`Taken verbatim from my notebook`
# Page 1
```
Algiers     d.01
    "LockIT Pro Account Manager"
    Tentative TODO:
        Authorizer? How to auth user
    Interfaces with HSM1

    I can overflow heap objects
    uname&pass 0x30 long
              >0x10 overflows
    Can I craft a fake heap object?
        username -> overwrite pass blk header?
        password -> ???

    Hypothesis: arb write in free()
    Username
        passwordpassword[addr]
                        "d E "?
    4398:
      0000 4044 0000 ....   Unguarded
    in free:                free() is arb
      r15 = &this_block     write~!
      r14 = &prev_block
      r13 = {size:15,final:1}
      r12 = {prev_size:5,final:1}
      if prev is final:
        skip last-block steps
      else last-block steps
```