 What's up guys, John Hammond here still looking at Pico CTF 2017 So we're moving into the cryptography section of level 2 and this challenge is called so random for 75 points So the prompt here is we found so random dot pie running at shell 2017 dot Pico CTF comm at that port number It seems to be outputting the flag but randomizing all the characters first Is there any way to get the original flag back and that's running Python 2 it says okay? So let's go ahead and get this link here So we can download this Make a directory for us to work in Let's get this source code, and it looks like it is running itself on This netcat connection, so let's connect to that and okay. It gives us the randomized flags Let's take note of that cool, and let's subl to open up sublime text or any text editor that you want to use And let's check out the so random dot Python file Okay, so this is the source code for the for the challenge here looks like it's using the random module and the string module Creating the flag originally from the file on the server, so we don't have that to begin with But we know it should start with flag and that must be why ours starts with that Bnzq here, so we don't need this anymore. Let's turn off like Stop. Thanks So if we were to say flag would equal that originally Let's see what we can do with Reversing this program because it looks like it seeds the random number generator with the random module So when you see the random number generator, it it's the initial value essentially It's like putting up the setting up the program setting up the machine to crunch out random numbers But they're only pseudo random. There is no real notion of a actual random number in computer programs and the hints here kind of points to that so Computers can't really be all that random. So It looks like it is looping through all the characters in the original flag and then rotating them so according to this comments Adding on the encrypted version of the flag based on whether or not it's a character or not so it looks like it is taking a The original old nor ordinal character changing it to a random number that it gets out of the random number generator Mod 26 so it's in the alphabet and putting it back in the base of Where it was in the lower in the alphabet lower case or uppercase getting the ordinal value So this would display something out But if so if I just run this it looks like it's going to run that operation now on the encrypted flag but Since they are seeding the random number generator with a actually constant value like this is a string here This is just random The string the literally the word text random not any number or thing like normally people will try and see to random number generator with The current time because that at least changes every second But that is also insecure and that someone could just okay a line of program to kind of catch up with time once that original program executes and Tinker with that's an attack on pseudo random number generators that use that use time to seed it so since we're seeding with a Constant value that we know we're gonna have the same Random numbers in the same random data output every single time since it's a constant value So if this is what they originally use let's just try and work backwards from what they're trying to do so if they had actually Had this random number added to it. What if we were to remove it? so Let's switch these lines up to not add this random number but subtract it and then if I run this oh boy, okay There is flag right the original text that we expected here and a set of numbers. So this must be it Maybe this is the flag. Let's go ahead and try and submit this submit and Okay, we got it. Awesome challenge done. So what that was doing is just Using this I hate to say algorithm because it's not really an algorithm But looping through that string they originally had this the encrypted version is what we were given So we can take that encrypted version and work backwards by just kind of reverting or negating the operation that they did Adding on random numbers that doesn't matter where or how or in what sequence these random numbers came because we have that Random seed set to the same thing the number sequence will be the same every time. So That will just work out for us Okay, cool. If you guys don't understand that we're definitely going to be working with more Random number generators or pseudo random number generators in later capture the flag competitions I actually I actually even have a challenge of my own that I tried to create where we are seeding a random number generator or a pseudo random number generator with time and we can get around that but This is an easy example of a seeding a random number generator with a constant value So if we know that value then dude, we can just get the exact we can run this code Like execute the same Python script with that same input with that same setup and be done. So that's that Thanks for watching this video guys. Hey, I have to give some love and support to my supporters people They're willing to give me some donations and whatever. I am super grateful for and appreciative on patreon So all of these individuals are phenomenal. This list keeps growing and I am grateful for it And hopefully that will grow a little bit more one dollar a month on patreon We'll give you this little shout out at the end of every video $5 a month on patreon will give you early access to every video that I create before it goes on YouTube and That's that if you want any more incentives, please let me know what other what are the cool things we can do But that's all I've got for right now. Hey, if you did like this video, please do press that like button Maybe leave me a comment if you're willing maybe subscribe And if you really want to support me check me out on patreon or my website www.johnhammon.org. Thanks. See you later