level6.ts

import { Level } from './types';

export const level6: Level = {
  id: 6,
  title: "Code Patching: The NOP Sled",
  description: "BINARY PATCHING CONCEPT: In real exploit development, a NOP sled is a sequence of 0x90 (NOP = No Operation) instructions used to 'slide' execution to your payload. Here, the game contains a conditional jump (JE/JZ) at address 0x0040100E that enforces a security check. Instead of meeting the condition, we PATCH the instruction bytes. Use the HEX EDITOR to find offset 0x08 (OPCODE_OVERWRITE flag). Change from 00 (patching disabled) to 01 (NOP patch active). This simulates overwriting the JE opcode with 0x90 NOPs, causing the CPU to skip the check entirely.",
  requiredSkill: "Binary Patching & NOP Sled Technique",
  objective: (s) => s.isNopEnabled === true,
  hint: "1. Open HEX EDITOR. 2. Find offset 0x08 (will be highlighted GREEN). 3. Current byte: 00 (security check active). 4. Double-click, change to: 01 (NOP patch enabled). 5. In real RE, you'd find opcode 74 05 (JE) at 0x0040100E and overwrite with 90 90 (NOP NOP). This level abstracts it to a boolean flag. Alternative: Use EXPLOIT WORKSHOP > Debugger tab to see the actual assembly, then flip the flag.",
  tutorPersona: "Morpheus: You cannot change the rule, but you can silence the enforcer. At address 0x0040100E, the code says 'JE 0x00401015' - Jump if Equal to the lock routine. You could satisfy the condition... or you could replace the instruction with NOPs. 90 90 90 90 - four bytes of emptiness. The CPU slides past the check like it was never there. This is the NOP sled. This is the bypass.",
  memoryLayout: [{ key: 'isNopEnabled', label: 'OPCODE_OVERWRITE', type: 'bool', offset: 0x08 }],
  initialState: { isNopEnabled: false },
  platforms: [{ id: 'p1', x: 0, y: 280, width: 800, height: 40, type: 'static' }]
};