ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Related news

1. Hacking Tools For Windows 7
2. New Hacker Tools
3. Pentest Tools Website Vulnerability
4. Free Pentest Tools For Windows
5. Hacker Tools Software
6. Pentest Tools Tcp Port Scanner
7. Hacker Techniques Tools And Incident Handling
8. Best Hacking Tools 2019
9. Hack Tool Apk No Root
10. Hacking Tools 2019
11. New Hacker Tools
12. Android Hack Tools Github
13. Blackhat Hacker Tools
14. Black Hat Hacker Tools
15. Hack Tools For Games
16. Hack Tools For Games
17. Hack App
18. Computer Hacker
19. Hack Apps
20. Hacking Tools Online
21. Hack Tools For Games
22. Pentest Recon Tools
23. Top Pentest Tools
24. Black Hat Hacker Tools
25. Hacking Apps
26. Hack Rom Tools
27. Hack Tools For Pc
28. Hacker Tools Windows
29. Hacker Tools Apk
30. Hacker Tools Hardware
31. Hacking Tools For Pc
32. World No 1 Hacker Software
33. Pentest Box Tools Download
34. Hacker Tools 2020
35. Hack Tools For Mac
36. Hacking Tools Download
37. Pentest Box Tools Download
38. Pentest Tools Bluekeep
39. Hacking Tools Download
40. Hack Tools For Pc
41. Pentest Tools Download
42. Hacker Tools 2019
43. Pentest Tools Free
44. Hacker Hardware Tools
45. Hacker Tool Kit
46. Pentest Tools Linux
47. Tools 4 Hack
48. Hack Rom Tools
49. Hacking Apps
50. Install Pentest Tools Ubuntu
51. Hack Tools
52. Github Hacking Tools
53. Hacking Tools And Software
54. Hacking Tools Mac
55. Pentest Tools Framework
56. Hacking Tools Free Download
57. Hacking Tools Name
58. Install Pentest Tools Ubuntu
59. Pentest Tools Website
60. Hacking Tools Windows 10
61. Hacker Tools For Mac
62. Termux Hacking Tools 2019
63. Hacker Hardware Tools
64. Hacker Tools Hardware
65. Game Hacking
66. Usb Pentest Tools
67. Pentest Tools Find Subdomains
68. How To Hack
69. Bluetooth Hacking Tools Kali
70. Termux Hacking Tools 2019
71. Pentest Tools Url Fuzzer
72. Hacker Tools Free
73. Physical Pentest Tools
74. Hacker Tools For Mac
75. Black Hat Hacker Tools
76. Nsa Hacker Tools
77. Pentest Tools Framework
78. Hacker Search Tools
79. Hacking Tools 2020
80. Pentest Box Tools Download
81. Hacking Tools Hardware
82. Pentest Tools List
83. Hacking Apps
84. Pentest Tools Website
85. Hacker Tool Kit
86. Pentest Tools For Ubuntu
87. Hack Tools For Mac
88. Easy Hack Tools
89. Hacker Tools For Pc
90. Underground Hacker Sites
91. Pentest Automation Tools
92. How To Hack
93. Hacker Tools Windows
94. Hak5 Tools
95. Hacker Tools Free Download
96. Hacker Tools 2019
97. Hacking Tools Windows 10
98. Hacking Tools Usb
99. Tools 4 Hack
100. Pentest Tools Subdomain
101. Underground Hacker Sites
102. Hack Apps
103. Hacker Tools Apk Download