ROPSHELL 
ropshell> use 5bd711a1cc8978ab341e69342d9a50da (download)
name         : hostap-targetd (arm/ELF)
base address : 0x1599c
total gadgets: 2157

ropshell> suggest "load mem"
> 0x0002b4f2 : ldr r1, [pc]; bx r3
> 0x0001ff1e : ldr r0, [r3, #0x30]; pop {r4, pc}
> 0x0004ec26 : ldr r0, [r4, #0x1dc]; pop {r4, pc}
> 0x00017d42 : ldr r0, [r7]; blx r2
> 0x0003848e : ldr r0, [pc, #0x10]; pop {r3, pc}
> 0x0003e406 : ldrshne r3, [r0]; strne r3, [r2]; pop {r4, pc}
> 0x0006650a : ldr r3, [r2, #0x14]; blx r3
> 0x00032672 : ldr r1, [r5, #0x20c]; blx r2
> 0x0001fad6 : ldr r0, [r6, #0x520]; blx r3
> 0x0001fe5a : ldr r1, [r6, #4]; blx r3
> 0x0001f2c6 : ldr r3, [r7, #0x14]; blx r3
> 0x0002325a : ldr r0, [r8, #0x520]; blx r5
> 0x00016b6e : ldr r2, [sl, #0x70]; blx r2
> 0x000680d2 : ldr r3, [ip, #0x14]; blx r3
> 0x0004eb8e : ldr r3, [r1, #0xe8]; str r3, [r6]; pop {r4, r5, r6, pc}
> 0x0006d7d2 : ldr r1, [r0, #8]; cmp r2, #3; bxls lr
> 0x00047106 : ldr r2, [r0, #0x530]; cmp r2, #0; bxeq lr
> 0x0007018e : ldr r0, [r2, #4]; mov r2, r1; blx r3
> 0x0002c0ee : ldr r1, [r2]; str r1, [r3]; str r3, [r2]; pop {r3, r4, r5, pc}
> 0x0002308a : ldr ip, [r3, #0x1f4]; cmp ip, #0; bxeq lr
> 0x0006f12e : ldrne r3, [r4, #0x10]; stmne r0, {r1, r2, r3}; pop {r4, pc}
> 0x000597d6 : ldr r0, [r5, #0x1e8]; add sp, sp, #0x24; pop {r4, r5, pc}
> 0x0001ea66 : ldr r3, [sl, #4]; mov r0, r7; blx r3
> 0x00040472 : ldr ip, [r2, #0x7c]; mov r2, #0; blx ip
> 0x0005090a : ldr r3, [pc, #8]; eor r3, r3, r2; str r3, [r4]; pop {r4, r5, r6, pc}
> 0x0003940e : ldr ip, [pc, #0x1c]; ldr ip, [ip]; cmp r0, ip; bxlt lr
> 0x00037d7a : ldr r0, [r1]; str r0, [r4, #4]; add sp, sp, #0x10; pop {r4, pc}
> 0x00064c9e : ldr ip, [r4, #0x24]; ldr r0, [r4, #0x28]; blx ip
> 0x00033a36 : ldr r3, [r5, #0x594]; ldr r0, [r3, #4]; add r0, r4, r0; pop {r3, r4, r5, pc}
> 0x0001b586 : ldr r6, [r2, r4, lsl #2]; add r4, r4, #1; mov r0, r6; blx r3
> 0x00020182 : ldr r2, [r3, #0xd4]; add r2, r2, #1; str r2, [r3, #0xd4]; pop {r4, r5, r6, pc}
> 0x00050906 : ldr r2, [r4]; ldr r3, [pc, #8]; eor r3, r3, r2; str r3, [r4]; pop {r4, r5, r6, pc}
> 0x00036a4a : ldr r3, [lr, #0xc]; add r3, r3, #1; str r3, [lr, #0xc]; pop {r3, r4, r5, pc}
> 0x0003ee06 : ldr r0, [ip, #0x70]; str r4, [sp]; ldr ip, [ip, #0x80]; blx ip
> 0x0004eb86 : ldr r2, [r1, #0xe4]; str r2, [r3]; ldr r3, [r1, #0xe8]; str r3, [r6]; pop {r4, r5, r6, pc}
> 0x00069cba : ldr r3, [r6, #0xc]; mov ip, r5; mov r5, r4; stm ip!, {r0, r1, r2, r3}; mov r0, r5; pop {r4, r5, r6, pc}
> 0x00017326 : ldr r2, [pc, #0x14]; add r3, pc, r3; ldr r2, [r3, r2]; cmp r2, #0; bxeq lr
> 0x0005464e : ldrne r4, [pc, #0x14]; umullne r3, r0, r4, r0; lsrne r0, r0, #6; add sp, sp, #0x40; pop {r4, pc}
> 0x00050fce : ldr r1, [r3]; str r2, [r1, #4]; str r2, [r3]; mov r0, #1; add sp, sp, #0x400; pop {r4, r5, r6, pc}
> 0x0006f126 : ldrne r1, [r4, #0x1c]; ldrne r2, [r4, #0x20]; ldrne r3, [r4, #0x10]; stmne r0, {r1, r2, r3}; pop {r4, pc}
> 0x0001b582 : ldr r2, [r5, #0x28]; ldr r6, [r2, r4, lsl #2]; add r4, r4, #1; mov r0, r6; blx r3
> 0x00069cb6 : ldr r2, [r6, #8]; ldr r3, [r6, #0xc]; mov ip, r5; mov r5, r4; stm ip!, {r0, r1, r2, r3}; mov r0, r5; pop {r4, r5, r6, pc}
> 0x0004eb7e : ldr ip, [r1, #0xe0]; str ip, [r2]; ldr r2, [r1, #0xe4]; str r2, [r3]; ldr r3, [r1, #0xe8]; str r3, [r6]; pop {r4, r5, r6, pc}
> 0x0003f3c2 : ldr lr, [r4, #0x144]; ldr r0, [ip, #0x70]; ldr r1, [r4, #0x140]; and r3, r3, r5; str lr, [sp]; ldr ip, [ip, #0x7c]; blx ip
> 0x0003034a : ldr ip, [r0, #8]; ldr r3, [r0, #0xc]; str r4, [r2, #0x14]; str lr, [r2, #0x18]; str ip, [r2, #0x1c]; str r3, [r2, #0x20]; pop {r4, r5, r6, r7, pc}

© 2014 - 2019 - Powered by ROPEME | Contact