I'm trying to exploit a buffer overflow vulnerability in an ARM64 program from this blog. When I give as input 100*'A', and I compile the program for ARM 32 bit (without canaries), the program crashes (as the return address is overwritten). But, when I give as input 100*'A', and I compile the program for ARM 64 bit (without canaries), the program does not crash. Why does it happen? Can someone explain?
Here are some screenshots of the stack before and after the call for strcpy:
BTW I'm using QEMU to run the code on an Ubuntu VM 64 bit on an Intel CPU (also tried with Kali Linux 64 bit).
Thanks.
The code is:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void vulnerable(char* ip) {
char buffer[20];
strcpy(buffer, ip);
}
void win(){
printf("You successfully exploited the buffer overflow\n");
system("/bin/sh");
}
int main(int argc, char** argv) {
if (argc != 2) {
printf("Argument <input>\n");
exit(1);
}
vulnerable(argv[1]);
exit(0);
}
Compiled with:
aarch64-linux-gnu-gcc -O0 -fno-stack-protector -z execstack -o vuln64 ./vuln.c
-fPIE -pie
.-fPIE -pie
did not help