ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

More articles

• Hacker Tools For Ios
• Pentest Tools Free
• Hack Tools For Games
• Hacker Tools Mac
• Hacking Tools For Kali Linux
• Blackhat Hacker Tools
• Pentest Tools Online
• Hacking Tools For Windows 7
• Hack Tools For Pc
• Pentest Tools For Ubuntu
• Pentest Tools Android
• Hacker Tools 2020
• Top Pentest Tools
• Hacker Tools Apk Download
• Hack Tools For Windows
• Hack Tools For Pc
• Pentest Tools Alternative
• Hacks And Tools
• Install Pentest Tools Ubuntu
• Hacker Tools For Windows
• Hacker Search Tools
• Hacker Tools List
• Hack Tools For Ubuntu
• Pentest Tools Nmap
• Hackrf Tools
• Hacking Tools For Kali Linux
• Tools Used For Hacking
• Hacker Tools Free Download
• Hacker Tools Windows
• Kik Hack Tools
• Hack Rom Tools
• Hacker Tools Free Download
• Hacking Tools For Games
• Install Pentest Tools Ubuntu
• Pentest Tools Tcp Port Scanner
• Hacker Tools Free Download
• Hacker Tool Kit
• Hack And Tools
• Hacker Tools Linux
• New Hack Tools
• Hacking Apps
• Pentest Tools Review
• Physical Pentest Tools
• How To Make Hacking Tools
• Hacking Tools Hardware
• Pentest Tools Website Vulnerability
• Hacking Tools Kit
• Easy Hack Tools
• Hacker Tools Hardware
• Hacking Tools For Windows Free Download
• Hacking Tools Name
• Pentest Tools Find Subdomains
• Pentest Tools Open Source
• Pentest Tools Alternative
• Hacking Tools For Beginners
• How To Install Pentest Tools In Ubuntu
• Hacking Tools Pc
• Android Hack Tools Github
• Wifi Hacker Tools For Windows
• Hack Tool Apk No Root
• Android Hack Tools Github
• Hacker Tool Kit
• Pentest Recon Tools
• Hacking Tools 2019
• Hack Tools For Ubuntu
• Pentest Tools Url Fuzzer
• Pentest Tools Github
• Hacking Tools 2019
• Tools Used For Hacking
• Hacking Tools For Kali Linux
• Hacking Tools For Windows Free Download
• Pentest Recon Tools
• Tools 4 Hack
• Hackers Toolbox
• Hacking Tools Software
• Pentest Tools Subdomain
• Hacker Search Tools
• Pentest Tools Online
• Pentest Tools Nmap
• Hack Tools Download
• Hacker Tools Apk
• Hackrf Tools
• Pentest Tools Nmap
• Nsa Hack Tools Download
• Top Pentest Tools
• Hack Tools
• Hacker Tools List
• World No 1 Hacker Software
• Best Hacking Tools 2020
• Hack Apps
• Hack Tool Apk No Root
• Hackrf Tools
• Pentest Tools Port Scanner
• Hacker Security Tools
• Pentest Tools For Mac
• Hack Tools For Ubuntu
• Hacker Tools Mac
• Hacker Tools
• Nsa Hack Tools
• Pentest Tools For Ubuntu
• Hacks And Tools
• Pentest Tools Review
• Install Pentest Tools Ubuntu
• Bluetooth Hacking Tools Kali
• Blackhat Hacker Tools
• Hack Tools
• Hack Website Online Tool
• Top Pentest Tools
• Hacker Hardware Tools
• Pentest Tools For Windows
• Hacker Tools Mac
• Pentest Tools Find Subdomains
• Hacking Tools Hardware
• Hacking Tools For Kali Linux
• Game Hacking
• Hack Apps
• Hack Website Online Tool
• Hack Website Online Tool
• Hacking Tools Kit
• How To Make Hacking Tools
• Pentest Tools For Mac
• Hack App
• Pentest Tools Website Vulnerability
• Hackrf Tools
• Pentest Tools Website Vulnerability
• Nsa Hacker Tools
• Hacking Tools Kit
• Hack Tools 2019
• Pentest Reporting Tools
• Tools For Hacker
• Hacker Tools Online
• Pentest Tools Find Subdomains
• Free Pentest Tools For Windows
• Hackers Toolbox
• Pentest Tools Download
• Pentest Tools For Mac
• Hak5 Tools
• Hacking Tools Kit
• Hacker Tools
• Hacking Tools For Games
• Pentest Tools
• Hack Tools Mac
• Pentest Box Tools Download
• Hack Tools For Pc
• Growth Hacker Tools
• Hacking Tools And Software
• Hack Website Online Tool
• Hack Tools Pc
• Hack Tools For Windows
• Hacking Tools For Beginners
• Nsa Hack Tools
• How To Install Pentest Tools In Ubuntu
• Hacker
• Hacker Tools Free
• Hack Rom Tools
• Github Hacking Tools
• Hacking Tools For Games
• Usb Pentest Tools
• Tools Used For Hacking
• How To Hack
• Tools For Hacker
• Computer Hacker