Toddler's Bottle - random

SCP the code and executable file first:

flora@kali:~$ scp -P 2222 [email protected]:/home/random/random ./
[email protected]'s password: 
random                                        100% 8538    49.5KB/s   00:00    
flora@kali:~$ scp -P 2222 [email protected]:/home/random/random.c ./
[email protected]'s password: 
random.c                                      100%  301     1.8KB/s   00:00

Code:

#include <stdio.h>

int main(){
    unsigned int random;
    random = rand();    // random value!

    unsigned int key=0;
    scanf("%d", &key);

    if( (key ^ random) == 0xdeadbeef ){
        printf("Good!\n");
        system("/bin/cat flag");
        return 0;
    }

    printf("Wrong, maybe you should try 2^32 cases.\n");
    return 0;
}

The program use rand() function to generate random value. Function rand() returns a pseudo-random number. Note the program does not call srand() function before calling rand().

The srand() function sets the starting point for producing a series of pseudo-random integers. If srand() is not called, the rand() seed is set as if srand(1) were called at program start.

If seed is set to 1, the generator is reinitialized to its initial value and produces the same values as before any call to rand or srand.

So in this program, the variable random will always be the same. We can add a line in the code to print the value of random:printf("here is the random number:%d",random); we get the random value 1804289383. Now we can get the key: key = random ^ 0xdeadbeef .

And enter the key: