ROPSHELL 
ropshell> use cdb5b077bed939584faace95fc559dad (download)
name         : fact (arm/ELF)
base address : 0x10170
total gadgets: 1881

ropshell> suggest "write mem"
> 0x0005ab0e : strne r3, [r0]; pop {r4, pc}
> 0x0004f0e6 : str ip, [r1]; pop {r7, pc}
> 0x00028a92 : str r0, [r2]; pop {r4, pc}
> 0x000581d6 : str r3, [r2]; pop {r4, pc}
> 0x0002b03a : str r0, [r3]; pop {r4, pc}
> 0x0004965e : str r1, [r3]; pop {r4, pc}
> 0x00063a36 : str r2, [r3]; pop {r4, pc}
> 0x000114fa : str lr, [r3]; pop {r4, r5, r6, r7, pc}
> 0x00049b7e : str r1, [r4]; pop {r4, pc}
> 0x0001d122 : str r3, [r4]; pop {r4, pc}
> 0x0005780e : str r0, [lr]; pop {r4, r5, r6, pc}
> 0x00035f9e : str r2, [r0, r3]; pop {r4, pc}
> 0x0005b72a : str lr, [r7, r2]; pop {r4, r5, r6, r7, pc}
> 0x000105e2 : str r1, [r0]; mov r0, r2; pop {r4, pc}
> 0x000543d6 : str ip, [r0, #0x184]; pop {r4, pc}
> 0x00028aea : strge lr, [r1, #4]; pop {r4, pc}
> 0x0004969a : str ip, [r3, #0x20]; pop {r4, pc}
> 0x0006ecce : str r0, [r4, #0x10]; pop {r4, pc}
> 0x0001da8e : str r5, [r4, #0x30]; pop {r4, r5, r6, pc}
> 0x00024ea2 : str r0, [r5]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x0001d00e : str r3, [r5, #0x60]; pop {r4, r5, r6, pc}
> 0x000417e2 : str r2, [lr]; blx r3
> 0x00022c16 : str r0, [r1]; str r2, [r3]; pop {r4, r5, pc}
> 0x0005c562 : str r1, [r2]; mov r0, #2; pop {r4, r5, pc}
> 0x0005c59e : str r4, [r2]; mov r0, #2; pop {r4, r5, pc}
> 0x0005b6ce : str lr, [r4, r2, lsl #2]; pop {r4, r5, r6, pc}
> 0x000114f6 : str r0, [ip]; str lr, [r3]; pop {r4, r5, r6, r7, pc}
> 0x0006ee22 : strhlo r2, [r1, r3]; pop {r4, r5}; bx lr
> 0x00019046 : str r2, [r4]; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x00033962 : str r2, [r5]; add sp, sp, #8; pop {r4, r5, r6, pc}
> 0x00019cce : str ip, [r5]; add sp, sp, #8; pop {r4, r5, r6, pc}
> 0x00026da2 : str r1, [r6]; add sp, sp, #0x10; pop {r4, r5, r6, pc}
> 0x0003859a : str r2, [fp, #-0x480]; blx r3
> 0x00037bde : str r4, [fp, #-0x464]; blx r3
> 0x00028a8e : str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x00027011 : str r0, [r7, #0x7c]; movs r7, r0; bx lr
> 0x00021f0d : strh r0, [r6, #0xa]; movs r7, r0; blx lr
> 0x00064716 : str r4, [r8]; mov r1, r7; mov r0, r8; blx r6
> 0x00022c12 : str lr, [ip]; str r0, [r1]; str r2, [r3]; pop {r4, r5, pc}
> 0x000577da : strne r4, [r0], #8; strne r0, [r5]; mov r0, r5; pop {r4, r5, r6, pc}
> 0x000160b2 : str r2, [r6]; str r3, [r5]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x0005633a : str r1, [fp, #-0x64]; ldr r0, [r3]; blx r7
> 0x000663d1 : strh r4, [r7, #4]; movs r0, r1; vrhadd.u16 d14, d14, d31; blx lr
> 0x00028a8a : str r3, [lr, #4]; str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x000297ce : streq r5, [r3]; strne r0, [r3]; ldr r2, [r4]; str r2, [r3, #4]; pop {r4, r5, r6, pc}
> 0x00057e62 : str r6, [r4, #0xc]; add r3, r3, #1; str r3, [r4, #8]; pop {r4, r5, r6, pc}
> 0x0005c4ba : str r5, [r0], #4; addlo r4, r4, #1; mov r0, r4; pop {r4, r5, r6, r7}; bx lr
> 0x00021f09 : strh r4, [r1, #0xc]; movs r7, r0; strh r0, [r6, #0xa]; movs r7, r0; blx lr
> 0x0001b122 : strge ip, [r4, #0xc]; str r3, [r4]; mov r0, r6; mov r1, r7; add sp, sp, #8; pop {r4, r6, r7, pc}
> 0x000114e6 : str r7, [r1]; str r1, [r6]; str r2, [r5]; str r2, [r4]; str r0, [ip]; str lr, [r3]; pop {r4, r5, r6, r7, pc}
> 0x000663cd : strh r4, [r5, #4]; movs r0, r1; strh r4, [r7, #4]; movs r0, r1; vrhadd.u16 d14, d14, d31; blx lr
> 0x0001ddde : str r6, [r5, #0xc]; ldr r3, [r5, #8]; add r3, r3, #1; str r3, [r5, #8]; pop {r4, r5, r6, pc}
> 0x00017af2 : str r3, [r6, #4]; ldr r3, [r5, #0x98]; mov r0, r5; ldr r3, [r3, #0x30]; blx r3
> 0x0004968a : str r4, [r3, #0x28]; str r1, [r3, #4]; str r1, [r3]; str lr, [r3, #8]; str ip, [r3, #0x20]; pop {r4, pc}
> 0x00028a7e : str r3, [r1, #8]; ldr r3, [r0, #8]; str r1, [r0, #4]; str r3, [lr, #4]; str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}

© 2014 - 2019 - Powered by ROPEME | Contact