Document Addis Ababa
This commit is contained in:
19
README.md
19
README.md
@@ -286,6 +286,25 @@ And then we use the following passowrd.
|
|||||||
|
|
||||||
## Addis Ababa
|
## Addis Ababa
|
||||||
|
|
||||||
|
This is the first exercise that uses printf to print the password back to the
|
||||||
|
user. The printf-function provides a couple of conversion specifiers like `%s`,
|
||||||
|
`%x`, `%c` and `%n`.
|
||||||
|
|
||||||
|
In this exercise, the value at 0x3a60 must not be zero to unlock the door.
|
||||||
|
|
||||||
|
We can use a bug in printf that uses the printf string as the output address of
|
||||||
|
`%n` to set 0x3a60 to a non-zero value. If we use `%n` twice, the second `%n`
|
||||||
|
will then write `3` (number of characters to this point) into that address.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
add
|
||||||
|
/
|
||||||
|
----
|
||||||
603a256e61256e
|
603a256e61256e
|
||||||
|
----------
|
||||||
|
\ %na%n
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Novosibirsk
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user