ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Related posts

1. Hack Rom Tools
2. Hacker Security Tools
3. Hacker Tools
4. Pentest Tools Tcp Port Scanner
5. Pentest Tools Alternative
6. Hack Tools For Games
7. Hak5 Tools
8. Hack Tools Github
9. Hack Tools For Games
10. Hacking Tools For Windows 7
11. Hacker Tools Software
12. Pentest Tools Url Fuzzer
13. Github Hacking Tools
14. Hacker Tool Kit
15. Easy Hack Tools
16. Pentest Tools Website
17. How To Make Hacking Tools
18. Hackers Toolbox
19. Hacker
20. Hacking Tools Download
21. Pentest Tools Subdomain
22. Growth Hacker Tools
23. Game Hacking
24. Pentest Tools Subdomain
25. Pentest Tools Port Scanner
26. Hack Rom Tools
27. Hacker Tools Linux
28. Pentest Tools Linux
29. Hack Tools For Pc
30. Pentest Tools Alternative
31. Hack Tools 2019
32. Hacker Tools Apk
33. Pentest Tools Download
34. Hack Tools For Games
35. Physical Pentest Tools
36. Underground Hacker Sites
37. Hacker Tools Linux
38. Hacker Tools Software
39. How To Make Hacking Tools
40. Hacking Tools Online
41. Hacking Tools Pc
42. Hacker Tools Free
43. Nsa Hack Tools Download
44. World No 1 Hacker Software
45. Tools Used For Hacking
46. Hacker Tools Hardware
47. Pentest Tools Url Fuzzer
48. Underground Hacker Sites
49. Github Hacking Tools
50. Top Pentest Tools
51. Game Hacking
52. New Hacker Tools
53. Hacks And Tools
54. Pentest Automation Tools
55. How To Hack
56. Wifi Hacker Tools For Windows
57. Hack And Tools
58. Hacking Tools Kit
59. Beginner Hacker Tools
60. Hack Tools For Mac
61. Hacking Tools For Kali Linux
62. Kik Hack Tools
63. New Hack Tools
64. Hack Tools
65. Hacker Tools Windows
66. Hacking Tools And Software
67. Top Pentest Tools
68. Hacking Tools For Windows
69. Hacking Tools Download
70. Hacker Techniques Tools And Incident Handling
71. Hacking Tools Github
72. Pentest Tools Github
73. Game Hacking
74. Pentest Tools Online
75. Pentest Tools Find Subdomains
76. Hacker Tools Apk Download
77. Best Hacking Tools 2020
78. Hack Apps
79. Hacking Tools Download
80. Hacks And Tools
81. Tools Used For Hacking
82. Hack Tools
83. Pentest Tools Subdomain
84. Hack Tool Apk
85. Pentest Tools Port Scanner
86. Pentest Tools Download
87. Nsa Hack Tools
88. Pentest Tools Android
89. Hacker Tools Apk Download