeadbeef則得到flag
    • 因此key就等於0xdeadbeefXORrandom
  • 那麼random是多少呢?
    • 由於沒有使用seed,因此產生出來的亂數都會是相同的
  • 將random.c檔複製到/tmp底下並加上printf("random: %d\n", random);以查看random值
    random@ubuntu:/tmp$ gcc random.c
random@ubuntu:/tmp$ ./a.out
random = 1804289383
  • 最後計算key值:
    • 0xdeadbeef = 3735928559
    • 3735928559XOR1804289383= 3039230856
random@ubuntu:~$ ./random
3039230856
Good!
Mommy, I thought libc random is unpredictable...

results matching ""

    No results matching ""