ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

Continue reading

1. Pentest Tools Linux
2. Hacker Tools For Windows
3. Pentest Tools Download
4. Nsa Hack Tools Download
5. Hacker Tools Github
6. Free Pentest Tools For Windows
7. Hacker Search Tools
8. World No 1 Hacker Software
9. Free Pentest Tools For Windows
10. New Hack Tools
11. Hacking Tools Download
12. Bluetooth Hacking Tools Kali
13. Hacker Tools
14. Pentest Tools Review
15. Hacker Tools Free Download
16. Hacker Tools Free Download
17. Hacker Tools Github
18. Hacker Tools For Windows
19. Hacker Tools For Ios
20. Nsa Hacker Tools
21. Hack Tools
22. Pentest Tools Website
23. Hacking Tools Hardware
24. Install Pentest Tools Ubuntu
25. New Hack Tools
26. What Is Hacking Tools
27. Pentest Reporting Tools
28. Hack Tools For Pc
29. What Is Hacking Tools
30. Hacking Tools Pc
31. Hacking Tools Name
32. Usb Pentest Tools
33. Hacking Tools Pc
34. Pentest Tools Online
35. Pentest Tools Port Scanner
36. Pentest Tools Apk
37. Nsa Hacker Tools
38. Easy Hack Tools
39. Hacker Tools Online
40. Hacker Tools Apk Download
41. Hack Tools Pc
42. Pentest Tools Apk
43. Physical Pentest Tools
44. What Is Hacking Tools
45. Usb Pentest Tools
46. Hacking Apps
47. Hacker Tools Mac
48. Pentest Tools Website
49. Hacker Tools
50. Hacking Tools Kit
51. Ethical Hacker Tools
52. Pentest Tools Website Vulnerability
53. Pentest Tools Subdomain
54. Hacker Tools Apk
55. Hacker Hardware Tools
56. Hacker Tools Mac
57. Hack Rom Tools
58. Hack Tools Pc
59. Nsa Hack Tools
60. Github Hacking Tools
61. How To Hack
62. Easy Hack Tools
63. Hacking Tools For Beginners
64. How To Hack
65. Hack Tools Pc
66. Hacker Hardware Tools
67. Blackhat Hacker Tools
68. Hacking Tools Software
69. Pentest Tools Tcp Port Scanner
70. Pentest Tools
71. Tools Used For Hacking
72. Hacker Tools Hardware
73. Github Hacking Tools
74. Underground Hacker Sites
75. Beginner Hacker Tools
76. Termux Hacking Tools 2019
77. Best Hacking Tools 2020
78. Hacking Tools For Kali Linux
79. Nsa Hacker Tools
80. Hacking Tools For Windows
81. Blackhat Hacker Tools
82. What Are Hacking Tools
83. What Are Hacking Tools
84. Pentest Tools For Android
85. Pentest Tools Find Subdomains
86. Hacking Tools
87. Hacker Tools Apk Download
88. World No 1 Hacker Software
89. Hacking Tools Windows 10
90. Hacker Tools Windows
91. Pentest Tools Tcp Port Scanner
92. Pentest Tools Website Vulnerability
93. Pentest Tools Bluekeep
94. Ethical Hacker Tools
95. Hacker Tools For Ios
96. Pentest Recon Tools
97. Pentest Tools For Mac
98. World No 1 Hacker Software
99. Hacking App
100. Hacking Tools Hardware
101. Blackhat Hacker Tools
102. Best Hacking Tools 2019
103. Hacking Tools Kit
104. Underground Hacker Sites
105. Game Hacking
106. Growth Hacker Tools