mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-22 13:15:58 +00:00
31 lines
734 B
Markdown
31 lines
734 B
Markdown
`Taken verbatim from my notebook`
|
|
# Page 1
|
|
```
|
|
Jakarta
|
|
Acquires 0xff username bytes
|
|
-> 3ff2
|
|
Acquires 0x1f - uname_len password bytes
|
|
(1f - uname_len) & 0x1ff
|
|
uname_len = 0x20? 0x21?
|
|
=> passwd_len = 0x1ff
|
|
-> concatenated to username?
|
|
Return value at 401c
|
|
= [username][password][...]
|
|
|
|
before strcpy:
|
|
username -> 2402
|
|
password -> 2402
|
|
concat happens in stack buffer
|
|
Length check happens Byte
|
|
0120 ~= 0x20 <= 0x21
|
|
u_len = (20 or 21)
|
|
p_len = (e0 -> 100)
|
|
|
|
Password
|
|
AA [r11] [ret] [fakeret] [args] [AA...AA]
|
|
|
|
Lesson: Sometimes things are not the data type you think they are
|
|
```
|
|
|
|
`// TODO: What does this mean??`
|