Tags: rev 

Rating: 2.0

1. run it on simduino

./obj-x86_64-pc-linux-gnu/simduino.elf -d ../../../ezpz_crkmee.hex

2. connect it to the USART

minicom -s -D /tmp/simavr-uart0

3. launch gdb and let it exploit

avr-gdb -x gdbinit

press ctrl c -> flag

gdbinit file
```
set pagination off

target remote 0:1234

define hook-stop
i r
x/8i $pc
end

define input
set $pc=0x548
p *0x200='h'
p *0x201='4'
p *0x202='v'
p *0x203='3'
p *0x204='n'
p *0x205='0'
p *0x206='M'
p *0x207='0'
p *0x208='u'
p *0x209='t'
p *0x20a='H'
p *0x20b='&'
p *0x20c='1'
p *0x20d='m'
p *0x20e='S'
p *0x20f='t'
p *0x210='s'
p *0x211='C'
p *0x212='r'
p *0x213='3'
p *0x214='4'
p *0x215='m'
p *0x216='A'
p *0x217='B'
p *0x218='C'
p *0x219='D'
p *0x21a='E'
p *0x21b='F'
p *0x21c='G'
p *0x21d='H'
p *0x21e='I'
p *0x21f='J'
end

def xx
p $pc=$pc+2
si
end

def xx2
p $pc=$pc+4
si
end

def xx6b4
p $pc=0x6b4
si
end

b *(void (*)())(0x5a0)
b *(void (*)())(0x5b6)
b *(void (*)())(0x678)
b *(void (*)())(0x6a8)

set $pc=0
c
input
c
xx
c
xx
c
xx2
xx6b4
c
```