| tags:GitS2014 GitS WriteUp
GitS 2014: A Boaring Quest (Pwn Adventure 150)
This turned out to be pretty easy compared to Unbearable. The quest was to kill 9800 boars in the boar-level.
The solution is to call
GameServerConnect::QuestKill(string name) with the name “Boar” while staying in the boar-level. This will trick the game-server to assume we did these quest-kills, because this directly updates the QuestManager and doesn’t care about real kills.
A good function to patch is
Player::setJumpState() because this method is called very often and when we add this patch we can get the 9800 kills in about a minute.
To patch the
Player::setJumpState() method add this code after
ldsfld class GameServerConnection GameState::gameServer // equal to GameState.gameServer. ldstr "Boar" // the first (and only) argument callvirt instance void GameServerConnection::QuestKill(string) // call the QuestKill(string name) method on GameState.gameServer
After waiting some time in the board level and getting our 9800 kill-count I’ve removed this patch again to not spam the game-server ;-)
With the 9800 souls we can simply follow the story, get the Boomstick (Shotgun) and kill the 30 Undeads (using the Wine from Unbearable may help ;-) ). We get the flag: ZombieProcessesWillEatYourBrains
by ccmndhd and nsr