ROPSHELL 
ropshell> use 8e858af73d51196f82ac50f541148b0a (download)
name         : fact (arm/ELF)
base address : 0x10170
total gadgets: 1863

ropshell> suggest
jmpcall
    > 0x0005ad90 : bx r1
    > 0x000108a4 : bx r3
    > 0x00023b41 : bx r4
    > 0x000117b9 : bx r5
    > 0x00023455 : bx r6
load mem
    > 0x00049d7a : ldr r0, [r2]; pop {r4, pc}
    > 0x0004997e : ldrne r0, [r3]; pop {r4, pc}
    > 0x000289c2 : ldr r0, [r4]; blx r5
    > 0x0004b476 : ldr r0, [r5]; blx r6
    > 0x00010f6a : ldr r0, [r7]; blx r3
pop pop ret
    > 0x00010e4c : pop {r1, pc}
    > 0x000265d4 : pop {r0, r4, pc}
    > 0x00017d8d : pop {r0, r1, r4, pc}
    > 0x00061f25 : pop {r0, r3, r6, r7, pc}
    > 0x00019ce1 : pop {r0, r1, r2, r4, r6, pc}
stack pivoting
    > 0x0005a0f6 : mov sp, r7; ldr r7, [sp, #0x10c]; ldr lr, [sp, #0x5c]; add sp, sp, #0x110; bx lr
syscall
    > 0x0001c082 : svc #0; pop {r4, r5, r6, r7, pc}
write mem
    > 0x0005ab3e : strne r3, [r0]; pop {r4, pc}
    > 0x0004f116 : str ip, [r1]; pop {r7, pc}
    > 0x00028ac2 : str r0, [r2]; pop {r4, pc}
    > 0x00058206 : str r3, [r2]; pop {r4, pc}
    > 0x0002b06a : str r0, [r3]; pop {r4, pc}

© 2014 - 2019 - Powered by ROPEME | Contact