ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

More info

• Hacking Tools For Windows Free Download
• Hack Tools For Games
• Hacking Tools For Mac
• Hacking App
• Pentest Tools
• Hacker Tools Online
• Hacker Tools For Mac
• Hacking Apps
• Pentest Tools For Mac
• Pentest Tools Linux
• Pentest Tools Url Fuzzer
• Hacker Tools Apk
• Pentest Tools For Windows
• Hacking Tools Usb
• Hacking Tools For Beginners
• Hacker Tools For Mac
• Hacking Tools Windows 10
• Hacking Tools Windows 10
• Hacking Tools Name
• Hack Tools 2019
• Hack Tool Apk No Root
• Pentest Tools Review
• Pentest Tools For Mac
• Pentest Tools Subdomain
• Hackers Toolbox
• Growth Hacker Tools
• Hacking Tools For Games
• Hacking Tools 2020
• Hack Apps
• Pentest Tools Kali Linux
• Hack Tools For Windows
• Nsa Hack Tools
• Hacking Tools For Windows
• Hack Tools Github
• Hackrf Tools
• Android Hack Tools Github
• Pentest Tools Free
• Pentest Tools Linux
• Pentest Reporting Tools
• Hacker Tools Apk Download
• Nsa Hack Tools
• Hacking Tools For Windows
• Hacker Tools Linux
• Pentest Tools Bluekeep
• Pentest Tools Tcp Port Scanner
• Hacking Tools For Games
• Beginner Hacker Tools
• New Hacker Tools
• Black Hat Hacker Tools
• Underground Hacker Sites
• Pentest Tools Port Scanner
• Hacking Tools And Software
• What Are Hacking Tools
• Hacker Tools
• Hack Tools Online
• Pentest Tools Website Vulnerability
• Pentest Reporting Tools
• Hacking Tools Software
• Hacking Tools Usb
• Hack Tools Github
• Pentest Recon Tools
• Hacking Tools
• Hacking Tools Github
• Hacker Tools List
• Pentest Tools Url Fuzzer
• Hacking Tools For Windows
• Hacking Tools For Windows
• Hacking Tools For Beginners
• Hacker Tools Mac
• Hacker
• Pentest Tools Website
• Hacker Tools 2020
• Pentest Reporting Tools
• Best Hacking Tools 2019
• Computer Hacker
• Beginner Hacker Tools
• Pentest Tools Tcp Port Scanner
• Hacking Tools
• Pentest Tools
• Hacking Tools Online
• Underground Hacker Sites
• Hacking Tools For Games
• Hacker Tools 2019
• Hacking Tools And Software
• Pentest Tools Url Fuzzer
• Growth Hacker Tools
• Nsa Hacker Tools
• Pentest Tools For Windows
• Hacker Tools Windows
• Kik Hack Tools
• Hack Rom Tools
• Pentest Box Tools Download
• Hacking Tools For Games
• Pentest Tools For Android
• Pentest Tools Find Subdomains
• Hacker Tools 2019
• Hack Apps
• Hacker Tools Apk Download
• Hacking Tools 2020
• Pentest Tools Port Scanner
• Hacking Tools
• Easy Hack Tools