ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Related news

1. Hack Apps
2. Hack Tools Pc
3. How To Hack
4. Bluetooth Hacking Tools Kali
5. Pentest Tools Port Scanner
6. Pentest Tools Website Vulnerability
7. Hacking Tools Pc
8. Hack Tools For Ubuntu
9. Pentest Tools Linux
10. Hacker Techniques Tools And Incident Handling
11. Hack Tools
12. Pentest Tools
13. Underground Hacker Sites
14. Hacking Tools For Beginners
15. Pentest Recon Tools
16. Nsa Hack Tools
17. Hack Tool Apk
18. Pentest Tools Url Fuzzer
19. Hack Tools
20. Kik Hack Tools
21. Pentest Tools Website Vulnerability
22. Pentest Tools Find Subdomains
23. How To Make Hacking Tools
24. Tools Used For Hacking
25. Pentest Recon Tools
26. Pentest Tools List
27. Hacking Tools For Kali Linux
28. Hacking Tools Free Download
29. Kik Hack Tools
30. Hacker Tools Online
31. Hacker Tools Linux
32. Best Hacking Tools 2019
33. Hacker Tools Apk
34. Hack Tools
35. Hacker Tools List
36. Tools 4 Hack
37. Hacker
38. Hacking Tools Hardware
39. Pentest Tools Website
40. Kik Hack Tools
41. Hack Tools
42. Pentest Tools Apk
43. Hack Tools Download
44. Hack Tools For Ubuntu
45. Best Pentesting Tools 2018
46. Hack Tools Download
47. Pentest Tools For Ubuntu
48. Hacking Tools For Windows
49. Hacking Tools 2020
50. Hack Tools 2019
51. Best Pentesting Tools 2018
52. Hacker Tools List
53. Pentest Tools
54. Hacker Hardware Tools
55. Pentest Tools Tcp Port Scanner
56. Pentest Tools Android
57. Hacker Tools Hardware
58. Hacker Tools Mac
59. Pentest Tools Github
60. Pentest Reporting Tools
61. Hack Tools Pc
62. Hack Tools Pc
63. Hak5 Tools
64. Hack Tools Download
65. Hack Tools Github
66. Ethical Hacker Tools
67. Pentest Tools Url Fuzzer
68. Hacking Tools 2020
69. Hack App
70. Hak5 Tools
71. Ethical Hacker Tools
72. Hacking Tools For Windows
73. Pentest Tools List
74. New Hacker Tools
75. Hacker Tools Windows
76. Hacking Tools For Games
77. Hack Tools Github
78. Hacker Tools Mac
79. Hack Tool Apk
80. Hacking Tools Pc
81. Hacker Search Tools
82. Best Hacking Tools 2019
83. Hacker Tools Software
84. What Is Hacking Tools
85. Hacking Tools Windows
86. Pentest Tools Alternative
87. Hacker Tools 2019
88. Hacking Tools Software
89. Pentest Reporting Tools
90. Install Pentest Tools Ubuntu
91. How To Make Hacking Tools
92. Hack Tools Download
93. Hacking Tools Windows 10
94. Hack Tools 2019
95. Hacking Tools Name
96. Hacker Tools 2020
97. Pentest Tools Apk
98. Hacks And Tools
99. Hacker Security Tools
100. Pentest Tools For Android
101. Hacker Tools Software
102. Pentest Automation Tools
103. Hacking Tools And Software