ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Related posts

1. Hacker Tools Linux
2. Black Hat Hacker Tools
3. Hacker Tool Kit
4. Pentest Tools Kali Linux
5. Hacker
6. How To Install Pentest Tools In Ubuntu
7. Kik Hack Tools
8. Ethical Hacker Tools
9. Game Hacking
10. Hack Tools
11. Tools 4 Hack
12. New Hack Tools
13. Pentest Tools Website
14. Hack Tool Apk
15. Pentest Tools For Android
16. Hacking Tools Name
17. Hacker
18. Hacker Tools
19. Pentest Tools Open Source
20. Easy Hack Tools
21. New Hacker Tools
22. Pentest Tools Open Source
23. Best Hacking Tools 2019
24. Hacking Tools For Windows Free Download
25. Top Pentest Tools
26. Hacker Tools For Windows
27. Tools For Hacker
28. Hacking Tools Software
29. Pentest Tools Subdomain
30. How To Hack
31. Termux Hacking Tools 2019
32. Hacking Tools Software
33. Pentest Reporting Tools
34. Pentest Tools For Windows
35. Hak5 Tools
36. Hack Website Online Tool
37. Hacking Tools For Pc
38. Hacking Tools 2020
39. Hacker Techniques Tools And Incident Handling
40. Nsa Hacker Tools
41. Bluetooth Hacking Tools Kali
42. Termux Hacking Tools 2019
43. Pentest Tools Windows
44. Hacking Tools Pc
45. Easy Hack Tools
46. New Hack Tools
47. What Is Hacking Tools
48. Hacking Tools Online
49. Pentest Tools For Windows
50. Hack Tools Github
51. Best Hacking Tools 2020
52. Hacking Tools Windows
53. Tools Used For Hacking
54. Wifi Hacker Tools For Windows
55. World No 1 Hacker Software
56. Bluetooth Hacking Tools Kali
57. How To Hack
58. Beginner Hacker Tools
59. How To Make Hacking Tools
60. Pentest Tools Url Fuzzer
61. Hacker Tools Mac
62. Hacker
63. Pentest Tools Tcp Port Scanner
64. Hack Tools Online
65. Hack Tools Mac
66. Hacking Tools Hardware
67. How To Make Hacking Tools
68. Hack And Tools
69. Hack And Tools
70. Hackrf Tools
71. Hacking Tools Mac
72. Hacking Tools Windows 10
73. Hacking Tools 2020
74. Tools For Hacker
75. How To Make Hacking Tools
76. Pentest Tools Online
77. Hackrf Tools
78. Hacker Tools For Mac
79. Hacking Tools Online
80. Hacker Hardware Tools
81. Hackrf Tools
82. Hacking Tools For Mac
83. Pentest Tools Android
84. Pentest Tools Framework
85. Beginner Hacker Tools
86. Pentest Automation Tools
87. Pentest Tools Kali Linux
88. Hack Tools Online
89. Hack Tools Pc
90. Hacking Tools Software
91. Hack Rom Tools
92. Hack Tools
93. Termux Hacking Tools 2019
94. Hacker Tools Free
95. Hack Apps
96. Nsa Hack Tools
97. Hacking Tools Free Download
98. Hacking Apps
99. Pentest Tools Port Scanner
100. Hacking Tools
101. Pentest Tools Nmap
102. Hack Website Online Tool
103. Pentest Tools Bluekeep
104. Hacking Tools For Mac
105. Kik Hack Tools
106. Pentest Tools Online