- category : crypto
- points : 290
nc ctfchallenges.ritsec.club 8001
Let’s connect to the server:
$ nc ctfchallenges.ritsec.club 8001
The first thing I thought was that the random numbers were related by some
operations modulo 67 because
ord('C') = 67.
After at least 10 minutes of trying different tricks on the modulo operation
I gave up and I started reading about random generator and possible attacks
The most used random generator (not cryptographically secure) is
This is not secure because there are two possible and relatively easy
attack on it:
- If the time is used as the seed of the algorithm, then we can try to
bruteforce the seed. Ex: Try to set as the seed :
time + 1, time + 2,..., time + nuntil the output of the algorithm is
the same as the one in the server.
- We can clone the state of the
PRNGif we have
because the algorithm is linear and can be
I tried both of the attack but they didn’t work. The second was less probable
of working because we didn’t have 624 sequencial output, so I couldn’t clone it.
After some time I got the idea to see how the
rand() function is implemented
Are you starting to ‘C’ a pattern?
I found various links on stackoverflow/stackexchange and I have seen
the actual implementation on my machine. It wasn’t in the end very useful,
however I learnt something new.
The only thing we have to do at this point, is to try the attack
So I connected to the server and I save the random numbers in an array (
then I tried to bruteforce the seed starting from
$ gcc finder.c -o finder
Oh yeah we found it. We could do this operation manually and win the challenge,
but manual solutions are bad, so we can script an automatic
solution to the problem.