-
Any possibility to do that now ? Input a binary and come out with a set of useful gadgets or allow to search given a regular expression of the syntax i.e. "pop.+pop.+ret"
-
Either use ROPGadget or roll our own gadget finder.
kokjo updated
4 years ago
-
I was doing this challenge: https://2020.ctf.link/assets/files/kernel-rop-bf9c106d45917343.tar.xz
and the gadget `0xffffffff8246dc83: push rax; ret;` is returned for the extracted vmlinux. I used it …
-
can't find write-what-where gadgets inside pwntools.
rop.find_gadget(['mov qword ptr [rdi], rax ; ret'])
-
wasn't able to spawn a shell with command as parameter:
```py
bin_sh = libc.address + 0x111111
rop = ROP(program, base=0x7fffffffe460)
rop.call('execve', [bin_sh, [[b'/bin/sh'], [b'-c'], [b'whoami…
-
Since `objtool` already disassembles the (x86) kernel image at build time, it would be nice to add a ROP gadget detector as a way to warn about possible constructs or compiler implementations that cou…
-
hello world :)
im trying to add mips support so that i can use this jailbreak on actual hardware and i was wondering if anyone else was looking at this? I've been looking at some of the mips ROP ga…
-
https://kazma.tw/2023/12/12/Yuawn-Pwn2-rop-Writeup/?
rop雖然有附 source,但我們假裝沒有 XD。來用 r2 看一下 main: 看到一個 0x30 的 buffer,用 gets 去讀,那我們就 rop 開一個 shell。用以下的指令來搜集需要的 gadget: 12ROPgadget --binary ./rop --onl…
-
* [ ] tab to toggle cursor from list of rops to ropchain to delete/move the gadgets from the ropchain list
* [ ] support browsing the rop gadget classifications
* [ ] support to save/restore ropchai…
-
Hello,
I'd like pwntools to generate ROP-code for aarch64. Since in my binaries, there are nearly no usable gadets, it'd like to jump to the middle of some functions. Since their location can chang…