Level 24

Guess the seed

You might want to analyze "random_r.c" from the GLIBC source code.

Binary download

 MD5SUM: 806740475973b1f9a9bcd7fe00c2a3fd
SHA1SUM: d197b8709db1aa4c150ea37d23a861a71cb19739

Code listing (level24.c)

 1 /*
 2 Written by conscon
 3 
 4 
 5 Hint: Analyze random_r.c from GLIBC Source
 6 */
 7 #include <stdlib.h>
 8 #include <unistd.h>
 9 #include <stdio.h>
10 #include <sys/types.h>
11 #include <fcntl.h>
12 #include <signal.h>
13 
14 void alrm(int signo)
15 {
16         printf("Operation timed out\n");
17         exit(EXIT_SUCCESS);
18 }
19 int main()
20 {
21         int fd, i, j,word;
22         int seed,guess;
23         unsigned int rr[31];
24 
25         fd = open("/dev/urandom", O_RDONLY);
26         if(fd < 0) {
27                 perror("/dev/urandom");
28                 exit(EXIT_FAILURE);
29         }
30         alarm(60);
31         signal(SIGALRM, alrm);
32 
33         for(j=0;j<20;j++)
34         {
35 
36                 if(read(fd, &seed, sizeof(unsigned int)) != sizeof(unsigned int)) {
37                         perror("read /dev/urandom");
38                         exit(EXIT_FAILURE);
39                 }
40 
41                 srand(seed);
42 
43                 for(i = 0; i < 29; i++) {
44                         printf(" %d",rand());
45                         if((i%5)==4)printf("\n");
46                 }
47                 printf("\n");
48                 fflush(stdout);
49                 scanf("%d",&guess);
50                 if(guess!=seed) exit(EXIT_FAILURE);
51         }
52 
53         setresgid(getegid(), getegid(), getegid());
54         setresuid(geteuid(),geteuid(), geteuid());
55         execlp("/bin/sh", "sh", NULL);
56 
57         return 0;
58 }