[CTF write up] HITCON CTF 2023 qual - Full Chain - Wall Maria : VM escape on Qemu with Sandbox option enabled

#include "hw/hw.h" #include "hw/pci/msi.h" #include "hw/pci/pci.h" #include "qapi/visitor.h" #include "qemu/main-loop.h" #include "qemu/module.h" #include "qemu/osdep.h" #include "qom/object.h" #define TYPE_PCI_MARIA_DEVICE "maria" #define MARIA_MMIO_SIZE 0x10000 #define BUFF_SIZE 0x2000 typedef struct { PCIDevice pdev; struct { uint64_t src; uint8_t off; } state; char buff[BUFF_SIZE]; MemoryReg..

2023.09.12