# Randomito

### Énoncé

Pourrez-vous deviner le secret aléatoire généré ?

[randomyto.py](https://onosh.github.io/ctf/fcsc2020/download/randomyto.py)

### Analyse du script <a href="#analyse-du-script" id="analyse-du-script"></a>

```
#!/usr/local/bin/python2

import sys
import signal
from random import randint

# Time allowed to answer (seconds)
DELAY = 10

def handler(signum, frame):
   raise Exception("Time is up!\n")

def p(s):
    sys.stdout.write(s)
    sys.stdout.flush()

def challenge():

    for _ in range(10):
        p("[+] Generating a 128-bit random secret (a, b)\n")
        secret_a = randint(0, 2**64 - 1)
        secret_b = randint(0, 2**64 - 1)
        secret   = "{:016x}{:016x}".format(secret_a, secret_b)
        p("[+] Done! Now, try go guess it!\n")
        p(">>> a = ")
        a = int(input())
        p(">>> b = ")
        b = int(input())
        check = "{:016x}{:016x}".format(a, b)
        p("[-] Trying {}\n".format(check))
        if check == secret:
            flag = open("flag.txt").read()
            p("[+] Well done! Here is the flag: {}\n".format(flag))
            break
        else:
            p("[!] Nope, it started by {}. Please try again.\n".format(secret[:5]))

if __name__ == "__main__":
    signal.alarm(DELAY)
    signal.signal(signal.SIGALRM, handler)
    try:
        challenge()
    except Exception, e: 
        exit(0)
    else:
        exit(0)
```

Le script génère deux secrets, secret\_a et secret\_b Ils contiennent un nombre compris entre 1 et 2^64-1

```
secret_a = randint(0, 2**64 - 1)
secret_b = randint(0, 2**64 - 1)
```

Ils sont ensuite converti en héxadécimal et concaténé.

```
secret   = "{:016x}{:016x}".format(secret_a, secret_b)
```

On voit aussi qu'il y a un délais pour trouver le secret

```
DELAY = 10
if __name__ == "__main__":
    signal.alarm(DELAY)
    signal.signal(signal.SIGALRM, handler)
```

### Debug <a href="#debug" id="debug"></a>

J'ai ajouté un délais plus large + print des secrets

```
#!/usr/local/bin/python2

import sys
import signal
from random import randint

# Time allowed to answer (seconds)
DELAY = 1000000000

def handler(signum, frame):
   raise Exception("Time is up!\n")

def p(s):
    sys.stdout.write(s)
    sys.stdout.flush()

def challenge():

    for _ in range(10):
        p("[+] Generating a 128-bit random secret (a, b)\n")
        secret_a = randint(0, 2**64 - 1)
                print(secret_a)
                secret_b = randint(0, 2**64 - 1)
                print(secret_b)
        secret   = "{:016x}{:016x}".format(secret_a, secret_b)
        print(secret)
                p("[+] Done! Now, try go guess it!\n")
        p(">>> a = ")
        a = int(input())
        p(">>> b = ")
        b = int(input())
        check = "{:016x}{:016x}".format(a, b)
        p("[-] Trying {}\n".format(check))
        if check == secret:
            #flag = open("flag.txt").read()
            flag = "OK FLAG"
                        p("[+] Well done! Here is the flag: {}\n".format(flag))
            break
        else:
            p("[!] Nope, it started by {}. Please try again.\n".format(secret[:5]))

if __name__ == "__main__":
    signal.alarm(DELAY)
    signal.signal(signal.SIGALRM, handler)
    try:
        challenge()
    except Exception, e: 
        exit(0)
    else:
        exit(0)
```

Si on test une éxécution :

```
onosh@kali:/home/onosh/FCSC/MISC# python randomito.py
[+] Generating a 128-bit random secret (a, b)
16141621770963719195
12208871211096206965
e0028f7a8d01141ba96e9fae5de1ee75
[+] Done! Now, try go guess it!
>>> a = 16141621770963719195
>>> b = 12208871211096206965
[-] Trying e0028f7a8d01141ba96e9fae5de1ee75
[+] Well done! Here is the flag: OK FLAG
```

Mais alors comment trouver le secret en 10 secondes ? Simplement en lui donnant ce qu'il attend :

```
onosh@kali:/home/onosh/FCSC/MISC# python randomito.py
[+] Generating a 128-bit random secret (a, b)
6141270817308741848
5049640784231285106
553a2d453f2910d84613ed8a036e4172
[+] Done! Now, try go guess it!
>>> a = secret_a
>>> b = secret_b
[-] Trying 553a2d453f2910d84613ed8a036e4172
[+] Well done! Here is the flag: OK FLAG
```

Il n'y a plus qu'à tester en réel :

```
onosh@kali:/home/onosh/FCSC/MISC# nc challenges2.france-cybersecurity-challenge.fr 6001
[+] Generating a 128-bit random secret (a, b)
[+] Done! Now, try go guess it!
>>> a = secret_a
>>> b = secret_b
[-] Trying d955218681608306fc0e9b492dbdda1c
[+] Well done! Here is the flag: FCSC{4496d11d19db92ae53e0b9e9415d99d877ebeaeab99e9e
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://book.onosh.ovh/ctf/france-cybersecurity-challenge/randomito.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.