ROPSHELL 
ropshell> use c1e58690d0878946fee2d440e6e5452a (download)
name         : M0Pro_Serial.elf (arm/ELF)
base address : 0x0
total gadgets: 200

ropshell> suggest
jmpcall
    > 0x00000225 : bx lr
    > 0x000000fd : blx r3
    > 0x00001d15 : blx r4
load mem
    > 0x0000204b : ldr r3, [r5, r3]; blx r3
    > 0x000008a5 : ldrh r7, [r5, #0x3a]; bx lr
    > 0x000002eb : ldr r3, [r0]; ldr r3, [r3]; blx r3
    > 0x000004d7 : ldr r2, [r0, #4]; orrs r3, r2; str r3, [r0, #4]; pop {r4, r5, r6, pc}
    > 0x00001d0f : ldr r4, [r2, #4]; movs r1, r3; movs r2, #1; blx r4
pop pop ret
    > 0x000017cd : pop {pc}
    > 0x00002015 : pop {r1, pc}
    > 0x0000077f : pop {r4, r5, pc}
    > 0x000010a1 : pop {r1, r2, r4, pc}
    > 0x00000755 : pop {r4, r5, r6, r7, pc}
stack pivoting
    > 0x000012b1 : mov sp, r7; pop {r3, r4, r5, r6, r7, pc}
write mem
    > 0x00001eed : str r1, [r2]; pop {r4, pc}
    > 0x00001d79 : str r2, [r3]; pop {r4, pc}
    > 0x0000217b : str r3, [r5]; pop {r4, r5, r6, pc}
    > 0x00001afb : str r1, [r0]; bx lr
    > 0x00001a8d : str r3, [r0, #0x40]; pop {r4, pc}

© 2014 - 2019 - Powered by ROPEME | Contact