David Mellul DavidMellul

## PseudoRandomnessExample.rb
class PseudoRandomness

  # This is the constructor used to instantiate a PseudoRandomness object
  def initialize(seed)
    @instance_seed = seed
  end


  def change_seed
    @instance_seed = @instance_seed + 1

## PseudoRandomnessExample.rb
class PseudoRandomness

  # This is the constructor used to instantiate a PseudoRandomness object
  def initialize(seed)
    @instance_seed = seed
  end

  def change_seed
    @instance_seed = @instance_seed + 1
  end

## PseudoRandomnessResultExample.rb
# First 3 pseudo random numbers
10
12
14

# Second 3 pseudo random numbers
18
20
22

## LicensingExample.rb
def generate_random_uid
  # Generate a random value between 0 and 1 000 000
  base_pseudo_random_value = rand(1_000_000)

  uid = evil_maths(base_pseudo_random_value)
  return uid
end

if first_launch?
  uid = generate_random_uid()

## RubyBreaker.rb
# Seed = 10
Kernel.srand 10

## TodoRetrievalExample.php
<?php

/* Database configuration and so on...*/
$todo_list = $database->retrieve_all_todos();

<ul>
foreach($todo_list as $todo) {
  echo "<li> Task number $todo['id'] -> $todo['description'] </li>";
}
</ul>

## TodoSearchExample.php
<?php

$filter = $_GET['filter'];

echo "<p>Results for $filter</p>";

$filtered_list = $database->search_query($filter);

/* Rendering stuff */

## CSRFGenerationkExample.php
<?php

// Don't even look at the code. Just remember, the token must be cryptographically secure
// See : https://medium.com/@davidmellul/broken-by-design-2-randomness-d73f0a0536ed
function RandomToken($length = 32){ // Taken from a comment on http://php.net/manual/fr/function.random-bytes.php
    if(!isset($length) || intval($length) <= 8 ){
      $length = 32;
    }
    if (function_exists('random_bytes')) {
        return bin2hex(random_bytes($length));

## CSRFCheckExample.php
<?php

// Requested URL => http://VerySafePlace.io/deleteEverything
$token = $_GET['token'];

if(empty($token))
  showErrorMessage();
else {
  // This will check that the token matches the logged user's one
  if(token_exists_in_database($token))

## TodoSearchExample.php
<?php

$filter = $_GET['filter'];

$filtered_todo_list = $database->query("SELECT * FROM Todos WHERE name LIKE '.$filter."'");

/* Rendering part */
?>
	class PseudoRandomness

	# This is the constructor used to instantiate a PseudoRandomness object
	def initialize(seed)
	@instance_seed = seed
	end


	def change_seed
	@instance_seed = @instance_seed + 1
	# First 3 pseudo random numbers
	10
	12
	14

	# Second 3 pseudo random numbers
	18
	20
	22
	def generate_random_uid
	# Generate a random value between 0 and 1 000 000
	base_pseudo_random_value = rand(1_000_000)

	uid = evil_maths(base_pseudo_random_value)
	return uid
	end

	if first_launch?
	uid = generate_random_uid()
	<?php

	/* Database configuration and so on...*/
	$todo_list = $database->retrieve_all_todos();

	<ul>
	foreach($todo_list as $todo) {
	echo "<li> Task number $todo['id'] -> $todo['description'] </li>";
	}
	</ul>
	<?php

	$filter = $_GET['filter'];

	echo "<p>Results for $filter</p>";

	$filtered_list = $database->search_query($filter);

	/* Rendering stuff */
	<?php

	// Don't even look at the code. Just remember, the token must be cryptographically secure
	// See : https://medium.com/@davidmellul/broken-by-design-2-randomness-d73f0a0536ed
	function RandomToken($length = 32){ // Taken from a comment on http://php.net/manual/fr/function.random-bytes.php
	if(!isset($length) \|\| intval($length) <= 8 ){
	$length = 32;
	}
	if (function_exists('random_bytes')) {
	return bin2hex(random_bytes($length));
	<?php

	// Requested URL => http://VerySafePlace.io/deleteEverything
	$token = $_GET['token'];

	if(empty($token))
	showErrorMessage();
	else {
	// This will check that the token matches the logged user's one
	if(token_exists_in_database($token))
	<?php

	$filter = $_GET['filter'];

	$filtered_todo_list = $database->query("SELECT * FROM Todos WHERE name LIKE '.$filter."'");

	/* Rendering part */
	?>