3mpty schrieb: > Another problem is that AFAIK the stack on the ARM architecture is > marked by default as non executable. So if this is a stack overflow it > is even more difficult to exploit. Depends on some configuration bits... We can at least try.
Memos from IRC today: the whole note exploit is [FF][FE][3C][00][61][00][20][00][68][00][72][00][65][00][66][00][3D][00][22][00], then 200 times the guessed address, then 512 nops, then the shellcode, then [22][00][3E][00][61][00][3C][00][2F][00][61][00][3E][00] NOP is [08][80][A0][E1] We need to OR PSR with 0x000000c0 to disable interrupts And writing 0x000000A5 to 0x3C800000 should kill the watchdog Endless loop should be [FE][FF][FF][EA] Target address range is 0x22000000 to 0x2203fff (SRAM) The ARM docs are at http://www.arm.com/miscPDFs/14128.pdf _______________________________________________ Linux4nano-dev mailing list [email protected] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
