CodeJitsu targetted DeepRed running NRFIN_00052 in round 83.


Type 2 POV

Reading from protected address: 0x4347c000

0x804a9bc : int 128

Tracing data from eip: 0x804a9bc tracing source of register: ecx (value: 0x4347c000)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x804a9b0 : mov ecx,dword ptr [esp+0x18]
0x804a9bc: int 128 // address: ecx value: 0x4347c000

Execution control corruption via return (return to: 0x8060e24).

Tracing data from eip: 0x804aa8d tracing source of memory: 0x8060e24 (value: 0x804a9a3)

0x804a9de : receive syscall (return)
0x8049368 : mov dl,byte ptr [eax+ecx]
0x8049371 : mov byte ptr [eax+ecx],dl
0x804aa74 : mov ecx,dword ptr [edx]
0x804aa8a : mov dword ptr [esp],ecx
0x804aa8d: ret // address: 0x8060e24 value: 0x804a9a3

Curated by Lunge Technology, LLC. Questions or comments? Send us email