ropshell> use ba9eca779d087e18484ad6598e7e328e (download) name : libc.so.6 (arm/ELF) base address : 0x15f40 total gadgets: 5455
ropshell> suggest jmpcall > 0x00028e0d : bx r0 > 0x0002b767 : bx r1 > 0x00038fe1 : bx r2 > 0x00016a8f : bx r3 > 0x00033a7d : bx r6 load mem > 0x000480a7 : ldr r0, [r2]; pop {r4, r5, r6, pc} > 0x00087033 : ldrh.w fp, [r0, r4]; pop {r4, r5, r6, pc} > 0x000670e7 : ldr.w fp, [sl, r3]; pop {r4, r5, pc} > 0x00042c83 : ldr r1, [r0, #0x58]; pop {r4, r5, r6, pc} > 0x00090d6d : ldrh r2, [r0, #0x18]; pop {r4, r5, r6, r7, pc} pop pop ret > 0x0001851b : pop {pc} > 0x000b807b : pop {r1, pc} > 0x000b4d94 : pop {r0, r1, pc} > 0x0003d069 : pop {r0, r2, r7, pc} > 0x0003c5af : pop {r0, r1, r2, r3, pc} stack pivoting > 0x000706f3 : mov sp, r7; pop {r3, r4, r5, r6, r7, pc} > 0x00044847 : mov sp, r5; adds r7, #8; mov sp, r7; pop.w {r4, r5, r6, r7, lr}; add sp, #0xc; bx lr syscall > 0x00016ab5 : svc #0; pop {r7, pc} write mem > 0x000b246b : str r4, [r0]; pop {r3, r4, r5, pc} > 0x00049bc5 : str r3, [r1]; pop {r4, pc} > 0x000ab6e9 : str r3, [r2]; pop {r3, r4, r5, pc} > 0x00046dd1 : str r5, [r2]; pop {r3, r4, r5, pc} > 0x000372d1 : str r6, [r2]; pop {r3, r4, r5, r6, r7, pc}