/..

#CONTENT

#TOP

chal
3 MiB2024-04-10 03:03
exploit
2 KiB2024-04-10 03:03
dist.tar.xz
933 KiB2024-04-10 03:03
README.mdx
623 bytes2024-04-10 03:03

#baby-bear-blockchain

Don't you love it when people take perfectly functional rust projects and rewrite them in c?

nc chal.amt.rs 1340

unvariant <-     author pwn <-   category 495 <-     points 2 <-     solves hard <- difficulty

#solution

Relies on a few bugs I found in the firedancer flamenco vm:

  1. address checks can be bypassed using a negative length
  2. out of bounds access of the registers array into the log buffer
  3. out of bounds jump using the CALL_REG instruction

#unintendeds

Nobody solved using an unintended yay.