Rev - Random security

Medium | 452 points

Description

Solution

Interaction with server

In this challenge, the server gives us a random number and if we give back a wrong number, it will print "WRONG DOUBLE!!!!!". Also, in the challenge description, the word Java is highlighted which suggest that this challenge has something to do with Java randomization.

A quick google search reveals that Java's random is just a linear congruential generator which can be easily cracked. Rather than reinventing the wheel, I will use the code from this Github page: https://github.com/fta2012/ReplicatedRandom

The modified Java code:

import java.util.Random;

public class ReplicatedRandomTest {
    public static void main(String args[]) {
        Random r = new Random();
        ReplicatedRandom rr = new ReplicatedRandom();
        rr.replicateState(Double.parseDouble("0.9326890248362221"));
        for (int j = 0; j < 10; j++)
            System.out.println(rr.nextDouble());
        System.out.println();
    }
}

The code will predict the next 10 doubles but we will only need the first one.

Predicted number

Flag: bucket{RaNd0m_nUmb3r5_53cur3_d24d8c961}

Last updated