리버싱 공부하려고 처음으로 제대로 푼 리버싱 문제다. ida로 까보면 함수가 매우 여러게 있고 함수당 어셈블리가 들어있다. 별로 길지 않아서 하나씩 확인해서 로직을 분석하면 된다. array1 = [246, 0, 58, 0, 217, 0, 173, 0, 210, 0, 224, 0, 7, 0, 116, 0, 199, 0, 18, 0, 117, 0, 160, 0, 27, 0, 191, 0, 158, 0, 238, 0, 243, 0, 211, 0, 116, 0, 147, 0, 195, 0, 39, 0, 185, 0, 154, 0, 181, 0, 215, 0, 33, 0, 184, 0, 231, 0, 42, 0, 78, 0, 65, 0, 137, 0, 188, 0, 52, 0, 136, 0, 154, 0, 23..

fn compile(bytecode: &[u8], data_memory: &memory::Memory) -> Result { let mut function_table = HashMap::new(); function_table.insert("deoptimize".to_string(), 0xdeadbeef); let pl1 = bytecode::TranslationUnit::new(bytecode)?; println!("[main::compile] pl1 = `{}`", pl1 ); let pl2 = vasm::TranslationUnit::new(&pl1, &data_memory, &function_table)?; println!("[main::compile] pl2 = `{}`", pl2 ); let p..

from pwn import * context.log_level = 'debug' def command_create(size,content): p.sendline(b'1') time.sleep(1) p.sendline(str(size).encode()) time.sleep(1) p.send(content) time.sleep(1) def command_show(index): p.sendline(b'2') time.sleep(1) p.sendline(str(index).encode()) time.sleep(1) def command_edit(index,content): p.sendline(b'3') time.sleep(1) p.sendline(str(index).encode()) time.sleep(1) ..

from pwn import * def up(): p.send(b'w') def down(): p.send(b's') def go(): p.send(b'\n') def esc(): p.send(b'\x1b') def drop(): p.send(b'd') def move(): p.send(b'm') def exploit(): go(); for i in range(0,231): down(); go(); down(); go(); esc(); go(); down(); go(); down(); go(); esc(); go(); down(); go(); down(); go(); esc(); down(); down(); go(); go(); # secret gift down(); go(); drop(); go(); ..