mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-25 14:45:57 +00:00
24 lines
451 B
Markdown
24 lines
451 B
Markdown
|
`Taken verbatim from my notebook`
|
||
|
# Page 1
|
||
|
```
|
||
|
Bangalore DEP/NX
|
||
|
Passwords 8-16 chars } 0x20 B limit
|
||
|
Takes 0x30 (48) chars }
|
||
|
|
||
|
Strategy: Construct a ROP chain
|
||
|
to turn page 45 executable
|
||
|
NO STRCPY
|
||
|
|
||
|
mark_page_executable @ 44ba
|
||
|
44ba: sub #6, sp
|
||
|
mov #9100, sr
|
||
|
call #0x10
|
||
|
add #0xa, sp
|
||
|
RET
|
||
|
|
||
|
4458: call 0x10
|
||
|
|
||
|
ROP to set stack executable,
|
||
|
Exec to open the lock
|
||
|
```
|