The solution of this challenge is quite simple as you will be given all the information in the code from where we will have to get the password. We will need to use XOR operations to find out what is the password for this code.


code#

code for this challenge is given below:

$ cat random.c  
#include <stdio.h>

int main(){
	unsigned int random;
	random = rand();	// random value!

	unsigned int key=0;
	scanf("%d", &key);

	if( (key ^ random) == 0xdeadbeef ){
		printf("Good!\n");
		system("/bin/cat flag");
		return 0;
	}

	printf("Wrong, maybe you should try 2^32 cases.\n");
	return 0;
}

Here we can see that there is a rendom value generated by the rand() funcation. But interestingly in the comment we can see a suspecious “!”. We should observe the value generated by the rand() function and see what is does. To do that, we just added a printf.

printf("random is: %x\n", random);

We have made a copy of the original file and changed to view the content. If we run it we get the below:

$ ./t_random         
random is: 6b8b4567
^C
$ ./t_random
random is: 6b8b4567
^C
$ ./t_random
random is: 6b8b4567
^C

Interestingly if we run the code multiple times we get the same value. So the rand()function is not so random! Now if we convert the hex output to binary we get:

0x6b8b4567 => 01101011100010110100010101100111

And if we convert 0xdeadbeef(as seen in the source code) to binary we get:

0xdeadbeef => 11011110101011011011111011101111

Now if we perform the xor operation we should get our result bacause this is how XOR works. The answer we get is

10110101001001101111101110001000 => 3039230856

If we now put this value as input, we will get the flag.

random@pwnable:~$ ./random 
3039230856
Good!
Mommy, I thought libc <snipped>