mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-22 18:56:01 +00:00
24 lines
451 B
Markdown
24 lines
451 B
Markdown
`Taken verbatim from my notebook`
|
|
# Page 1
|
|
```
|
|
Bangalore DEP/NX
|
|
Passwords 8-16 chars } 0x20 B limit
|
|
Takes 0x30 (48) chars }
|
|
|
|
Strategy: Construct a ROP chain
|
|
to turn page 45 executable
|
|
NO STRCPY
|
|
|
|
mark_page_executable @ 44ba
|
|
44ba: sub #6, sp
|
|
mov #9100, sr
|
|
call #0x10
|
|
add #0xa, sp
|
|
RET
|
|
|
|
4458: call 0x10
|
|
|
|
ROP to set stack executable,
|
|
Exec to open the lock
|
|
```
|