ROPSHELL 
ropshell> use 500dd91ba5f34daa04d4596831ce350f (download)
name         : libc.so.0 (arm/ELF)
base address : 0x14990
total gadgets: 1987

ropshell> suggest
jmpcall
    > 0x00041fbd : bx r1
    > 0x00041a1d : bx r2
    > 0x00039e01 : bx r3
    > 0x0004fc8d : bx r4
    > 0x00041625 : bx r6
load mem
    > 0x0003f3fe : ldrh r0, [r3, r2]; pop {r4, r5, r6, r7, pc}
    > 0x00046ad2 : ldr r0, [r4, r3]; pop {r3, r4, r5, pc}
    > 0x00022696 : ldr r0, [r1, r0]; bx lr
    > 0x0002df0a : ldr r1, [r3]; blx r7
    > 0x000470de : ldr r0, [r5, #0x3c]; pop {r3, r4, r5, r6, r7, pc}
pop pop ret
    > 0x0003db80 : pop {r0, pc}
    > 0x00024769 : pop {r2, r4, pc}
    > 0x00024725 : pop {r0, r2, r5, pc}
    > 0x00023ce5 : pop {r0, r1, r2, r7, pc}
    > 0x00033e48 : pop {r0, r1, r2, r3, r4, pc}
syscall
    > 0x00032586 : svc #0; pop {r4, r5, r7, pc}
write mem
    > 0x00056632 : str r3, [r0]; pop {r3, r4, r5, r6, r7, pc}
    > 0x00048132 : str r4, [r0]; pop {r3, r4, r5, pc}
    > 0x0002ff9a : str ip, [r1]; pop {r4, r5, r6, pc}
    > 0x0005a01a : str r3, [r2]; pop {r3, r4, r5, pc}
    > 0x00059f42 : str r2, [r3]; pop {r3, pc}

© 2014 - 2019 - Powered by ROPEME | Contact