📖
CTF Wiki
  • 🚩Arne's CTF Writeups!
  • 2025
    • TUCTF
      • Forensics - Security Rocks
  • 2024
    • Lexington CTF
      • Misc - a little bit of tomcroppery
    • Imaginary CTF
      • Web - Journal
    • Space Heroes CTF
      • Web - Antikythera
    • HTB Cyber Apocalypse
      • Pwn - Sound of Silence
      • Misc - MultiDigilingual
  • 2023
    • NahamConCTF
      • Mobile - Red Light Green Light
    • BucketCTF
      • Rev - Schematic
      • Rev - Random security
    • HTB Cyber Apocalypse
      • Rev - Cave System
      • Rev - Somewhat Linear
      • Pwn - Void
  • 2022
    • DownUnderCTF 2022
      • Cloud - Jimmy Builds a Kite
    • Ã¥ngstromCTF 2022
      • Pwn - really obnoxious problem
      • Pwn - whatsmyname
    • Engineer CTF
      • Misc - Not really random
      • Misc - Broken Pieces
    • KnightCTF 2022
    • HTB CTF: Dirty Money
      • Forensics - Perseverance
  • 2021
    • MetaCTF CyberGames 2021
    • HTB - Cyber Santa
      • RE - Infiltration
    • Securebug CTF Thor 2021
      • Web - Tricks 1
      • Web - Tricks 2
      • RE - Hidden in Plain Sight
    • TFC CTF 2021
      • RE - Crackity
      • Pwn - Jumpy
      • Misc - Weird Friend
    • K3RN3L CTF 2021
      • Crypto - Pascal RSA
    • DamCTF 2021
      • Misc - library-of-babel
      • Pwn - cookie-monster
    • Killer Queen CTF 2021
      • Pwn - Tweety Birb
      • Forensics - Tippy Tappies
      • Pwn - I want to break free
    • BuckeyeCTF 2021
      • Web - pay2win
      • Misc - USB Exfiltration
Powered by GitBook
On this page
  • Description
  • Solution
  1. 2023
  2. BucketCTF

Rev - Random security

Medium | 452 points

Last updated 2 years ago

Description

Solution

In this challenge, the server gives us a random number and if we give back a wrong number, it will print "WRONG DOUBLE!!!!!". Also, in the challenge description, the word Java is highlighted which suggest that this challenge has something to do with Java randomization.

The modified Java code:

import java.util.Random;

public class ReplicatedRandomTest {
    public static void main(String args[]) {
        Random r = new Random();
        ReplicatedRandom rr = new ReplicatedRandom();
        rr.replicateState(Double.parseDouble("0.9326890248362221"));
        for (int j = 0; j < 10; j++)
            System.out.println(rr.nextDouble());
        System.out.println();
    }
}

The code will predict the next 10 doubles but we will only need the first one.

Flag: bucket{RaNd0m_nUmb3r5_53cur3_d24d8c961}

A quick google search reveals that Java's random is just a linear congruential generator which can be easily cracked. Rather than reinventing the wheel, I will use the code from this Github page:

https://github.com/fta2012/ReplicatedRandom
Interaction with server
Predicted number