Rating:

Solution with 0xe1------ "stack" addresses, exploiting a buffer overflow, also explaining how the 0xe100---- addresses showed up (instead of the expected 0x2000---- for the stack addresses).

Original writeup (https://learnhackpwn.com/2020/11/17/donjon-ctf-picohsm-write-up-1-3/).