ROPSHELL 
ropshell> use 4b2daf6d918d815e4a6f9441f25b1787 (download)
name         : fact (arm/ELF)
base address : 0x10170
total gadgets: 1855

ropshell> suggest "load mem"
> 0x00049b3a : ldr r0, [r2]; pop {r4, pc}
> 0x0004973e : ldrne r0, [r3]; pop {r4, pc}
> 0x00028782 : ldr r0, [r4]; blx r5
> 0x0004b236 : ldr r0, [r5]; blx r6
> 0x00010f1e : ldr r0, [r7]; blx r3
> 0x00058c96 : ldr r3, [r7]; blx r3
> 0x00028b32 : ldr r1, [r3]; mov r0, r8; blx sb
> 0x00028a8a : ldr r1, [r4]; mov r0, r6; blx r5
> 0x00016b96 : ldr r3, [r6], #4; blx r3
> 0x00018176 : ldr ip, [r6, #0xc]; blx ip
> 0x00059e92 : ldr ip, [r7, #0x108]; blx ip
> 0x000593f6 : ldr r3, [r8, #-0x4]!; blx r3
> 0x00021662 : ldr r3, [sl, #0x488]; blx r3
> 0x00050276 : ldr r0, [fp, #0x10]; blx r2
> 0x0002bfce : ldr r2, [fp, #-0x3c]; blx r2
> 0x00063cde : ldr r2, [r0, #0x240]; str r2, [r3]; pop {r4, pc}
> 0x000295c6 : ldr r2, [r4]; str r2, [r3, #4]; pop {r4, r5, r6, pc}
> 0x00063c86 : ldr r3, [r4, #0xc]; str r0, [r3]; pop {r4, pc}
> 0x00054575 : ldrh r4, [r5, r7]; movs r4, r0; blx lr
> 0x000668ae : ldr r2, [sl]; add r3, r3, r2; blx r3
> 0x0002ae26 : ldr r3, [pc, #0x20]; str r0, [r3]; pop {r4, pc}
> 0x00071612 : ldr ip, [r0], #4; str ip, [r3]; bx lr
> 0x00049872 : ldr r2, [r1, #0x18]; cmp r2, #0; bxne lr
> 0x00018e46 : ldr r3, [r2]; mov r0, r3; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x00018df2 : ldr r6, [r5, #0xc]; mov r0, r5; blx r6
> 0x00017dc6 : ldr r7, [r5, #0xc]; mov r0, r5; blx r7
> 0x00018bda : ldr r8, [r5, #0x18]; mov r0, r5; blx r8
> 0x0001822e : ldr r4, [r6, #0xc]; mov r0, r6; blx r4
> 0x00019492 : ldr r5, [r6, #0x18]; mov r0, r6; blx r5
> 0x000585d9 : ldr r7, [pc, #0x270]; movs r0, r1; blx lr
> 0x000575f6 : ldr r0, [lr]; add r0, r0, #1; str r0, [lr]; pop {r4, r5, r6, pc}
> 0x0004eece : ldr r1, [pc, #0x24]; mov r0, r3; str ip, [r1]; pop {r7, pc}
> 0x000190ca : ldr r2, [pc, r2]; str ip, [r0, r2]; mov r0, r1; pop {r4, r5, r6, pc}
> 0x0005522a : ldr r1, [sl]; ldr r0, [r2]; add r3, r3, r1; blx r3
> 0x0005a986 : ldr r0, [pc, #0x11c]; mov r0, r0; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x00017d6a : ldr r2, [r3, #4]; str r2, [r3]; add sp, sp, #0x1c; pop {r4, r5, r6, r7, pc}
> 0x00038386 : ldr r3, [ip, r3, lsl #2]; str r2, [fp, #-0x480]; blx r3
> 0x00042d5e : ldr r6, [r2]; ldr r3, [r3, #0x1c]; mov r2, r6; mov r0, r5; blx r3
> 0x00018662 : ldr r5, [r4, #0x58]; ldr r3, [r5, #0x10]; mov r0, r5; blx r3
> 0x000193ca : ldr r6, [r4, #0x58]; ldr r3, [r6, #0x10]; mov r0, r6; blx r3
> 0x0001dbd6 : ldr r3, [r5, #8]; add r3, r3, #1; str r3, [r5, #8]; pop {r4, r5, r6, pc}
> 0x000273f6 : ldr r4, [pc, #0x488]; mvnhi r4, #0; mov r0, r4; add sp, sp, #0x2c; pop {r4, r5, r6, r7, pc}
> 0x0001bce6 : ldr r1, [r2, #0x40]; mov r0, r4; mov r2, r3; asr r3, r3, #0x1f; blx r1
> 0x0004579d : ldr r5, [pc, #0xa0]; movs r5, r0; ldr r3, [pc, #0x320]; movs r5, r0; bx ip
> 0x000575f2 : ldr lr, [pc, #0xc8]; ldr r0, [lr]; add r0, r0, #1; str r0, [lr]; pop {r4, r5, r6, pc}
> 0x0003e00a : ldr r1, [fp, #-0x8c]; ldr r3, [r3, #0x1c]; mov r2, r6; mov r0, r5; blx r3
> 0x0001edd6 : ldr r8, [pc, #0x88]; mov r0, #0; ldr r3, [r8, #0x488]; mov r6, r2; blx r3
> 0x0006e632 : ldr r4, [r0]; orr r3, r3, r2, lsl #12; ror r5, r3, #0xc; mov r0, r4; mov r1, r5; pop {r4, r5}; bx lr
> 0x00057b9e : ldr r0, [r1, r3, lsl #3]; cmn r0, #1; moveq r0, #0; ldr pc, [sp], #4; mov r0, r3; bx lr
> 0x000450f6 : ldr r4, [r2]; ldr r3, [r5, #0x98]; mov r1, r6; ldr r3, [r3, #0x1c]; mov r2, r4; mov r0, r5; blx r3
> 0x00028872 : ldr r3, [r0, #8]; str r1, [r0, #4]; str r3, [lr, #4]; str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x00070022 : ldr r2, [r5, #0x40]; ldr r3, [r4, #0x10]; str r2, [r4, #0x14]; mov r1, r4; mov r2, r5; mov r0, #1; blx r3
> 0x000288ca : ldrge r3, [r1, #4]; strlt r3, [lr, #4]; strge r3, [lr, #8]; strlt lr, [r1, #8]; strge lr, [r1, #4]; pop {r4, pc}
> 0x0001e802 : ldr r1, [r0, r3]; str ip, [r0, r3]; str r1, [r2, #4]; ldr r3, [r2, #0x18]; add r3, r3, #1; str r3, [r2, #0x18]; pop {r4, r5, r6, pc}

© 2014 - 2019 - Powered by ROPEME | Contact