ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Related posts

1. Pentest Tools
2. Hack Tools Mac
3. Pentest Tools Subdomain
4. Hack Tools Download
5. Pentest Tools Review
6. Hacking Tools And Software
7. Hacker Tools Online
8. Wifi Hacker Tools For Windows
9. Hacking Tools For Games
10. Hacking Tools For Windows Free Download
11. Pentest Tools List
12. Hacker Tools Windows
13. Hacking Tools 2020
14. Tools 4 Hack
15. Hacking Tools Windows
16. Computer Hacker
17. Android Hack Tools Github
18. Hacker Tools Free Download
19. Pentest Tools Linux
20. Pentest Tools
21. Underground Hacker Sites
22. Kik Hack Tools
23. How To Hack
24. Hacking Tools Name
25. Hacker Tools 2020
26. Top Pentest Tools
27. Pentest Tools Url Fuzzer
28. Hacks And Tools
29. Hacking Tools For Windows 7
30. Hacker Search Tools
31. Easy Hack Tools
32. Pentest Box Tools Download
33. Hacking Tools Kit
34. Hack Tools Download
35. Pentest Tools Review
36. Pentest Automation Tools
37. Hacker Tools Mac
38. Hacker Tools For Ios
39. Pentest Tools Website Vulnerability
40. Hack Tools For Pc
41. Hack Tools 2019
42. Hack Tools For Pc
43. Pentest Tools Website Vulnerability
44. Hack App
45. Pentest Tools Github
46. Hacking Tools For Windows 7
47. Hack Website Online Tool
48. Hacking Apps
49. Hak5 Tools
50. Hacking Tools 2019
51. Github Hacking Tools
52. Nsa Hack Tools Download
53. Hacker Techniques Tools And Incident Handling
54. Hack Tool Apk No Root
55. Pentest Tools Alternative
56. Hacking Tools Free Download
57. Pentest Tools Bluekeep
58. Pentest Tools Github
59. Growth Hacker Tools
60. Beginner Hacker Tools
61. Hacker Tools Apk Download
62. Pentest Tools For Ubuntu
63. World No 1 Hacker Software
64. Growth Hacker Tools
65. Hacking Tools For Windows Free Download
66. World No 1 Hacker Software
67. Usb Pentest Tools
68. Hacking Tools Online
69. Hacker Security Tools
70. Android Hack Tools Github
71. Hacker Tools For Ios
72. Pentest Tools For Ubuntu
73. Hack Tools For Windows
74. Easy Hack Tools
75. Hacking Tools Windows
76. Hack Website Online Tool
77. Pentest Tools Subdomain
78. Hacker Tools Mac
79. Pentest Tools Framework
80. Hacker Tools Linux
81. Pentest Tools Port Scanner
82. Pentest Tools Website