It's RPG game on server. They gave the server's binary on me. The pseudo code is..
main {
butler: HP 1000 ATK 74 LUK 5 DEF 50
Well512 random with timestamp seed
A = 0
B = 0
if input is n {
A++
}
if input is m {
prints timestamp and B++
}
if input is y {
I = input between 0 ~ 22. if input not on the range, exit.
cat: HP timestamp%300 ATK Well512(timestamp%1000,A)%60 LUK Well512(timestamp%1000,A)%10 DEFWell512(timestamp%1000,B)%76
Fight
if cat wins {
gives I-th letter of flag.
}
}
}
Well512(seed, round) {
returns different random value if seed or round is different.
}
Fight {
Attack cat player
Attack player cat
}
Attack(A, B) {
if A.ATK > B.DEF and Well512(new timestamp, 1) % 100 > LUK {
B.HP -= A.ATK - B.DEF
}
if B.HP < 0 {
A win
}
}
There are Well512 PRNG which determines the cat's PRNG. I've just ported it to python and tested the solution locally, and it worked.
But on server, it didn't work. So I just brute forced every letter of flag.
python withnonamecat.py | tee|grep hereisflag &
# executed about 8 times
I think that replacing this code with line 22 in withnonamecat.py might be a better way to improve readability.
int(time.mktime(time.strptime(P, '\n%Y년 %m월 %d일 %H시 %M분 %S초'))) - time.timezone