📖
CTF Wiki
  • 🚩Arne's CTF Writeups!
  • 2025
    • TUCTF
      • Forensics - Security Rocks
    • San Diego CTF
      • Crypto - RustSA
      • Misc - Triglot
  • 2024
    • Lexington CTF
      • Misc - a little bit of tomcroppery
    • Imaginary CTF
      • Web - Journal
    • Space Heroes CTF
      • Web - Antikythera
    • HTB Cyber Apocalypse
      • Pwn - Sound of Silence
      • Misc - MultiDigilingual
  • 2023
    • NahamConCTF
      • Mobile - Red Light Green Light
    • BucketCTF
      • Rev - Schematic
      • Rev - Random security
    • HTB Cyber Apocalypse
      • Rev - Cave System
      • Rev - Somewhat Linear
      • Pwn - Void
  • 2022
    • DownUnderCTF 2022
      • Cloud - Jimmy Builds a Kite
    • Ã¥ngstromCTF 2022
      • Pwn - really obnoxious problem
      • Pwn - whatsmyname
    • Engineer CTF
      • Misc - Not really random
      • Misc - Broken Pieces
    • KnightCTF 2022
    • HTB CTF: Dirty Money
      • Forensics - Perseverance
  • 2021
    • MetaCTF CyberGames 2021
    • HTB - Cyber Santa
      • RE - Infiltration
    • Securebug CTF Thor 2021
      • Web - Tricks 1
      • Web - Tricks 2
      • RE - Hidden in Plain Sight
    • TFC CTF 2021
      • RE - Crackity
      • Pwn - Jumpy
      • Misc - Weird Friend
    • K3RN3L CTF 2021
      • Crypto - Pascal RSA
    • DamCTF 2021
      • Misc - library-of-babel
      • Pwn - cookie-monster
    • Killer Queen CTF 2021
      • Pwn - Tweety Birb
      • Forensics - Tippy Tappies
      • Pwn - I want to break free
    • BuckeyeCTF 2021
      • Web - pay2win
      • Misc - USB Exfiltration
Powered by GitBook
On this page
  • Description
  • Solution
  1. 2023
  2. BucketCTF

Rev - Random security

Medium | 452 points

Last updated 2 years ago

Description

Solution

In this challenge, the server gives us a random number and if we give back a wrong number, it will print "WRONG DOUBLE!!!!!". Also, in the challenge description, the word Java is highlighted which suggest that this challenge has something to do with Java randomization.

A quick google search reveals that Java's random is just a linear congruential generator which can be easily cracked. Rather than reinventing the wheel, I will use the code from this Github page: https://github.com/fta2012/ReplicatedRandom

The modified Java code:

import java.util.Random;

public class ReplicatedRandomTest {
    public static void main(String args[]) {
        Random r = new Random();
        ReplicatedRandom rr = new ReplicatedRandom();
        rr.replicateState(Double.parseDouble("0.9326890248362221"));
        for (int j = 0; j < 10; j++)
            System.out.println(rr.nextDouble());
        System.out.println();
    }
}

The code will predict the next 10 doubles but we will only need the first one.

Flag: bucket{RaNd0m_nUmb3r5_53cur3_d24d8c961}

Interaction with server
Predicted number