Second-year PhD student in the Computer Science Department at Stony Brook University. CTF, Maths enthusiast. A member of the Black Bauhinia (blackb6a) CTF team based in Hong Kong.
A simple-ish demo of a ROP (Return-Oriented Programming), made possible by the wasm port of the Unicorn engine, which is a multi-platform, multi-architecture CPU emulator.
I also made use of Keystone.js and Capstone.js, which are wasm ports of Keystone (which is an assembler framework) and Capstone (which is a disassembler framework).
It should be noted that Unicorn itself only does CPU-level emulation, and thus OS-level stuff like syscall and interrupts are not handled by Unicorn. This means that the logic for those are actually simulated in the javascript level instead of being emulated.
Demo
For this demo, your goal is to call execve("/bin/sh", 0, 0). In particular, by referencing https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/ what you need to do is to invoke syscall with rax=0x3b (execve), have rdi point to a null-terminated string with value "/bin/sh", and have rsi=rdx=0.
Stack
Registers
Functions
Controls
Input
You can change the value of the input by clicking on the bytes.