ASIS CTF Quals 2015 - Sawthis Writeup - Srand Remote Prediction

The remote service ask for a name, if you send more than 64 bytes, a memory leak happens.
The buffer next to the name's is the first random value used to init the srand()

If we get this value, and set our local srand([leaked] ^ [luckyNumber]) we will be able to predict the following randoms and win the game, but we have to see few details more ;)

The function used to read the input until the byte \n appears, but also up to 64 bytes, if we trigger this second condition there is not 0x00 and the print shows the random buffer :)

The nickname buffer:



The seed buffer:



So here it is clear, but let's see that the random values are computed with several gpu instructions which are decompiled incorrectly:







We tried to predict the random and aply the gpu divisions without luck :(



There was a missing detail in this predcitor, but there are always other creative ways to do the things.
We use the local software as a predictor, we inject the leaked seed on the local binary of the remote server and got a perfect syncronization, predicting the remote random values:




The process is a bit ugly becouse we combined automated process of leak exctraction and socket interactive mode, with the manual gdb macro.

The macro:

More info

1. Hacking Tools For Windows 7
2. Hacker Techniques Tools And Incident Handling
3. Hacker Tools For Mac
4. Hacking Tools For Windows
5. Hacking Tools Mac
6. Hak5 Tools
7. Hacking Tools For Windows
8. Pentest Recon Tools
9. Pentest Tools Nmap
10. Hacking Tools For Windows 7
11. Hacker Tools For Windows
12. Hacker Tools Mac
13. Android Hack Tools Github
14. Blackhat Hacker Tools
15. Hack Tool Apk
16. Best Hacking Tools 2020
17. New Hack Tools
18. Hacker Tools 2020
19. Hack Tool Apk
20. World No 1 Hacker Software
21. Kik Hack Tools
22. Hacking Tools
23. Hak5 Tools
24. Hacking Tools Github
25. Nsa Hack Tools Download
26. Hacker Tools For Ios
27. Hacker Tools Github
28. Hack Tools Online
29. How To Make Hacking Tools
30. Pentest Tools Download
31. Underground Hacker Sites
32. Pentest Tools List
33. Hack Tool Apk No Root
34. Hacker Tools For Windows
35. Hacker Tools Mac
36. Pentest Tools Find Subdomains
37. Hacker Tools Windows
38. New Hacker Tools
39. Hacker Tools For Pc
40. Game Hacking
41. Black Hat Hacker Tools
42. Tools For Hacker
43. Hack And Tools
44. Pentest Recon Tools
45. Pentest Tools Open Source
46. Pentest Tools For Ubuntu
47. Hack Tools Github
48. Hacker Tool Kit
49. Game Hacking
50. Hacking Apps
51. Hacks And Tools
52. Hacker
53. Hacking Tools For Beginners
54. Hacking Tools Hardware
55. Pentest Tools Review
56. Pentest Tools
57. What Are Hacking Tools
58. Hacking Tools For Beginners
59. Hacker Tools Apk
60. Hacking Tools Windows
61. Hacking Tools Windows 10
62. Pentest Tools Open Source
63. Hacker Tools For Mac
64. Hacking Tools Kit
65. Hacker Tools Apk Download
66. Hack Tool Apk No Root
67. Hack Tools Github
68. Hacking Tools For Windows
69. Pentest Tools For Mac
70. Pentest Tools For Windows
71. Nsa Hacker Tools
72. Hacking Tools For Kali Linux
73. Hacking Tools Hardware
74. Pentest Tools
75. Hacker Tools Online
76. What Is Hacking Tools
77. Hacker Tools List
78. Hacking Tools 2019
79. Hacker Hardware Tools
80. Hacking Tools Kit
81. Hacking App
82. Pentest Tools Website
83. Blackhat Hacker Tools
84. Nsa Hack Tools
85. Hacking Apps
86. Hacking App
87. Pentest Tools Github
88. Pentest Reporting Tools
89. Pentest Tools Linux
90. Pentest Tools Website Vulnerability
91. Hack Website Online Tool
92. Hack Tools Pc
93. New Hack Tools
94. Hacking Tools Usb
95. Best Hacking Tools 2019
96. Hacker Security Tools
97. Hack Website Online Tool
98. Hack Tools For Windows
99. Hak5 Tools
100. Pentest Tools Free