| tags:GitS2014 GitS WriteUp
GitS 2014: Unbearable (Pwn Adventure 75)
I have to admin we failed this. Took ages to find the solution. But pretty obvious in the end.
The challenge was to open a chest guarded bei bears. When we try to open the chest a 5:00 minutes countdown start and will be resetted if we move too far away. Also the bears start to attack us. Using infinite-jump we can jump on the chest were they can’t reach us, but if the counter reaches 1:30 the bears get armed with AK47’s and shoot us down in a minute.
The solution here is the wine you can buy in the north park. The wine gives you 10%-15% damage-reduction for 60 seconds. The bug here is that the Player::drinkWine(int damageReduction)
function does not validate the given damageReduction.
I simply patched the GameLogic.dll (using ILSpy to extract the IL assembly, then used ilasm.exe to assemble it again. If anyone knows a better way that editing IL-assembler please please let me know!).
The patch is in Player::DrinkWine()
position IL_0044
. Replace ldarg.1
by ldc.i4.s 100
to get a 100% damage protection.
Now you can go to the chest, open it and simply drink one bottle of wine every 50-60 seconds so you stay invincible until the chest is open.
Flag: The Drunken Master can bear any trial
by ccmndhd and nsr