ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

More information

1. Hack Tools For Pc
2. Hacking App
3. Tools For Hacker
4. Hackrf Tools
5. Hacker Tools
6. Hack Website Online Tool
7. Hacker Tools Apk Download
8. Pentest Automation Tools
9. Hack Tools
10. Pentest Tools Windows
11. Pentest Tools Alternative
12. Kik Hack Tools
13. Hack Tool Apk
14. Pentest Tools Open Source
15. Bluetooth Hacking Tools Kali
16. Pentest Tools Nmap
17. Easy Hack Tools
18. New Hacker Tools
19. Physical Pentest Tools
20. Hacking Tools For Pc
21. Hacker Tools Windows
22. Ethical Hacker Tools
23. Pentest Recon Tools
24. Hacker Tools For Windows
25. Usb Pentest Tools
26. Android Hack Tools Github
27. Hacker Hardware Tools
28. Pentest Tools Url Fuzzer
29. Hack Tools For Windows
30. Hacker Tools For Ios
31. How To Install Pentest Tools In Ubuntu
32. Easy Hack Tools
33. Nsa Hacker Tools
34. Hacking Tools And Software
35. Hack Tools Download
36. Pentest Tools Download
37. Pentest Tools Github
38. Hacker Tools Linux
39. Pentest Tools Find Subdomains
40. Pentest Tools Nmap
41. Hack Tools
42. Hack Tools Download
43. Hacker Search Tools
44. Hacking App
45. Pentest Automation Tools
46. Hacker Tool Kit
47. Hacking Tools 2020
48. Hacking App
49. Pentest Tools Free
50. Android Hack Tools Github
51. Pentest Tools Kali Linux
52. Hacking Tools For Mac
53. Hack Rom Tools
54. Beginner Hacker Tools
55. Pentest Tools Tcp Port Scanner