Phoenix ARM Stack One

Stack one

Stack one is very similar to stack zero with a buffer overflow, however the objective is to insert a certain value into locales.changeme. We see in the source code that the new comparrison for locals.changeme is for the value 0x496c5962.

img

We can decode this hex value to be IlYb. Since ARM is little-endian, when we try to set the value here, we will need to reverse the string as when the value will be read, it will be interpreted in reverse order.

img

And we get success.

img