orboditilt

## rop idea.txt
Full ROP explanation!

At the beginning, we predict a address were our payload will be in the end.
We can trick a bit by using a nop slide, but the payload we want execute is statically linked so we need to get rid of the nops.

For this, we build a special payload, it consists of the folllowing parts
1. a bunch of nops to nop slide. Now we just need to have a good enough guess to not hit our real code.
2. the "wiiuhaxx_loader.s". To removes the nops.
3. the size of the "real" payload
4. the real payload.
	Full ROP explanation!

	At the beginning, we predict a address were our payload will be in the end.
	We can trick a bit by using a nop slide, but the payload we want execute is statically linked so we need to get rid of the nops.

	For this, we build a special payload, it consists of the folllowing parts
	1. a bunch of nops to nop slide. Now we just need to have a good enough guess to not hit our real code.
	2. the "wiiuhaxx_loader.s". To removes the nops.
	3. the size of the "real" payload
	4. the real payload.