Hi there, I have read baby_bear writeup, but I can't understand somethings on your exploit code:
1. def u(x,y):
return x-y*2.5
You use u(x,y) to calculate for the order of the heap, what is the base of that ?
2. def bitxor(s,x):
xt=x>>3
return s[:xt]+bytes([s[xt]^(1

Hi there, I have read baby_bear writeup, but I can't understand somethings on your exploit code:
1. def u(x,y):
return x-y*2.5
You use u(x,y) to calculate for the order of the heap, what is the base of that ?
2. def bitxor(s,x):
xt=x>>3
return s[:xt]+bytes([s[xt]^(1

In u(x,y), x is current length of input diff, y is current length of matched result, and u(x,y) gives a resonable score of them - to make the result match as much as possible.

Hi there, I have read baby_bear writeup, but I can't understand somethings on your exploit code:
1.You use u(x,y) to calculate for the order of the heap, what is the base of that ?
2.How could you use bitxor to find next bytes? (algorithms or somethings else?)
Thanks for your help!
Sorry for those previous noised cmt.

2. Since we can find these matched results, such bfs(or maybe A*) algorithm will lead to a low score situation, that means y is very large, and that's what we need for the answer.

Hi there, I have read baby_bear writeup, but I can't understand somethings on your exploit code:

1. def u(x,y):

return x-y*2.5

You use u(x,y) to calculate for the order of the heap, what is the base of that ?

2. def bitxor(s,x):

xt=x>>3

return s[:xt]+bytes([s[xt]^(1

Hi there, I have read baby_bear writeup, but I can't understand somethings on your exploit code:

1. def u(x,y):

return x-y*2.5

You use u(x,y) to calculate for the order of the heap, what is the base of that ?

2. def bitxor(s,x):

xt=x>>3

return s[:xt]+bytes([s[xt]^(1

In u(x,y), x is current length of input diff, y is current length of matched result, and u(x,y) gives a resonable score of them - to make the result match as much as possible.

Hi there, I have read baby_bear writeup, but I can't understand somethings on your exploit code:

1.You use u(x,y) to calculate for the order of the heap, what is the base of that ?

2.How could you use bitxor to find next bytes? (algorithms or somethings else?)

Thanks for your help!

Sorry for those previous noised cmt.

2. Since we can find these matched results, such bfs(or maybe A*) algorithm will lead to a low score situation, that means y is very large, and that's what we need for the answer.

I didn't know A* algo, check it rn! Thank you so much!

orz mcfx god