ropshell> use 5714e74bc76d7514da3ad8302a61e40f (download)
name         : M0Pro_Serial.elf (arm/ELF)
base address : 0x0
total gadgets: 199
ropshell> suggest
jmpcall
    > 0x00000219 : bx lr
    > 0x000000fd : blx r3
    > 0x00001ce9 : blx r4
load mem
    > 0x0000201f : ldr r3, [r5, r3]; blx r3
    > 0x00000879 : ldrh r7, [r5, #0x3a]; bx lr
    > 0x00001621 : ldr r3, [r0]; ldr r3, [r3]; blx r3
    > 0x000004ab : ldr r2, [r0, #4]; orrs r3, r2; str r3, [r0, #4]; pop {r4, r5, r6, pc}
    > 0x00001ce3 : ldr r4, [r2, #4]; movs r1, r3; movs r2, #1; blx r4
pop pop ret
    > 0x00000135 : pop {pc}
    > 0x00001fe9 : pop {r1, pc}
    > 0x00000753 : pop {r4, r5, pc}
    > 0x00001075 : pop {r1, r2, r4, pc}
    > 0x00000729 : pop {r4, r5, r6, r7, pc}
stack pivoting
    > 0x00001285 : mov sp, r7; pop {r3, r4, r5, r6, r7, pc}
write mem
    > 0x00001ec1 : str r1, [r2]; pop {r4, pc}
    > 0x00001d4d : str r2, [r3]; pop {r4, pc}
    > 0x0000214f : str r3, [r5]; pop {r4, r5, r6, pc}
    > 0x00001acf : str r1, [r0]; bx lr
    > 0x00001a61 : str r3, [r0, #0x40]; pop {r4, pc}