• Dumping the Amlogic A113X Bootrom

    In this post we will exploit a memory corruption issue in AMLogic El3 code that is used by various consumer devices like the Sonos One (2nd generation) and the Lenovo Smart Clock. The goal is to get a copy of the OTP/eFUSE data and dump out the code for the application processor BootROM.

  • Exploiting CVE-2021-43267

    Exploiting a heap overflow in the TIPC subsystem of the Linux kernel. In this post we’ll exploit a N-day vulnerability (CVE-2021-43267) originally discovered by Max van Amerongen.

  • Numeric Shellcode

    Generating numeric-only shellcode for Linux/x86. Is it possible? Alphanumeric x86 shellcode is a well-studied and documented subject. But what about only using ascii number characters (0x30-0x39)? Let’s find out!