ROPSHELL 
ropshell> use f4614db96ff7f7d8edbe59340f4535da (download)
name         : mtower_s.elf (arm/ELF)
base address : 0x10000
total gadgets: 565

ropshell> suggest
jmpcall
    > 0x000102f7 : bx r0
    > 0x000109e3 : bx r1
    > 0x00014ae9 : bx r3
    > 0x00010305 : bx r4
    > 0x00010601 : bx lr
load mem
    > 0x00014001 : ldrh.w r2, [r3]; pop {r4, pc}
    > 0x000149cf : ldr r0, [r3]; bx lr
    > 0x000144cb : ldr r0, [r6]; blx r3
    > 0x0001341d : ldr r1, [r6]; blx r3
    > 0x00012b77 : ldr r0, [pc, #0x14]; pop {r4, r5, r6, pc}
pop pop ret
    > 0x00010cb3 : pop {pc}
    > 0x00010201 : pop {r4, pc}
    > 0x0001ecc5 : pop {r0, r1, pc}
    > 0x00010e69 : pop {r4, r5, r6, pc}
    > 0x00011207 : pop {r4, r5, r6, r7, pc}
stack pivoting
    > 0x00012889 : mov sp, r7; add sp, #0x2c; pop {r4, r5, r6, r7, pc}
write mem
    > 0x00010569 : str r0, [r3]; pop {r4, pc}
    > 0x0001400b : strh.w r2, [lr]; pop {r4, pc}
    > 0x0001b477 : str r1, [r3]; bx lr
    > 0x0001b5bb : str r3, [r0, #0x10]; pop {r4, pc}
    > 0x0001047b : str r3, [r1, #0x10]; pop {r4, pc}

© 2014 - 2019 - Powered by ROPEME | Contact