pwntools-level-2.3

Objective:

This level requires you to write an assembly code snippet to meet the following condition to bypass the check, and use the asm API from pwntools to compile the assembly code and complete the challenge. The condition for this challenge is:

Modify the value of a specific global data area.(refer to the `trace` method of the `ASMChallenge` class)

In short: We have to Copy 8 bytes from memory address 0x404000 to memory address 0x405000.

Solution Code:

 from pwn import *

context(arch="amd64", os="linux", log_level="debug")

binary = "/challenge/pwntools-tutorials-level2.3"
p = process(binary)
def print_lines(io):
    while True:
        try:
            line = io.recvline()
            success(line.decode().strip())
        except EOFError:
            break

payload = asm("""
    mov rax, [0x404000]
    mov [0x405000], rax
""")
p.sendafter(b"Please give me your assembly in bytes", payload)
print_lines(p)

As this is quite easy then other we just have to copy the value , Here is what happened Above:

mov rax, [0x404000]       ; Read 8 bytes from memory at 0x404000 into register RAX
mov [0x405000], rax       ; Write the 8 bytes from RAX into memory at 0x405000
mov rax, [0x404000]:

Reads the 8-byte value stored at 0x404000 (source).
Loads it into the RAX register.
mov [0x405000], rax:
Takes the value from RAX.
Stores it into 0x405000 (target). BOOM!!