Christian Leipold/ November 11, 2021/ IT-Security, Write-Ups/ 0Kommentare

DamCTF 2021

rev/seed

m0x

Having a non-weak seed when generating "random" numbers is super important! Can you figure out what is wrong with this PRNG implementation?

seed.py is the Python script used to generate the flag for this challenge. log.txt is the output from the script when the flag was generated.

What is the flag?

Downloads

  • log.txt
  • seed.py

Given was a python script and the output of a former run of the script.
In the script they used a bad seed created out of a timestamp.

So I´ve changed the script in that matter that we just start with the - at that time - current timestamp and reduced it by one in every run. Easy flag

log.txt
......
Incorrect: 0.634796664570664
seed: 1634187293
Incorrect: 0.9893940925427723
seed: 1634187292
Incorrect: 0.5955236723970216
seed: 1634187291
Incorrect: 0.6496954518690957
seed: 1634187290
Incorrect: 0.8396432199195882
seed: 1634187289
Incorrect: 0.01154593767678569
seed: 1634187288
Incorrect: 0.8751160035349498
seed: 1634187287
Good job <3

Here is what I´ve changed in the original script (my new seed() function).

se = 1636175804
def seed():
#    return round(time.time())
     global se
     se = se – 1
     return se

About 30 secs later, the script was at the correct timestamp and wrote the flag in a file.

dam{f6f73f022249b67e0ff840c8635d95812bbb5437170464863eda8ba2b9ff3ebf}

Share this Post

Hinterlasse einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

*
*