Tags: arm pwn 

Rating: 1.0

## armpw

QEMU stack is executeable

1. leak stack addr
2. leak stack cookie
3. return to shellcode on the stack

Original writeup (https://github.com/bootplug/writeups/blob/master/2020/zh3r0-CTF/writeups.md#armpw).