Skip to content

Precision

Precision (easy)

Positions of "win" and "lose" variables is given in the debug output \ Sending 109-112 bytes works

Precision (hard)

  1. In gdb, disas challenge, we get to know:

    • win is at rbp-0x14 = rbp-20
    • lose is at rbp-0x10 = rbp-16

  2. Set a breakpoint b *challenge+154, run and give a long string of a's as input

  3. info frame -> rbp is at 0x7ffcf5793e40
  4. x/100xg $rbp-200 -> input buffer starts at 0x7ffcf5793e00, which is rbp-0x40 = rbp-64
  5. Giving 44-48 a's as input works