search

JonathanSalwan / ROPgadget

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures.
Other
3.96k stars 557 forks source link

Automatic ROP gadgets chaining for ARM #163

Closed cyriin-llh closed 4 years ago

cyriin-llh commented 4 years ago

Dear whom it may concern,

I am a PhD student on Software engineering. I am working on the recognition of ROP attacks on ARM board for IoT applications. I have tried to generate an automatic ROP gadgets chaining but I didn't get a solution with ROPgadget tool !!

So It would be my pleasure if I could contribute to the releases for your tool. Can someone please how can I proceed ??

Best regards

SweetVishnya commented 4 years ago

Hi!

ROPgadget is mostly a gadget finding tool. It uses quite a straightforward way to generate chains (regex pattern matching). You can try advanced ROP chaining tools which generate more chains. Also, you can start with references list in this paper (we are currently translating it into English).

cyriin-llh commented 4 years ago

Hi !! Thank you for your reply. I have tried many tools (Exrop, nROP, ROPium, ROPeme, Ropper, BarfROP ...) !! There is no tool for automatically generating rop chains on the ARM architecture.

SweetVishnya commented 4 years ago

You can try roper. Also, it can be easily supported in angrop -- you just need to find a syscall gadget. ROPium is going to extend to ARM soon. Exrop is based on Triton which supports ARM. The thing I am trying to say that it is better to support ARM in more complex tools than ROPgadget. If you really want it in ROPgadget you can start a PR from here.

cyriin-llh commented 4 years ago

Thank you for your response !!