Random security

REV MEDIUM - 452

Description

One of my friends recently learned Java and started teasing all of us for not knowing anything about programming. He made what he called a secure program and challenged us to steal some flag from it. I have no idea where to even start, could you help out?

[Container]

The first thing to notice is that the random generator that was used in the java program was not truly random and so it was a question of finding out how it worked.

Naturally I looked for guidance using google and after surprisingly not many searches, I found this blog https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/

It detailed exactly what the question was asking, how the Math.random() works and how to reverse it with 100% certainty.

The lucky thing was that he even provided his COMPLETE CODE which I borrowed. (https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/)

Extracting and setting up a java project that uses the code he provided I could provide a number from the server as input, find the RNG seed using the functions he provided and guess the next number using that seed.

All in all the code looked like so:

package org.example;
import java.util.Random;

public class App {
    public static void main(String args[]) {
        ReplicatedRandom rr = new ReplicatedRandom();

        String num = "0.1608229152051377"; // string from server

        // Assuming the argument is a string representing a double,
        // replicate the Random that the double was generated from
        if (rr.replicateState(Double.parseDouble(num))) {
            System.out.println(rr.nextDouble());
        }
        return;
    }
}

Feeding the server the output of this program gave the flag.