# Random security

<details>

<summary>Description</summary>

One of my *friends* recently learned **Java** and started teasing all of us for not knowing anything about programming. He made what he called a *secure* program and challenged us to steal some flag from it. I have no idea where to even start, could you help out?

\[Container]

</details>

The first thing to notice is that the random generator that was used in the java program was not truly random and so it was a question of finding out how it worked.

Naturally I looked for guidance using google and after surprisingly not many searches, I found this blog <https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/>

It detailed exactly what the question was asking, how the Math.random() works and how to reverse it with 100% certainty.

The lucky thing was that he even provided his COMPLETE CODE which I borrowed. (<https://franklinta.com/2014/08/31/predicting-the-next-math-random-in-java/>)

Extracting and setting up a java project that uses the code he provided I could provide a number from the server as input, find the RNG seed using the functions he provided and guess the next number using that seed.&#x20;

All in all the code looked like so:

```java
package org.example;
import java.util.Random;

public class App {
    public static void main(String args[]) {
        ReplicatedRandom rr = new ReplicatedRandom();

        String num = "0.1608229152051377"; // string from server

        // Assuming the argument is a string representing a double,
        // replicate the Random that the double was generated from
        if (rr.replicateState(Double.parseDouble(num))) {
            System.out.println(rr.nextDouble());
        }
        return;
    }
}
```

Feeding the server the output of this program gave the flag.