From 18d2c8c2bead8881538a17976762d934dd4f1e24 Mon Sep 17 00:00:00 2001
From: THEON-1 <git@theon-1.de>
Date: Thu, 4 Dec 2025 11:53:21 +0100
Subject: [PATCH] Pie Time

---
 pie_time/.gdb_history |  14 ++++++++++++
 pie_time/notes.md     |   3 +++
 pie_time/vuln         | Bin 0 -> 17264 bytes
 pie_time/vuln.c       |  49 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+)
 create mode 100644 pie_time/.gdb_history
 create mode 100644 pie_time/notes.md
 create mode 100644 pie_time/vuln
 create mode 100644 pie_time/vuln.c

diff --git a/pie_time/.gdb_history b/pie_time/.gdb_history
new file mode 100644
index 0000000..3e6f92d
--- /dev/null
+++ b/pie_time/.gdb_history
@@ -0,0 +1,14 @@
+exit
+exit
+help
+data 
+help data
+list main
+file vuln
+list main
+exec vuln
+exec-file vuln
+list main
+file vuln
+list main
+exit
diff --git a/pie_time/notes.md b/pie_time/notes.md
new file mode 100644
index 0000000..ef4601d
--- /dev/null
+++ b/pie_time/notes.md
@@ -0,0 +1,3 @@
+- objdump to find adress of main() and win()
+- calculate final adress main_address - main_offset + win_offset
+
diff --git a/pie_time/vuln b/pie_time/vuln
new file mode 100644
index 0000000000000000000000000000000000000000..986868dd8614e82fde17fda8fc381a16b0c83761
GIT binary patch
literal 17264
zcmeHOZ*UvM6<=9#;y^4bBq2@$<e+56fmpGP9g=`SvaRF{&VRdvLUNU*lO>QPM>-Li
z0cys;pa}-^p>002B{0*H8Tu!kwlkqKB~Ak&FrkxtC<CRPnzkA2Hc1@^irbQ0-`m@F
zzB@|;)AFra&)wVidw+KK?cHkExBHD?$A&VOi&1j3I~Z~Y<{OA#2oBvQGC=%nEvtn4
za&{e?4g4&Q8FIftKx(A-%Ivg4;BKI3SB;qh^cn+ZM5%^I(XLoJBnlwPyoM&)m19=$
zPWnyZlqku~@+35dB=NgRw~F==wc259Vzq{Ttl3Tv3cJICk{z;WmlJk5VMlZVD+Gxs
z#S^QK*IE%zCzU{kN#b|LoOU~fos+f+eWF+frX6Rr$bVDbR$=#ZiMwG=+G)UyD3!Mj
z>@Y50G*LHi7v&Y}hy5b{L`8Vn>O{PIP2=iBq&5*xW^=W<wQFkEH2N|rUjwfK)(gwP
zXKLf-E(UH!5EEhKeX&sRC}-)w9m~Epd%^WD1h);HEB`EZU+fC<fn{<Xp-+zlu;`bU
zgE~h0A7{+vrN@QUT>H#5r`6x|qHdwo0^n5z1V08$DuAy7tdRchB6xif{H`MSwj%f=
zMer3x@V5b%;BqDnfI{`hzAA)YT?D_f2>w3c5?s!74*>JoQs(s=5_-Q>U~e!W`yHOI
zFg{Len3{`gESl<5lT1<KnN)b)IwcbhC8I18?@5LdtS_r&K$Ou!;Rls)>_H_OigPp^
z3#D0KI-b;`EZU=LVV2P%sVsO4CsG*|Y{I#a5{-kC_`@p8sM<r_*(ktRIQmO#N^dBh
zWE(r$TUwO{->qh@(abgYnwZkwxk-trX|*Sw(bRP3rq)C%sdk3C6Ie)3Zz?IgDTZo6
zMQA@h&1LZC=6B2){46u)0+|a?dVd$k<CQqFJu9$<oOiSRg3m6E&qW_E0gs8sS&ILF
z==44@juP${c!i&vnd2ex@7-zO_|9Q1DUDii@`bW73w{MD1D&woRTg~8f{UM8E~V!O
z#}$eJ3I>G!9LQsQC_Qb#Y3xDSumz_v6!HBQ9Lu0|z=B)H*@G4w%cgY5f<p(G>97UI
zcZkx61)oPC&=VFMI@(O9EV#!+OPNvxN)aeUpcH{p1WFP3G9qxX>bif)gJ&z`edX`3
zW=wu^L@U!z$%C&~9OLfwrn>;1)K}aMq-r@s{TNCn$3N6{eVFq&A(<RMZSpu_njAlB
z@;EV>9RI1w<Ah{#{6&+;iOA&m^CpiIkje4KO&%v6ljD0#9w%Ot;~|sB3CQI5Hj~E*
z*yMPCc&L3PuYDWi^#}e*AGT(if7HQe9el5YR~`H=2jAu3H#zvAgKu{5O;*1CTzmfX
zZaM!adGIe2TRS_3%8x^Y<)O+goHS=4{`#V;z~tj$d8m0EWaOdp1|;jIv_;Uh=i$Ez
z*tK)@(W>PG5FK_*P|%;t^_$9&th_AeC*-5&@05>Dxn<XJ`SfLNAvkzLIH=G^qdab8
zkNrQ;{0@j&_U0~mu=yp-%K0<eJb7R94}cl#zpU$H5$KHL<=+S1wF_*`^3i^LF9<Qy
z1$I!OzDlqPgVhnN>DV~rOzGfRFKB3}5dd5sYT5&NfD#CO521W;N*;W4ie;|`csIg}
zO<&(dg?*rqf0Nrk9sKlfORHWBehU1Dm!@SaKo4XCkAA9WM~~q1H1=zY_+7{kzje$~
zD=8xHo3)~bw>>yjKLQoI30ido=fGnhantexu(*B|c=k(tL0-cg*5iGY4mJG*)S<#h
zV0L^MMPtu%y!mYt7~nu~OwJz%#ZePK%-s`y(!{r#cyIz5J)xiCj^%w_QxW-=g}k;}
z`PdRrd&}CNfqOcJn(to8Sm3Me`F8_d?fFjvoq_ykUGh-v?EvrSSa}J@jIksChAJPu
z<kptge;}Txj{Iat{(M{hqkz8fkMiI#m%Q!|*}vj=a^J4N{efM9-2vrTH0rBb{scCX
zzmGW5U?}-GWR5&sT)LGaP>Mh)0;LF)B2bDzDFUSklp;`yz?T>Sm-xD|L+y!%vI$Mv
z5)Nn6X*IG+iYLP<$b~g26p5tOOvcCVO=YFMspR!6&7z4=k59{KtTmKOrZfq^UrEt;
z0#?QWLtRQmCH%UyURu#-ei8{L;ro%K#Z+=CX({P}Y;PaXRg#*Mn(vV6a`g?jG&Zf5
z*os6B%S=OE;3F6~O60(kYnl7Dtq=oT_9y<X>$s9wHKFT21bREr*MXh|ngIIS3%dS$
zpcjEo0nJb9dNr(<@4u+)w*x&1^a-H&trnB(;qA<o^SYMJn^Q3?aNL8C1Ap*81jgFt
z@Xs<gLbegE(et`K0+e~Y8$8u_Rb9EaVu0Pbbp1`Y+;{`R==XlOa!^m}_Z-AExcUG;
z1e8)WWS)WR0+e?hf<ce>sj}8e{FeyU;~-oYLG~@6rmSoTYHNI#JOOYV+IrF^KgQ(<
zwZU~3u4;$_ew$<)Jl^NZ+CA0Jx`Q5RXjafu^Gtc0r|zlQvS;n!oQ)oT(z7<;sS9{&
zT0ByVr@F=CZShp_Z&QsBA3yl9en&!=rBsSQDFUSklp;`yKq&&H2$UjFiopMS1ZW=`
z?K^|1Gfzb4QGmoE0X|#t^fWFMAT2S7xxa0h;9=U&(^5fcpBt_fFp>O|%X$j=17edH
z&DnDzLwmkX2stg-E}{`6+RKIO6HJQ?V%~)ri-~<(_=O8og=nB?2BSS>iw!Y5C;-Aw
ziHcCY-xGSc*26^Q^R*H1qz7N3c>AC@4#D?3&JPQJ@Ntdg+z%|FIG+&me+r)3!Ii$m
z8|~kAx~voZ?H6>bpkEiXPtXBDhXp+#=pjKz1U)6Fvz*W4EBuDW#@5#LQcYKPHmPN$
zb-qSlU2T1qbM=ok)cNWfeGMxO{PR5GUTBxOzu&5jyFY1vx*c~j+JA1xXR${Lbc`Ez
zU(@q!*PqSkIkw|-7(MTHyn@klV8`b&dVcKq6^x!!JAS44Jlk=2y9@M-8%|M31#u4>
zEr?gKiGsM-Jg;FdcRr)>!;Zt|SILSPc{f{N?#H)E-SA(GitDWi=`S+JBdgTSu4Xh2
z+404!(0ky9x0=QcyFQG1ek)?+-IjgUR;ioOs5p({@H2~D(5De2hvRJ-bjm5~=3Br#
z0%u}>u%XQuHXrqA{3iTX$he?B)qVrP@-S_H%T*u_y?~=1`aM8hO#N`VU{t03%N&H;
zez*$NzgW9o;C>de4*uUK@?y|JetyJ7i)Qo}?oM#Anf>*q(0A7JcO0Mj{G8){X7=x9
z_<<;6Gv5n0H0&yjkNCl$->C&0=Y`mAHGoSt#9-P0FSH+joa@hgu66?M=yLAp0l>ZR
z>r4Bxsi-|g^eYiBoB7^7Sw#QEBKR+g;3taU9|4Z_biOYibA2z%i^kFKW;w*aP<xjE
zE>R;bv<C3`WlI?SPLQYxar7jNW(h$X_Ydb(L_ewm?-cmUqHz9yOpv__mlxh6$uATI
zIVb8*=h0RRd?)xpeXm15BK$WmFceP;{W!-3V<C?f!JjXJzfuJM72p^jXMNrRT(Xo$
z**^n*12I+_PHP!03p-@OZ2G{3qV+0pq$8=~Igm(7=}DxzLkT6KrP3KCl+Cels<$tp
zYHGx{wr)**VI@2W5?4a$bf{lZlUll;Mbn{PRf%MKd;7t}!YQDs*;F6OCX!GkMcJ@D
zuqmhnH@7Kp*2AtBVM^P*n**ELTkR5l&;%ej<D>*-;X!WO&XkQETUr7g%9afqb_6?>
z&Ol2?5WVu_Dd9|(*BFn#;6WF^pH8WK-iZ|B5R6?P&(PQrMU8~CkT@#i5IN4;OiLTZ
zahqubE5py;*r6F`Y@A{&+&DA?=W>j1FG?(wj3m^wIQQeUuphHgBAJvhfHOB+z*Quk
zRI(WrdSN<%*pF;4obXYU?o39M$B+Do!$9^z_$eeiWIvKLExVPUTbky1rzmhTh@K5R
zGF0#!ko{DW-2?Mw`g^rdH&88Y&=}?5n3J0BV?OxWr22Z2SzlioK02kfehbu{jl+?>
zctk*fmiAgL)Wf)XER=~cU!*??MHo~|8<L0AbS9ok+8707X*Cf-1Ci@XXw1hW>VvGW
zCj~5KGHRIlG!?#u`S2A3?G%5sd}>U*RIvznBhK()yj_L`<)NrhZycN%=Fnrz2XA&S
zysg$D;(y8G3<-u*`0X`PwU}2ErFEkab6v_K{R&*TRwH|w#}k!6W=*s{BWw+1toA!a
z`9$%%nl;hy31RJ!vD(wRfT%=@f;#Q-oZdfRtw;5z^#jowVJDV_=K7M{h9HA$VX~)n
z2GK(pTu4|)%u@Sl-5LiBn@sk!9wAEWZBXG!xFeSBfgG-7$)46NL@9n$f6^oR7}(?5
zn0Q*>5cP|aob?wl8-fhRl<a98M3mO+RKBzQ-xl^Q!Xd5yiPHZI&>myvw0{vWj0yRN
zNq~_Ab*=!M{r??@y(H|2jtF-|9PZi64*OA|K$P^0*&lM)(|V35%B_j~5yg3uwf!_N
zB6@~8MmQlm@`+ojt@gA&Bw9&|f;!{(hOjq_k%Xe4KNBnw>ObP&fee;U_QlSBlfJY3
z4;=QiE+s0Xb4zlTe+Fc@#uLMix!$7l;ZA+xiCzHPDvLd>bNgxmghYA<H_a1%2?Y4;
zQu(wVrt|)Et{>k&Ok_v>_zGayM6#!Kb4*N(alL3wWKVQ97+dX`Uuf4El*%C=WJmlw
zFh-2Zr}?h;3);^Y<qLIk%gFv_6EQMaS4>t)&yFE6?tbBLs|eh+0K<U>Gk!Gw;{Oq;
i?uMmtAI60|B;Dbh$~C08)+ucN+<HS}sl&j*vi|_H8B!ep

literal 0
HcmV?d00001

diff --git a/pie_time/vuln.c b/pie_time/vuln.c
new file mode 100644
index 0000000..eefc0ad
--- /dev/null
+++ b/pie_time/vuln.c
@@ -0,0 +1,49 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <signal.h>
+#include <unistd.h>
+
+void segfault_handler() {
+  printf("Segfault Occurred, incorrect address.\n");
+  exit(0);
+}
+
+int win() {
+  FILE *fptr;
+  char c;
+
+  printf("You won!\n");
+  // Open file
+  fptr = fopen("flag.txt", "r");
+  if (fptr == NULL)
+  {
+      printf("Cannot open file.\n");
+      exit(0);
+  }
+
+  // Read contents from file
+  c = fgetc(fptr);
+  while (c != EOF)
+  {
+      printf ("%c", c);
+      c = fgetc(fptr);
+  }
+
+  printf("\n");
+  fclose(fptr);
+}
+
+int main() {
+  signal(SIGSEGV, segfault_handler);
+  setvbuf(stdout, NULL, _IONBF, 0); // _IONBF = Unbuffered
+
+  printf("Address of main: %p\n", &main);
+
+  unsigned long val;
+  printf("Enter the address to jump to, ex => 0x12345: ");
+  scanf("%lx", &val);
+  printf("Your input: %lx\n", val);
+
+  void (*foo)(void) = (void (*)())val;
+  foo();
+}
\ No newline at end of file