App - System

Hi everyone, currently I’m working on above challenge and I encountered the problem that my shellcode isn’t working unless I use a breakpoint in GDB.

Apparently this is due to ARM having a different I- and D-Cache and my shellcode resulting in a cache miss and some garbage memory being read (no write back prior to miss).

So I was wondering if anyone of you could point me in the right direction (i.e. what I can do differently to avoid the problem) or how I can solve the problem.

Currently I simply take control of r15 (pc) and have it point to my shellcode on the stack. For this I even tried different positions, such as in the beginning of the string, in the middle or different amount of bytes behind the stack address of the overwritte return address.