Skip to content

Instantly share code, notes, and snippets.

@awt-256
awt-256 / m1.txt
Last active November 11, 2023 03:07
m1 cache
PAGE_SIZE = 16384
CACHE_LINE_SIZE = 128
Core 1 - Performance
L1D_SIZE = 131072
L1I_SIZE = 196608
L2_SIZE = 12582912
@awt-256
awt-256 / !painter.wasm.md
Last active May 28, 2023 16:01
Solve writeup for tjctf.org's painter wasm challenge.

Overflow over BSS in wasm

This was the only challenge I worked on during this CTF but was able to proudly solve it within 2 hours (admin bot was broken unfortunately so couldn't submit until the next morning). All disassembly was done with diswasm, although the Ghidra WASM plugin is a lot more intuitive for others.

Challenge Summary

The challenge gives a web app with the ability to draw rgb pixels onto the canvas, with 3 layers available. All the colors of each layer are stored on the wasm, and then each frame they are applied back onto the canvas. You are also given the ability to save your canvas art, at which point the client rips R,G,B and A channels of each layer out of the wasm and sends them out to the server. The server then creates a link to it that it sends back to the client. When visitting the link from clientside, the layers are loaded back into the wasm - BUT, there is a dangerous overflow at this point

@awt-256
awt-256 / i-heart-wasm-writeup.md
Created May 1, 2023 01:42
Writeup to UMDCTF 2023's i-heart-wasm challenge

i-heart-wasm

After discovering that the program for i-heart-wasm was basically a recompile of https://rustwasm.github.io/wasm-bindgen/exbuild/webaudio/`, started looking into any "invisible" parts of the binary. Then noticed that there are some custom sections, each with one byte of data - ends up being that the bytes combined = the flag.


parsing library used : https://github.com/wasmkit/wasmkit-node/blob/vBETA-archive/parser.js

const wasmBinary = await fetch("https://i-heart-wasm.chall.lol/pkg/wasm_test_bg.wasm").then(r => r.arrayBuffer());
@awt-256
awt-256 / notetaker.wasm.md
Last active June 8, 2022 22:16
Notetaker Wasm - Intended solvepath writeup

Notetaker Wasm - 350pt pwn

Just another heap notetaker challenge - compiled to wasm.

Hints:

  • Old vulnerabilities can become new in wasm

<This will be a (hopefully) in depth guide through the binary>