Solving my first reverse engineering problem!!!

It was a basic problem but I was able to have it done.

1. Finding the file descriptor (not part of CTF, I just wanted to)

After running open() syscall, the fd is stored on rax, it was set to 3 and stored in ecx.

2. Finding the contents read from /dev/urandom (the actual problem)

man 2 read shows

       ssize_t read(size_t count;
                    int fd, void buf[count], size_t count);

Here, size_t count is return value, NOT 1ST ARGUMENT! Here 1st argument fd will be rdi and 2nd argument buf will be rsi, which in gdb looked like this:

$ si
1: x/10i $rip
=> 0x644d95ae3c44 <main+414>:   lea    rax,[rbp-0x18]
   0x644d95ae3c48 <main+418>:   mov    edx,0x8
   0x644d95ae3c4d <main+423>:   mov    rsi,rax
   0x644d95ae3c50 <main+426>:   mov    edi,ecx
   0x644d95ae3c52 <main+428>:   call   0x644d95ae3210 <read@plt>

As expected, edx here contains the file descriptor passed to edi from ecx that was retrieved from the previous open syscall mentioned above. And rsi contains the memory address of a pointer on the stack 0x18 above (stack grows backwards) the base pointer.

After the read function call was executed, x/x $rbp-0x18 lead to the expected output.

Cool!