ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Read more

1. Hacking Tools For Pc
2. Hacking Tools Mac
3. Best Hacking Tools 2019
4. Hacking Tools
5. Hack Apps
6. Hackrf Tools
7. Hacking Tools Online
8. Pentest Tools Port Scanner
9. Hack Rom Tools
10. Best Hacking Tools 2020
11. Hack Tools For Ubuntu
12. Free Pentest Tools For Windows
13. Hacking Tools Windows
14. Pentest Tools Online
15. Hacks And Tools
16. Hacking Apps
17. What Is Hacking Tools
18. Best Hacking Tools 2020
19. New Hacker Tools
20. Hack Tools For Windows
21. Hak5 Tools
22. Hacking Tools Windows 10
23. Pentest Tools Linux
24. Hacker Tools Apk Download
25. Hacking Tools For Beginners
26. Blackhat Hacker Tools
27. Hacker Hardware Tools
28. Hacker Tools Hardware
29. Best Hacking Tools 2020
30. Nsa Hacker Tools
31. Hacking Tools Software
32. New Hacker Tools
33. Hack Tools
34. Hacker Tools Apk Download
35. Hack Rom Tools
36. Hack Tools
37. Pentest Tools Apk
38. Termux Hacking Tools 2019
39. Pentest Tools For Android
40. Tools 4 Hack
41. Pentest Tools Kali Linux
42. Pentest Tools Free
43. New Hack Tools
44. Hacking Tools Pc
45. Hack Tool Apk No Root
46. Pentest Tools Website Vulnerability
47. Pentest Tools Tcp Port Scanner
48. Ethical Hacker Tools
49. Hack Tools Mac
50. Hacking Tools Download
51. What Are Hacking Tools
52. Hacking Tools Github
53. Hacker Tools 2019
54. Hacker Search Tools
55. Pentest Tools Find Subdomains
56. Hacker Tools Mac
57. Hack App
58. Hack Tools Online
59. Hacker Search Tools
60. Tools 4 Hack
61. Hacker Tools For Ios
62. Ethical Hacker Tools
63. Hacking Tools 2020
64. How To Hack
65. Hacker Tools 2020
66. Pentest Box Tools Download
67. Pentest Tools Github
68. Hack App
69. Hack Tools Mac
70. Pentest Tools Download
71. Hacking Tools For Kali Linux
72. Nsa Hacker Tools
73. Top Pentest Tools
74. Hack Tools Online
75. Best Pentesting Tools 2018
76. Hack Tools Online
77. Hak5 Tools
78. Hacking Tools For Windows 7
79. Hacker Tools Online
80. Best Hacking Tools 2020
81. Hacker Tools 2020
82. Tools For Hacker
83. Hacking Tools For Kali Linux
84. Hacking Tools Name
85. Hacker Search Tools
86. Hack Website Online Tool
87. Pentest Tools Free
88. How To Make Hacking Tools
89. Hack Tools Online
90. Hacking Tools For Beginners
91. Wifi Hacker Tools For Windows
92. Hacking Tools Online
93. Beginner Hacker Tools
94. Pentest Automation Tools
95. Bluetooth Hacking Tools Kali
96. Pentest Tools Alternative
97. Hacker Tools 2019
98. Pentest Tools Android
99. Pentest Tools Alternative
100. Kik Hack Tools
101. Beginner Hacker Tools
102. Hacker Tools Windows
103. Hacker Search Tools
104. Game Hacking
105. Hacking Tools For Kali Linux
106. Pentest Tools Port Scanner
107. Nsa Hacker Tools
108. Termux Hacking Tools 2019
109. Hack Tools For Windows
110. Pentest Tools Download
111. Hack Tools Online
112. Hack Tool Apk