ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

More articles

1. How To Make Hacking Tools
2. Hacker Tools List
3. Tools For Hacker
4. Hacking Tools For Windows
5. Hacker Tools Software
6. Hacking Tools For Kali Linux
7. Hack Tools For Games
8. Hack And Tools
9. Nsa Hack Tools Download
10. Hack Tools Download
11. Hacking Tools For Windows 7
12. Hack App
13. Hacker Tools Mac
14. Pentest Tools Tcp Port Scanner
15. Hack Tools
16. Best Pentesting Tools 2018
17. Hackrf Tools
18. Best Hacking Tools 2020
19. Hack Apps
20. Hacking Tools For Pc
21. Hacking Tools Name
22. Hacking Tools Download
23. Hacker Hardware Tools
24. Free Pentest Tools For Windows
25. Install Pentest Tools Ubuntu
26. Hacking Tools Kit
27. Hack Tools For Ubuntu
28. Pentest Reporting Tools
29. Hacker Tools Hardware
30. Hacking Tools Usb
31. Hacker Tools Online
32. Hack Tools For Mac
33. Hacker Tools For Windows
34. Android Hack Tools Github
35. Tools 4 Hack
36. Nsa Hack Tools
37. Pentest Tools Github
38. Pentest Tools List
39. New Hack Tools
40. Pentest Tools Bluekeep
41. Pentest Tools Review
42. Pentest Tools Linux
43. Hacking Tools 2020
44. Hacker
45. Nsa Hack Tools Download
46. Hack Tool Apk No Root
47. Wifi Hacker Tools For Windows
48. Pentest Tools Apk
49. Hacking App
50. Hacking Tools For Pc
51. Nsa Hack Tools
52. Hacker Techniques Tools And Incident Handling
53. Hackers Toolbox
54. Github Hacking Tools
55. Tools Used For Hacking
56. Hacking Tools For Windows
57. Hacker Tools Software
58. Pentest Tools Website
59. Hacker Hardware Tools
60. How To Install Pentest Tools In Ubuntu
61. Hack Rom Tools
62. Hacker Tools For Mac
63. Hack Tools Online
64. Beginner Hacker Tools
65. Pentest Tools Find Subdomains
66. Pentest Tools Kali Linux
67. Hack Tools For Ubuntu
68. Top Pentest Tools
69. Top Pentest Tools
70. Hacker Tools 2019
71. Hacking Apps
72. Hacker Tools Free Download
73. Hack Website Online Tool
74. Hacking Tools Usb
75. Hacking App
76. Bluetooth Hacking Tools Kali
77. Growth Hacker Tools
78. Tools Used For Hacking
79. Hack Tools For Games
80. Pentest Tools Free
81. Pentest Tools Windows
82. Android Hack Tools Github
83. Pentest Tools For Windows
84. Github Hacking Tools
85. Physical Pentest Tools
86. Pentest Tools Subdomain
87. Pentest Tools Tcp Port Scanner
88. How To Install Pentest Tools In Ubuntu
89. Pentest Tools Free
90. Hack And Tools
91. Pentest Tools Free
92. Pentest Reporting Tools
93. Hacker Tools Windows
94. How To Install Pentest Tools In Ubuntu
95. Usb Pentest Tools
96. Nsa Hack Tools
97. New Hack Tools
98. Hack Tools For Games
99. Pentest Tools Tcp Port Scanner
100. Hack Tools Download
101. What Are Hacking Tools
102. Termux Hacking Tools 2019
103. Pentest Tools Framework
104. Hacking Tools Software