mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-24 04:56:00 +00:00
451 B
451 B
Taken verbatim from my notebook
Page 1
Bangalore DEP/NX
Passwords 8-16 chars } 0x20 B limit
Takes 0x30 (48) chars }
Strategy: Construct a ROP chain
to turn page 45 executable
NO STRCPY
mark_page_executable @ 44ba
44ba: sub #6, sp
mov #9100, sr
call #0x10
add #0xa, sp
RET
4458: call 0x10
ROP to set stack executable,
Exec to open the lock