Not So Random

Recommendations

Info

Untwister Brute Force Algorithm 101 5. For each PRNG, generate output, checking against your known good input: uint32_t matchesFound = 0; for(uint32_t index = 0; index < m_depth; index++) { uint32_t nextRand = generator->random(); uint32_t observed = m_observedOutputs->at(matchesFound); if(observed == nextRand) { matchesFound++; if(matchesFound == m_observedOutputs->size()) { break; // This seed is a winner if we get to the end } } Not So Random
Untwister Brute Force Algorithm 101 5. For each PRNG, generate output, checking against your known good input: uint32_t matchesFound = 0; for(uint32_t index = 0; index < m_depth; index++) { uint32_t nextRand = generator->random(); uint32_t observed = m_observedOutputs->at(matchesFound); if(observed == nextRand) { matchesFound++; if(matchesFound == m_observedOutputs->size()) { break; // This seed is a winner if we get to the end } } Not So Random
Page 1 and 2:
Not So Random Exploiting Unsafe Ran
Page 3 and 4: Talk Overview 1. Theory: • Why?
Page 5 and 6: Why do we need random numbers? •
Page 7 and 8: Random numbers in Web Applications
Page 9 and 10: Concept of Randomness • define: r
Page 11 and 12: PRNG PRNG r = random.Random() Not S
Page 13 and 14: PRNG 16768642083820545282 323536147
Page 15 and 16: PRNG PRNG 16768642083820545282 3235
Page 17 and 18: PRNG Seeds, States and Periods 1. S
Page 19 and 20: PRNG Seeds and States Seed (/dev/ur
Page 31 and 32: CSPRNG vs PRNG 1. Non-Deterministic
Page 33 and 34: Language Examples Language Method P
Page 35 and 36: Internals Glance public Random(int
Page 37 and 38: Exploitation Theory • Want to obt
Page 39 and 40: Exploitation Theory Target PRNG Out
Page 41 and 42: Exploitation Theory Target PRNG Out
Page 43 and 44: Exploitation Theory Target PRNG Obt
Page 45 and 46: Exploitation Theory Our PRNG Obtain
Page 47 and 48: Untwister Brute Force Algorithm 101
Page 53: Untwister Brute Force Algorithm 101
Page 65 and 66: Demos 1. Brute Force • PHP mt_ran
Page 67 and 68: Overview - Brute Force 1. Generate
Page 73 and 74: Brute Force - Source class ResetPas
Page 75 and 76: PHP mt_rand()- Exploitation • Rec
Page 77 and 78: PHP mt_rand()- Exploitation • Tar
Page 79 and 80: PHP mt_rand()- Exploitation Theory
Page 81 and 82: PHP mt_rand() - Untwister uint32_t
Page 83 and 84: PHP mt_rand()- Exploitation root@ka
Page 85 and 86: PHP mt_rand()- Exploitation class R
Page 87 and 88: 5. Generate a number of tokens usin
Page 89 and 90: 6. Attempt tokens against applicati
Page 91 and 92: PHP mt_rand()- Exploitation “To r
Page 93 and 94: Demos 1. Brute Force • PHP mt_ran
Page 95 and 96: Overview - Brute Force Bounded Call
Page 101 and 102: Brute Force Bounded Call - Source c
Page 103 and 104: PHP mt_rand(0,61)- Exploitation •
Page 105 and 106:
PHP mt_rand(0,61)- Exploitation •
Page 107 and 108:
Exploitation Theory Target PRNG Obt
Page 109 and 110:
PHP mt_rand(0,61)- Decoder #!/usr/b
Page 111 and 112:
PHP mt_rand(0,61)- Exploitation # p
Page 113 and 114:
PHP Bounded mt_rand() Constructor
Page 115 and 116:
PHP Bounded mt_rand() - Patched Unt
Page 117 and 118:
PHP mt_rand(0,61)- Exploitation roo
Page 119 and 120:
4. Seed new PRNG with obtained seed
Page 121 and 122:
PHP mt_rand(0,61)- Exploitation
Page 123 and 124:
PHP mt_rand(0,61)- Exploitation # p
Page 125 and 126:
PHP mt_rand(0,61)- Exploitation Not
Page 127 and 128:
Exploitation Theory Our PRNG Obtain
Page 129 and 130:
Overview - Weak Seeds 1. Generate a
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Weak Seeds - Source public class Re
Page 137 and 138:
.NET System.Random() Constructor
Page 139 and 140:
.NET System.Random()- Exploitation
Page 141 and 142:
Page 143 and 144:
Exploitation Theory Observed PRNG O
Page 145 and 146:
System.Random() Constructor • .NE
Page 147 and 148:
System.Random() Untwister Patch int
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
5. Attempt tokens against applicati
Page 161 and 162:
Exploitation Theory Observed PRNG O
Page 163 and 164:
Practical Exploitation - Tips • L
Page 165 and 166:
Mitigations Need a truly random num
Page 167 and 168:
Developers, Developers, Developers
Page 169 and 170:
Links / Further Reading • https:/
show all

Not So Random

Create successful ePaper yourself

Delete template?

Save as template?