search

JonathanSalwan / ROPgadget

This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF, PE and Mach-O format on x86, x64, ARM, ARM64, PowerPC, SPARC, MIPS, RISC-V 64, and RISC-V Compressed architectures.
Other
3.97k stars 557 forks source link

Generated ROPchain code not compatible with Python3 `str` #179

Closed chinggg closed 2 years ago

chinggg commented 2 years ago

Thanks for making this great tool and keep maintaining it to support Python3! However, I find some part of code that ROPMaker generate is still "Python2-style". To be specific, quoted string has type of str in Python3, but bytes in Python2. So users have to use Python2 or modify the code to run it.

eg.

## - Step 5 -- Build the ROP chain
#!/usr/bin/env python
# execve generated by ROPgadget

from struct import pack

# Padding goes here
p = ''

p += pack('<I', 0x0806f34a) # pop edx ; ret
p += pack('<I', 0x080ea060) # @ .data
p += pack('<I', 0x080bb496) # pop eax ; ret
p += '/bin'

should be changed to

# Padding goes here
p = b''

p += pack('<I', 0x0806f34a) # pop edx ; ret
p += pack('<I', 0x080ea060) # @ .data
p += pack('<I', 0x080bb496) # pop eax ; ret
p += b'/bin'
SweetVishnya commented 2 years ago

I upgraded ROPMaker to Python3.