ROPSHELL 
ropshell> use cdb5b077bed939584faace95fc559dad (download)
name         : fact (arm/ELF)
base address : 0x10170
total gadgets: 1881

ropshell> suggest "load mem"
> 0x00049d4a : ldr r0, [r2]; pop {r4, pc}
> 0x0004994e : ldrne r0, [r3]; pop {r4, pc}
> 0x00028992 : ldr r0, [r4]; blx r5
> 0x0004b446 : ldr r0, [r5]; blx r6
> 0x00010f3e : ldr r0, [r7]; blx r3
> 0x00058ea6 : ldr r3, [r7]; blx r3
> 0x00028d42 : ldr r1, [r3]; mov r0, r8; blx sb
> 0x00028c9a : ldr r1, [r4]; mov r0, r6; blx r5
> 0x00016bb6 : ldr r3, [r6], #4; blx r3
> 0x00018382 : ldr ip, [r6, #0xc]; blx ip
> 0x0005a0a2 : ldr ip, [r7, #0x108]; blx ip
> 0x00059606 : ldr r3, [r8, #-0x4]!; blx r3
> 0x0002186e : ldr r3, [sl, #0x488]; blx r3
> 0x00050486 : ldr r0, [fp, #0x10]; blx r2
> 0x0002c1de : ldr r2, [fp, #-0x3c]; blx r2
> 0x00063eee : ldr r2, [r0, #0x240]; str r2, [r3]; pop {r4, pc}
> 0x00054785 : ldr r4, [r3, r7]; movs r4, r0; blx lr
> 0x000297d6 : ldr r2, [r4]; str r2, [r3, #4]; pop {r4, r5, r6, pc}
> 0x00063e96 : ldr r3, [r4, #0xc]; str r0, [r3]; pop {r4, pc}
> 0x00066abe : ldr r2, [sl]; add r3, r3, r2; blx r3
> 0x0002b036 : ldr r3, [pc, #0x20]; str r0, [r3]; pop {r4, pc}
> 0x00071822 : ldr ip, [r0], #4; str ip, [r3]; bx lr
> 0x00049a82 : ldr r2, [r1, #0x18]; cmp r2, #0; bxne lr
> 0x00019052 : ldr r3, [r2]; mov r0, r3; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x00018ffe : ldr r6, [r5, #0xc]; mov r0, r5; blx r6
> 0x00017fd2 : ldr r7, [r5, #0xc]; mov r0, r5; blx r7
> 0x00018de6 : ldr r8, [r5, #0x18]; mov r0, r5; blx r8
> 0x0001843a : ldr r4, [r6, #0xc]; mov r0, r6; blx r4
> 0x0001969e : ldr r5, [r6, #0x18]; mov r0, r6; blx r5
> 0x00057806 : ldr r0, [lr]; add r0, r0, #1; str r0, [lr]; pop {r4, r5, r6, pc}
> 0x0004f0de : ldr r1, [pc, #0x24]; mov r0, r3; str ip, [r1]; pop {r7, pc}
> 0x000192d6 : ldr r2, [pc, r2]; str ip, [r0, r2]; mov r0, r1; pop {r4, r5, r6, pc}
> 0x0005543a : ldr r1, [sl]; ldr r0, [r2]; add r3, r3, r1; blx r3
> 0x0005ab96 : ldr r0, [pc, #0x11c]; mov r0, r0; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x00017f76 : ldr r2, [r3, #4]; str r2, [r3]; add sp, sp, #0x1c; pop {r4, r5, r6, r7, pc}
> 0x00038596 : ldr r3, [ip, r3, lsl #2]; str r2, [fp, #-0x480]; blx r3
> 0x00042f6e : ldr r6, [r2]; ldr r3, [r3, #0x1c]; mov r2, r6; mov r0, r5; blx r3
> 0x0001886e : ldr r5, [r4, #0x58]; ldr r3, [r5, #0x10]; mov r0, r5; blx r3
> 0x000195d6 : ldr r6, [r4, #0x58]; ldr r3, [r6, #0x10]; mov r0, r6; blx r3
> 0x0001dde2 : ldr r3, [r5, #8]; add r3, r3, #1; str r3, [r5, #8]; pop {r4, r5, r6, pc}
> 0x00027606 : ldr r4, [pc, #0x488]; mvnhi r4, #0; mov r0, r4; add sp, sp, #0x2c; pop {r4, r5, r6, r7, pc}
> 0x00014bb9 : ldr r4, [r0, r1]; movs r0, r1; stm r1!, {r2, r3, r4, r5, r6}; movs r1, r1; bx fp
> 0x0001bef2 : ldr r1, [r2, #0x40]; mov r0, r4; mov r2, r3; asr r3, r3, #0x1f; blx r1
> 0x00057802 : ldr lr, [pc, #0xc8]; ldr r0, [lr]; add r0, r0, #1; str r0, [lr]; pop {r4, r5, r6, pc}
> 0x0003e21a : ldr r1, [fp, #-0x8c]; ldr r3, [r3, #0x1c]; mov r2, r6; mov r0, r5; blx r3
> 0x00010f32 : ldr r7, [pc, #0x234]; add r6, r4, r6; ldr r3, [r8]; ldr r0, [r7]; blx r3
> 0x0001efe2 : ldr r8, [pc, #0x88]; mov r0, #0; ldr r3, [r8, #0x488]; mov r6, r2; blx r3
> 0x00057dae : ldr r0, [r1, r3, lsl #3]; cmn r0, #1; moveq r0, #0; ldr pc, [sp], #4; mov r0, r3; bx lr
> 0x00045306 : ldr r4, [r2]; ldr r3, [r5, #0x98]; mov r1, r6; ldr r3, [r3, #0x1c]; mov r2, r4; mov r0, r5; blx r3
> 0x00028a82 : ldr r3, [r0, #8]; str r1, [r0, #4]; str r3, [lr, #4]; str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x00070232 : ldr r2, [r5, #0x40]; ldr r3, [r4, #0x10]; str r2, [r4, #0x14]; mov r1, r4; mov r2, r5; mov r0, #1; blx r3
> 0x00028ada : ldrge r3, [r1, #4]; strlt r3, [lr, #4]; strge r3, [lr, #8]; strlt lr, [r1, #8]; strge lr, [r1, #4]; pop {r4, pc}
> 0x0001ea0e : ldr r1, [r0, r3]; str ip, [r0, r3]; str r1, [r2, #4]; ldr r3, [r2, #0x18]; add r3, r3, #1; str r3, [r2, #0x18]; pop {r4, r5, r6, pc}

© 2014 - 2019 - Powered by ROPEME | Contact