| tags:GitS2014 GitS WriteUp
GitS 2014: Rabbit of Caerbannog (Pwn Adventure 75)
This is a nice reference to Monty Python and the Holy Grail :D
We need to kill the cute little (but deadly) rabbit by using a “Holy Handgrenade”. When you take a look into the GameLogic you’ll see the handgrenade is the only weapon that can deal damage to the rabbit, so don’t try to shoot it.
Unfortunately the only way to get such a grenade is by buying them with “Gears” in the Gear-menu. But we have no Gears, Shame. The solution is to patch the GameLogic to allow us negative purchases. The amount of stuff we buy is only checked client-side, so after patching the validation we are able to buy -1 Bag of Gold (usually substracts 99 gears and adds 200 gold, but in this case substracts 200 gold and adds 99 gears, enough for the handgrenade). Using this handgrenade we can kill the rabbit and get the flag.
Patch:
GameServerConnection::IAPPurchae(): IL_0029
change bge IL_005f
to ble IL_005f
(only allows negative purchases now, need to be reverted to buy the grenade afterwards)
<IAPPurchase>c__AnonyStorey18::m__21(): IL_018c
remove/comment out the ret
. The class is a method-callback within the ClientHandler
These patches should be enough. Flag: Thy_foe_b31ng_n4ugthy_1n_My_s1gh_t_shall_snuff_it
by ccmndhd and nsr