Tags: crypto

Rating: 4.8

tldr;
- The server uses JavaScript's Math.random() which uses Xorshift128+.
- With 11 outputs, we can recover previous outputs and predict future outputs.
- To recover 11 pins (and therefore outputs of the PRNG):
- Use long guess 011222233333333... to recover the digits of the pin.
- Somehow recover the pin entirely using less than 4 requests on average
- Predict the next outputs of Math.random()
- Get flag!

Original writeup (https://jsur.in/posts/2020-11-30-hitcon-ctf-2020-100-pins-writeup).