liba2k suggested that one! You can find here: gist.github.com/liba2k/d522b4f20632c4581af728b286028f8f - I changed the auto-analysis time in mine to 1 second for an extra speed boost 😊
ooooo interesting, did you try this approach? I did something similar for the function_overwrite challenge in the recent pico ctf; the goal was to replace the "hard_checker" function with the "easy_checker" but I just jumped to the middle of the function and skipped the comparisons. In this case, since the "FILE" variable is declared at the beginning of the function, i wouldn't expect it to work 🤔 I may be wrong on that though, interested to know if it works!
@@_CryptoCat No I didn't try, Just wondered if it's possible. I can't see the assembly in the video, but the FILE is just a value on the stack that gets initialized by the fopen function, so you shouldn't need the start of the function to define it.
edit: half my message didn;t show for some reason lol.. i just went back and tried to jump "local_38 = 0" and also the "local_10 = (FILE *)0x0" but they didn't work
![Buffer Overflow (ret2win) with 5 char* Arguments - "Vader" Pwn Challenge [Space Heroes CTF 2022]](/img/logo.svg){kind=logo}
