Last weekend I played DEF CON CTF Quals 2020 with team A*0*E, having so much fun with my teammates and I successfully solved a shellcode challenge called nooopsled. At last 7 teams solved this challenge and you can download the files from OOO’s github repo).

This is a challenge in the format of golf 🏌️‍♂️, you can see the description of this new type of challenge on OOO’s official webpage). For short, we are required to input a shellcode in the length of 1024 bytes, in the architecture of RISC-V64 or arm64. The server will receive our shellcode and start to execute it from the index of 0, 1, 2 …..1024, and record the number of success attempt to read out the flag file. The error threshold start from 1, and increase 1 every 84 seconds. Every team have 8 hours for preparing their shellcode.

今天是来到陌生城市的第66天，隔离起来的第52天，距离原定的复工日期已经18天。
总算等到重回正轨的好消息了。
国外的情况还是很严峻啊，祝福国外的朋友平安顺利。

This time is a challenge from last week’s CTF game organized by XCTF with many Chinese universities. This chanllenge is a linux kernel exploitation designed by SixStar Team. I didn’t finished it during the game, most of the time I spent on searching for objects to refill the size 0x20-0x70, only at very last moment I realize there was a freelist harderned in the kernel. Many teams solved it by unexpected solution because of the deployment mistake, which is unpleasant, but it is still a good challenge.

I learned the solution from Kernoob: kmalloc without SMAP, thanks Kirin! Based on his writeup, I will make some notes about the debugging and details of the bypass.

春节期间学习了v8引擎exploit相关的知识，挑了几道经典题目练手：

• PlaidCTF2018：roll a d8
• *CTF2019：OOB
• GoogleCTF2018: Just-in-time

各路大神的writeup已经足够详细了，这里只记录一下解决v8题目比较关键的知识点。

本来以为去年的春节已经足够不堪了，怎料今年更是难上加难。
第一次在外地过年就遇上疫情爆发的事情，本来计划家人来过年也只能取消了。不过不能出门正好也拥有了大段空闲时间，与其像朋友圈里面的各位花式秀无聊，不如静下心来攻克之前没有完成的一些题目。

This is a challenge from QiangWangBei Finals last year, it’s a RealWorld challenge. Only about 3~4 teams were able to finish it in the game. You can download the challenge files here. The challenge is called VulnTest, it contains some obvious bugs but the difficulty lies in the exploitation. It was compiled with AddressSanitizer(ASAN), which is designed to detect the memory corruption thoroughly, so it could provide extra protection for the program. If a vulnerability is triggered, it can be detected as soon as possible and the program died out.

最近突然有种想法，即便是如今信息爆炸的时代，构造一个人精神世界的主要输入还是通过书籍。就个人体会，电影、剧集、音乐作品似乎都没有书籍来的深刻。今年算得上是精神财富和物质财富都丰收的一年，也亲身体会了一次从量变到质变的进步。物质方面不太方便展示，那就分享一下部分精神财富好了。😃

一

不论你是谁，不论你做什么，当你渴望得到某种东西时，最终一定能够得到，因为这愿望来自宇宙的灵魂。
那就是你在世间的使命。

《牧羊少年奇幻之旅》讲述的是一个叫圣地亚哥的少年因为重复做了奇怪的梦，从此放弃牧羊生活，远赴埃及寻找宝藏的故事。