Spot the Vuln: Random Time

What is x?

#include <time.h>
#include <stdio.h>
#include <stdlib.h>

int main() {
	char buff[50];
	time_t now = time(NULL);
	strftime(buff, 12, "%d%m%Y", localtime(&now));
	srand(atoi(buff));
	int random = rand();
	int x;
	scanf("%i", &x);
	if ( (random ^ x) == 1009294989) {
		printf("Correct\n");
		printf("This challenge was posted %x\n", x);
		return 0;
	}
}

Solution

%d%m%Y (day, month, year) translates to 26072022, the day the challenge was posted. Since we know that the seed of srand is 26072022 we can know what the first rand() will be (439336623) so then to get x we can do 439336623 ^ 1009294989 = 638001186 which is 0x26072022 in hex.

#include <time.h>
#include <stdio.h>
#include <stdlib.h>

int main() {
	srand(26072022);
	int random = rand();
	printf("First rand: %d\n", random);
	printf("X is: %d/0x%x\n", (random ^ 1009294989), (random ^ 1009294989));
}

Inspired by pwnable.kr’s random