ROPSHELL 
ropshell> use 0be62e8c11662e77e2cdce99172f61ec (download)
name         : librt-2.30.so (arm/ELF)
base address : 0x1ce0
total gadgets: 135

ropshell> suggest
jmpcall
    > 0x00005124 : bx r3
    > 0x00005188 : bx ip
    > 0x00002138 : bx lr
    > 0x00003c20 : blx r4
load mem
    > 0x00004c56 : ldr r0, [r3, r2]; bx lr
    > 0x000022fe : ldr r0, [r2]; cmp r0, #0; bxeq lr
    > 0x00004122 : ldr r2, [pc, r2]; str r3, [r1, r2]; pop {r4, r5, r7, pc}
    > 0x00002116 : ldr r3, [pc, r3]; str r1, [r2, r3]; pop {r4, r5, r6, pc}
    > 0x00004626 : ldr r7, [pc, #0x30]; svc #0; pop {r7}; cmn r0, #0x1000; bxlo lr
pop pop ret
    > 0x00001e53 : pop {r3, pc}
    > 0x00001d68 : pop {r4, r5, r6, pc}
    > 0x00003bb4 : pop {r4, r5, r6, r7, pc}
syscall
    > 0x0000462a : svc #0; pop {r7}; cmn r0, #0x1000; bxlo lr
write mem
    > 0x00001d66 : str r0, [r1]; pop {r4, r5, r6, pc}
    > 0x00004126 : str r3, [r1, r2]; pop {r4, r5, r7, pc}
    > 0x0000217e : str r0, [r2]; bx lr
    > 0x0000211a : str r1, [r2, r3]; pop {r4, r5, r6, pc}
    > 0x000023a2 : str r3, [r2]; bx lr

© 2014 - 2019 - Powered by ROPEME | Contact