I make pwn videos.
We will find the player's coordinates and also find the camera's position. This should help us to create a proper fly hack!
In this post we will look at time splitters used by speedrunners and how it's related to game hacking.
We achieve arbitrary read/write in the JavaScriptCore of WebKit
Setting the foundation for an arbitrary read/write (and re-implementing addrof and fakeobj).
Simple buffer overflow speedrun challenge, exploited with a ROP chain generated by Ropper. And analyse the timeline.
In this video we turn the bug used in addrof() to corrupt the memory of internal JavaScriptCore Objects which can help us to compromise the engine.
We finally look at the actual exploit code! We start with the addrof() primitive, which can leak the address of a JavaScript object in memory.
Looking at the WebKit JIT compiler - the part that converts JavaScript bytecode to machine code.
We are going to try out Linus's exploit and setup a vulnerable WebKit version including debug symbols.