Random

#include <stdio.h>

int main(){
        unsigned int random;
        random = rand();        // random value!

        unsigned int key=0;
        scanf("%d", &key);

        if( (key ^ random) == 0xcafebabe ){
                printf("Good!\n");
                setregid(getegid(), getegid());
                system("/bin/cat flag");
                return 0;
        }

        printf("Wrong, maybe you should try 2^32 cases.\n");
        return 0;
}

调用一次 rand()，在未调用 srand() 的情况下是可预测的

根据(key ^ random) == 0xcafebabe

可以算出key = random XOR 0xcafebabe

scanf(“%d”, &key);其中%d是输入十进制数

所以我们要查看random的值

image 157.png

key = 0x6b8b4567 XOR 0xcafebabe = 2708864985

image 158.png

image 159.png

就ok了，很简单

Random

#include <stdio.h>

int main(){
    unsigned int random;
    random = rand();        // Generates a random value!

    unsigned int key = 0;
    scanf("%d", &key);

    if ((key ^ random) == 0xcafebabe) {
        printf("Good!\n");
        setregid(getegid(), getegid());
        system("/bin/cat flag");
        return 0;
    }

    printf("Wrong, maybe you should try 2^32 possible values.\n");
    return 0;
}

The rand() function is predictable when called without using the srand() function to initialize the random number generator.

Based on the condition (key ^ random) == 0xcafebabe, we can deduce that key is equal to random XOR 0xcafebabe.

The scanf("%d", &key); statement reads a decimal number from the user as input for the variable key.

So, we need to determine the value of random.

image 157.png

key = 0x6b8b4567 XOR 0xcafebabe = 2708864985

image 158.png

image 159.png

It’s actually quite simple.