ROPSHELL 
ropshell> use 0e58e8ae196d8789ec9c3a5a78ca06b2 (download)
name         : main.elf (arm/ELF)
base address : 0x8000000
total gadgets: 750

ropshell> suggest
jmpcall
    > 0x08003735 : bx r0
    > 0x08002f71 : bx r2
    > 0x080018b1 : bx r3
    > 0x0800047d : bx lr
    > 0x08000207 : blx r0
load mem
    > 0x080046d3 : ldr r0, [r3]; bx lr
    > 0x080030cf : ldr r0, [r2]; lsls r0, r3; pop {r3, pc}
    > 0x08004263 : ldr r0, [r1, #4]; bx lr
    > 0x08000a4b : ldrh r7, [r5, #0x3a]; bx lr
    > 0x080043c1 : ldr r0, [pc, #0]; bx lr
pop pop ret
    > 0x08000b0f : pop {pc}
    > 0x08000405 : pop {r3, pc}
    > 0x08000765 : pop {r4, r5, pc}
    > 0x08001327 : pop {r3, r4, r5, pc}
    > 0x080003e9 : pop {r4, r5, r6, r7, pc}
stack pivoting
    > 0x08000201 : ldr.w sp, [pc, #0x8c]; ldr r0, [pc, #0x8c]; blx r0
write mem
    > 0x08000b11 : str r4, [r3]; pop {pc}
    > 0x0800462f : str r3, [r2]; pop {r3, pc}
    > 0x08004441 : str r0, [r3]; pop {r3, pc}
    > 0x08003ffd : str r1, [r4]; pop {r3, r4, r5, pc}
    > 0x08004ed5 : str r3, [r5]; pop {r3, r4, r5, pc}

© 2014 - 2019 - Powered by ROPEME | Contact