# jebidiah-anthony

## Dr. J’s Group Test Randomizer #0

### PART 1 : CHALLENGE DESCRIPTION

``````Dr. J created a fast pseudorandom number generator (prng) to
randomly assign pairs for the upcoming group test. Leaf really wants
to know the pairs ahead of time... can you help him and predict the
next output of Dr. J's prng? Leaf is pretty sure that Dr. J is using
the middle-square method.

nc shell.2019.nactf.com 31425

The server is running the code in class-randomizer-0.c. Look at the
function nextRand() to see how numbers are being generated!
``````

### PART 3 : PROGRAM FLOW

1. A seed is initialized:
``````uint64_t seed = 0;

void init_seed() {
uint64_t r1 = (uint64_t) randombytes_random();
uint64_t r2 = (uint64_t) randombytes_random();
seed = (r1 << 32) + r2;
}
``````

NOTE(S):

1. The generated seed has a maximum value of `0xffffffff`.
2. An actions menu is presented to the user:
``````printf("\nWelcome to Dr. J's Random Number Generator v1! \n"
"[r] Print a new random number \n"
"[g] Guess the next two random numbers and receive the flag! \n"
"[q] Quit \n\n");
``````
1. `[r]` generates a new random number:
``````uint64_t nextRand() {
// Keep the 8 middle digits from 5 to 12 (inclusive) and square.
seed = getDigits(seed, 5, 12);
seed *= seed;
return seed;
}
``````

NOTE(S):

1. The 5th to the 8th digits from the right of the seed is squared.
2. The squared number is now the new seed.
2. `[g]` lets the user guess the next two “random” numbers to get the flag.

3. `[q]` lets the user exit the program.

### PART 4 : GETTING THE FLAG

1. Run the program:
``````\$ nc shell.2019.nactf.com 31425

Welcome to Dr. J's Random Number Generator v1!
[r] Print a new random number
[g] Guess the next two random numbers and receive the flag!
[q] Quit

\$ > r
5339808891408016
\$ > g

Guess the next two random numbers for a flag! You have a 0.0000000000000000000000000000001% chance of guessing both correctly... Good luck!
\$ > 6543052969939600

Wow, lucky guess... You won't be able to guess right a second time.
\$ > 28058134842049

What? You must have psychic powers... Well here's your flag: nactf{1_l0v3_chunky_7urn1p5}
``````

NOTE(S):

1. The vulnerability lies with the fact that the current seed is output as the “random” number generated”
2. That and the fact that the next seed is just the square of 8 middle digits from the current seed.
3. Generating the next “random” numbers using the `python3` console:
``````>>> curr = 5339808891408016
>>> curr = int(str(curr)[-12:-4])**2
>>> curr
6543052969939600
>>> curr = int(str(curr)[-12:-4])**2
>>> curr
28058134842049
``````