전체 글
-
TLSv00 - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 12. 03:53
Prob Info int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { signed int v3; // eax signed int v4; // ST0C_4 setup(*(_QWORD *)&argc, argv, envp); puts("Muahaha you thought I would never make a crypto chal?"); generate_key(0x3F); while ( 1 ) { while ( 1 ) { while ( 1 ) { print_menu(); printf("> "); v3 = read_int32(); if ( v3 != 2 ) break; load_flag(); } if ( v3 > 2 ) bre..
-
Free Spirit - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 12. 02:46
Prob Info int __cdecl main(int argc, const char **argv, const char **envp) { char *v3; // rdi signed __int64 i; // rcx int v5; // eax char v7[8]; // [rsp+8h] [rbp-60h] char *buf; // [rsp+10h] [rbp-58h] char nptr[48]; // [rsp+18h] [rbp-50h] unsigned __int64 v10; // [rsp+48h] [rbp-20h] v10 = __readfsqword(0x28u); setup(); buf = (char *)malloc(0x40uLL); while ( 1 ) { while ( 1 ) { _printf_chk(1LL, ..
-
two targets - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 12. 00:10
두가지 방법으로 풀 수 있게 만든 문제이다. int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { char *v3; // rsi const char *v4; // rdi int v5; // eax char s; // [rsp+10h] [rbp-40h] __int64 v7; // [rsp+30h] [rbp-20h] char *v8; // [rsp+40h] [rbp-10h] unsigned __int64 v9; // [rsp+48h] [rbp-8h] v9 = __readfsqword(0x28u); setup(*(_QWORD *)&argc, argv, envp); v3 = 0LL; v4 = &s; memset(&s, 0, 0..
-
xor - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 11. 23:45
int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { int v3; // [rsp+Ch] [rbp-24h] __int64 v4; // [rsp+10h] [rbp-20h] __int64 v5; // [rsp+18h] [rbp-18h] __int64 v6; // [rsp+20h] [rbp-10h] unsigned __int64 v7; // [rsp+28h] [rbp-8h] v7 = __readfsqword(0x28u); puts("The Poopolator"); setup("The Poopolator", argv); while ( 1 ) { v6 = 0LL; printf(format); v3 = _isoc99_scanf("..
-
note - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 11. 23:29
Prob Info int __cdecl main(int argc, const char **argv, const char **envp) { const char *v3; // rdi int v4; // eax setup(); v3 = "Note taking 101."; puts("Note taking 101."); while ( 1 ) { while ( 1 ) { while ( 1 ) { print_menu(); v4 = read_int32(v3); if ( v4 != 1 ) break; edit_note(); } if ( v4 != 2 ) break; edit_desc(); } if ( !v4 ) break; v3 = "Invalid"; puts("Invalid"); } return 0; } void ed..
-
GrownUp - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 11. 23:13
Prob Info int __cdecl main(int argc, const char **argv, const char **envp) { char *src; // ST08_8 __int64 buf; // [rsp+10h] [rbp-20h] __int64 v6; // [rsp+18h] [rbp-18h] unsigned __int64 v7; // [rsp+28h] [rbp-8h] v7 = __readfsqword(0x28u); setup(); buf = 0LL; v6 = 0LL; printf("Are you 18 years or older? [y/N]: ", argv); *((_BYTE *)&buf + (signed int)((unsigned __int64)read(0, &buf, 0x10uLL) - 1))..
-
misalignment - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 11. 22:04
Prob Info int __cdecl main(int argc, const char **argv, const char **envp) { char s; // [rsp+10h] [rbp-A0h] _QWORD v5[3]; // [rsp+18h] [rbp-98h] __int64 v6; // [rsp+30h] [rbp-80h] __int64 v7; // [rsp+38h] [rbp-78h] __int64 v8; // [rsp+40h] [rbp-70h] unsigned __int64 v9; // [rsp+A8h] [rbp-8h] v9 = __readfsqword(0x28u); setup(*(_QWORD *)&argc, argv, envp); memset(&s, 0, 0x98uLL); *(_QWORD *)((char..
-
add - pwnable.xyzWrite-ups/pwnable.xyz 2020. 2. 11. 21:52
dProb Info int __cdecl main(int argc, const char **argv, const char **envp) { int result; // eax __int64 v4; // [rsp+8h] [rbp-78h] __int64 v5; // [rsp+10h] [rbp-70h] __int64 v6; // [rsp+18h] [rbp-68h] __int64 v7[11]; // [rsp+20h] [rbp-60h] unsigned __int64 v8; // [rsp+78h] [rbp-8h] v8 = __readfsqword(0x28u); setup(*(_QWORD *)&argc, argv, envp); while ( 1 ) { v4 = 0LL; v5 = 0LL; v6 = 0LL; memset(..