Document Addis Ababa

2023-01-21 14:54:00 -05:00 · 2023-01-21 14:54:00 -05:00 · 5f149b34ce
parent a368fe6c55
commit 5f149b34ce
1 changed files with 19 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -286,6 +286,25 @@ And then we use the following passowrd.

 ## Addis Ababa

+This is the first exercise that uses printf to print the password back to the
+user. The printf-function provides a couple of conversion specifiers like `%s`,
+`%x`, `%c` and `%n`.
+
+In this exercise, the value at 0x3a60 must not be zero to unlock the door.
+
+We can use a bug in printf that uses the printf string as the output address of
+`%n` to set 0x3a60 to a non-zero value. If we use `%n` twice, the second `%n`
+will then write `3` (number of characters to this point) into that address.
+
 ```
+     add
+    /
+----
 603a256e61256e
+    ----------
+              \ %na%n
+
 ```
+
+## Novosibirsk
+