ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Related news

1. Hacking Tools For Games
2. Hacker Techniques Tools And Incident Handling
3. Hacker Tools Free Download
4. Pentest Tools Nmap
5. Hack And Tools
6. Tools Used For Hacking
7. Pentest Tools Tcp Port Scanner
8. Pentest Automation Tools
9. Pentest Tools Github
10. Hack Tools For Mac
11. Black Hat Hacker Tools
12. Hacker Tools 2019
13. Pentest Tools Website Vulnerability
14. Pentest Automation Tools
15. Pentest Tools For Mac
16. Hack Tools For Ubuntu
17. Pentest Tools For Windows
18. Hacking Tools And Software
19. Pentest Tools Bluekeep
20. Hacking Tools Mac
21. Hack Tools For Pc
22. Hacker Tools Linux
23. Hacker Tools
24. Pentest Tools
25. Hacking Tools Free Download
26. Hacker Hardware Tools
27. Pentest Tools Subdomain
28. Usb Pentest Tools
29. Hack Tools Github
30. Ethical Hacker Tools
31. Pentest Tools Open Source
32. Bluetooth Hacking Tools Kali
33. Hacker Tools Free Download
34. Hack Tools Github
35. Hack Tools
36. Hacker Tools Windows
37. Pentest Tools Subdomain
38. Pentest Tools Tcp Port Scanner
39. Pentest Tools For Android
40. Hacking Tools Free Download
41. Usb Pentest Tools
42. Hak5 Tools
43. Pentest Tools Nmap
44. Ethical Hacker Tools
45. Pentest Reporting Tools
46. Hack Tools For Pc
47. What Is Hacking Tools
48. Hacker Tools
49. Hacker Tools Windows
50. Hacker Hardware Tools
51. Pentest Tools For Windows
52. New Hacker Tools
53. Android Hack Tools Github
54. Wifi Hacker Tools For Windows