Reverse Engineering Asked by alpico on December 29, 2020
I have found a stack buffer overflow.
Currently this is the situation:
I am able to override the return address and jump to PLT sections.
My problem is that I can only copy data until the return address because of the null byte, therefore I can not jump to my shellcode in the stack. The binary starts in 0x00090000 so it is a problem to perform ROP gadget since I can copy only one address until the return address.
Also, my binary contains a call to system that I can jump to, but in this case I need to put the address of the string argument in R0, but this is not possible due to the ASLR. I am also able to override 4 registers.
Does anyone have an idea how to bypass the ASLR here without leaking an address? Current architecture: ARM
Perhaps my friend's tool can help you, it calculates addresses at runtime.
Answered by mimak on December 29, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP