SECCON CTF 13 Quals - BabyQEMU author:ShiftCrops nc babyqemu.seccon.games 3824 Team: Super Guesser Attachment: BabyQEMU.tar.gzxpl.pypwn.c BabyQEMU was nice entry level challenge to learn about QEMU escape. It provided a pci device babydev, which allowed to read/write memory via mmio access. staticuint64_tpci_babydev_mmio_read(void*opaque,hwaddraddr,unsignedsize){PCIBabyDevState*ms=opaque;structPCIBabyDevReg*reg=ms->reg_mmio;debug_printf("addr:%lx, size:%d\n",addr,size);switch(addr){caseMMIO_G...
