# pwnable.kr -> random

The solution of this challenge is quite simple as you will be given all the information in the code from where we will have to get the password. We will need to use XOR operations to find out what is the password for this code.

# code

code for this challenge is given below:

```
$ cat random.c
#include <stdio.h>
int main(){
unsigned int random;
random = rand(); // random value!
unsigned int key=0;
scanf("%d", &key);
if( (key ^ random) == 0xdeadbeef ){
printf("Good!\n");
system("/bin/cat flag");
return 0;
}
printf("Wrong, maybe you should try 2^32 cases.\n");
return 0;
}
```

Here we can see that there is a rendom value generated by the `rand()`

funcation. But interestingly in the comment we can see a suspecious “!”. We should observe the value generated by the `rand()`

function and see what is does. To do that, we just added a `printf`

.

```
printf("random is: %x\n", random);
```

We have made a copy of the original file and changed to view the content. If we run it we get the below:

```
$ ./t_random
random is: 6b8b4567
^C
$ ./t_random
random is: 6b8b4567
^C
$ ./t_random
random is: 6b8b4567
^C
```

Interestingly if we run the code multiple times we get the same value. So the `rand()`

function is not so random!
Now if we convert the hex output to binary we get:

```
0x6b8b4567 => 01101011100010110100010101100111
```

And if we convert `0xdeadbeef`

(as seen in the source code) to binary we get:

```
0xdeadbeef => 11011110101011011011111011101111
```

Now if we perform the xor operation we should get our result bacause this is how XOR works. The answer we get is

```
10110101001001101111101110001000 => 3039230856
```

If we now put this value as input, we will get the flag.

```
random@pwnable:~$ ./random
3039230856
Good!
Mommy, I thought libc <snipped>
```