Setting the foundation for an arbitrary read/write (and re-implementing addrof and fakeobj).
Simple buffer overflow speedrun challenge, exploited with a ROP chain generated by Ropper. And analyse the timeline.
We go over the boxed vs. unboxed values, how to convert addresses to doubles and why our bug is a memory corruption.
We are going to try out Linus's exploit and setup a vulnerable WebKit version including debug symbols.