> For the complete documentation index, see [llms.txt](https://book.onosh.ovh/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.onosh.ovh/ctf/france-cybersecurity-challenge/randomito.md).

# Randomito

### Énoncé

Pourrez-vous deviner le secret aléatoire généré ?

[randomyto.py](https://onosh.github.io/ctf/fcsc2020/download/randomyto.py)

### Analyse du script <a href="#analyse-du-script" id="analyse-du-script"></a>

```
#!/usr/local/bin/python2

import sys
import signal
from random import randint

# Time allowed to answer (seconds)
DELAY = 10

def handler(signum, frame):
   raise Exception("Time is up!\n")

def p(s):
    sys.stdout.write(s)
    sys.stdout.flush()

def challenge():

    for _ in range(10):
        p("[+] Generating a 128-bit random secret (a, b)\n")
        secret_a = randint(0, 2**64 - 1)
        secret_b = randint(0, 2**64 - 1)
        secret   = "{:016x}{:016x}".format(secret_a, secret_b)
        p("[+] Done! Now, try go guess it!\n")
        p(">>> a = ")
        a = int(input())
        p(">>> b = ")
        b = int(input())
        check = "{:016x}{:016x}".format(a, b)
        p("[-] Trying {}\n".format(check))
        if check == secret:
            flag = open("flag.txt").read()
            p("[+] Well done! Here is the flag: {}\n".format(flag))
            break
        else:
            p("[!] Nope, it started by {}. Please try again.\n".format(secret[:5]))

if __name__ == "__main__":
    signal.alarm(DELAY)
    signal.signal(signal.SIGALRM, handler)
    try:
        challenge()
    except Exception, e: 
        exit(0)
    else:
        exit(0)
```

Le script génère deux secrets, secret\_a et secret\_b Ils contiennent un nombre compris entre 1 et 2^64-1

```
secret_a = randint(0, 2**64 - 1)
secret_b = randint(0, 2**64 - 1)
```

Ils sont ensuite converti en héxadécimal et concaténé.

```
secret   = "{:016x}{:016x}".format(secret_a, secret_b)
```

On voit aussi qu'il y a un délais pour trouver le secret

```
DELAY = 10
if __name__ == "__main__":
    signal.alarm(DELAY)
    signal.signal(signal.SIGALRM, handler)
```

### Debug <a href="#debug" id="debug"></a>

J'ai ajouté un délais plus large + print des secrets

```
#!/usr/local/bin/python2

import sys
import signal
from random import randint

# Time allowed to answer (seconds)
DELAY = 1000000000

def handler(signum, frame):
   raise Exception("Time is up!\n")

def p(s):
    sys.stdout.write(s)
    sys.stdout.flush()

def challenge():

    for _ in range(10):
        p("[+] Generating a 128-bit random secret (a, b)\n")
        secret_a = randint(0, 2**64 - 1)
                print(secret_a)
                secret_b = randint(0, 2**64 - 1)
                print(secret_b)
        secret   = "{:016x}{:016x}".format(secret_a, secret_b)
        print(secret)
                p("[+] Done! Now, try go guess it!\n")
        p(">>> a = ")
        a = int(input())
        p(">>> b = ")
        b = int(input())
        check = "{:016x}{:016x}".format(a, b)
        p("[-] Trying {}\n".format(check))
        if check == secret:
            #flag = open("flag.txt").read()
            flag = "OK FLAG"
                        p("[+] Well done! Here is the flag: {}\n".format(flag))
            break
        else:
            p("[!] Nope, it started by {}. Please try again.\n".format(secret[:5]))

if __name__ == "__main__":
    signal.alarm(DELAY)
    signal.signal(signal.SIGALRM, handler)
    try:
        challenge()
    except Exception, e: 
        exit(0)
    else:
        exit(0)
```

Si on test une éxécution :

```
onosh@kali:/home/onosh/FCSC/MISC# python randomito.py
[+] Generating a 128-bit random secret (a, b)
16141621770963719195
12208871211096206965
e0028f7a8d01141ba96e9fae5de1ee75
[+] Done! Now, try go guess it!
>>> a = 16141621770963719195
>>> b = 12208871211096206965
[-] Trying e0028f7a8d01141ba96e9fae5de1ee75
[+] Well done! Here is the flag: OK FLAG
```

Mais alors comment trouver le secret en 10 secondes ? Simplement en lui donnant ce qu'il attend :

```
onosh@kali:/home/onosh/FCSC/MISC# python randomito.py
[+] Generating a 128-bit random secret (a, b)
6141270817308741848
5049640784231285106
553a2d453f2910d84613ed8a036e4172
[+] Done! Now, try go guess it!
>>> a = secret_a
>>> b = secret_b
[-] Trying 553a2d453f2910d84613ed8a036e4172
[+] Well done! Here is the flag: OK FLAG
```

Il n'y a plus qu'à tester en réel :

```
onosh@kali:/home/onosh/FCSC/MISC# nc challenges2.france-cybersecurity-challenge.fr 6001
[+] Generating a 128-bit random secret (a, b)
[+] Done! Now, try go guess it!
>>> a = secret_a
>>> b = secret_b
[-] Trying d955218681608306fc0e9b492dbdda1c
[+] Well done! Here is the flag: FCSC{4496d11d19db92ae53e0b9e9415d99d877ebeaeab99e9e
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://book.onosh.ovh/ctf/france-cybersecurity-challenge/randomito.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.