ROPSHELL 
ropshell> use 83ea1bf2efba6d13bc0f10c265545cc1 (download)
name         : beg (arm/ELF)
base address : 0x10180
total gadgets: 2145

ropshell> suggest
jmpcall
    > 0x00020c13 : bx r0
    > 0x0002f8f3 : bx r1
    > 0x00053c27 : bx r2
    > 0x000103e9 : bx r3
    > 0x000447fc : bx ip
load mem
    > 0x00038fd7 : ldr r0, [r2]; pop {r4, r5, r6, pc}
    > 0x00038cb1 : ldr r0, [r3]; pop {r3, r4, r5, pc}
    > 0x000148c1 : ldrh.w fp, [r5, r3]; pop {r4, r5, pc}
    > 0x00039ff3 : ldrsh.w fp, [lr, r2]; pop {r4, r5, r6, pc}
    > 0x000151e3 : ldr r1, [r0, #0x58]; pop {r4, r5, r6, pc}
pop pop ret
    > 0x00053ea7 : pop {pc}
    > 0x000532b3 : pop {r1, pc}
    > 0x000203cc : pop {r0, r4, pc}
    > 0x00025371 : pop {r0, r3, r4, pc}
    > 0x0004cb35 : pop {r0, r1, r3, r5, pc}
stack pivoting
    > 0x00053ea5 : mov sp, ip; pop {pc}
    > 0x0002443f : mov sp, r7; pop {r4, r5, r6, r7, pc}
    > 0x000152e7 : mov sp, r5; adds r7, #8; mov sp, r7; pop.w {r4, r5, r6, r7, lr}; add sp, #0xc; bx lr
syscall
    > 0x00010fa5 : svc #0; pop {r7, pc}
write mem
    > 0x0004515d : str r3, [r0]; pop {r3, pc}
    > 0x00042ae7 : str r0, [r2]; pop {r3, r4, r5, r6, r7, pc}
    > 0x00043d0b : str r3, [r2]; pop {r3, r4, r5, r6, r7, pc}
    > 0x0003c895 : str r5, [r2]; pop {r4, r5, pc}
    > 0x0002525b : str r0, [r3]; pop {r4, pc}

© 2014 - 2019 - Powered by ROPEME | Contact