Tags: crypto 

Rating: 4.8

tldr;
- The server uses JavaScript's `Math.random()` which uses Xorshift128+.
- With 11 outputs, we can recover previous outputs and predict future outputs.
- To recover 11 pins (and therefore outputs of the PRNG):
- Use long guess `011222233333333...` to recover the digits of the pin.
- Somehow recover the pin entirely using less than 4 requests on average
- Predict the next outputs of `Math.random()`
- Get flag!

[full writeup](https://jsur.in/posts/2020-11-30-hitcon-ctf-2020-100-pins-writeup)

Original writeup (https://jsur.in/posts/2020-11-30-hitcon-ctf-2020-100-pins-writeup).