1 # Copyright 2011 Bernhard Urban <lewurm@gmail.com>
2 # This code is licensed to you under the terms of the GNU GPL, version 2;
3 # see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
5 .section ".start", "ax"
8 # stolen from some savegame found in teh intertube
11 # give the char a name
12 .ascii "you won't see this " # len = 0x14
14 # smash it \o/ 0x1f0+0x4 bytes all in all...
15 .fill (0xf4/4), 4, 0x11111111
17 # unlock the character (somewhere here actually...)
18 .fill (0x10/4), 4, 0x90c10104
21 .fill (0xdc/4), 4, 0x11111111
23 # now we at the actual vuln return address
24 # just point to the loader of the loader (= content of exploit.s)
27 # alternatively you can put the code here too and jump into the stack,
28 # however then you have to take care for nullbytes in the resulting
29 # bytecode, which is a way too tedious. so we just take the further slot for
30 # it :-) (LEGO devs are nice ppl, heh)
32 .fill 0x10000 - (. - 0b)