ropshell> use 948a48c7414eb0970f6841b0461f589c (download)
name : libc.so.6 (arm/ELF)
base address : 0x15f30
total gadgets: 5253
ropshell> suggest "load mem"
> 0x00061ef6 : ldr r0, [r2]; pop {r4, pc}
> 0x00061b5e : ldrne r0, [r3]; pop {r4, pc}
> 0x000163b6 : ldr r0, [r4, #4]; pop {r4, r5, r6, pc}
> 0x000ad6b6 : ldr r0, [r5, #0x3c]; pop {r4, r5, r6, pc}
> 0x000e1226 : ldr r6, [r5]; blx r7
> 0x000f54e2 : ldreq r3, [r4]; str r3, [r5]; pop {r4, r5, r6, pc}
> 0x000cb226 : ldr r2, [r1, r2]; str lr, [r2]; pop {r7, pc}
> 0x00080596 : ldr ip, [r1]; cmp ip, #0; bxeq lr
> 0x00062636 : ldr r7, [r4, #0x18]; blx r3
> 0x0009082a : ldr r2, [r5, r2]; str r3, [r2]; pop {r4, r5, r6, pc}
> 0x00077f19 : ldrh r0, [r6, #0x10]; movs r4, r1; pop {r2, r4, r5, r6, pc}
> 0x000d2802 : ldr r3, [r6, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x00062f26 : ldr ip, [r6, #0xc]; blx ip
> 0x0002df36 : ldr r0, [r7]; mov r2, sl; blx sb
> 0x0010c2b6 : ldr r0, [r8, #0x40]; blx r4
> 0x000dfd1e : ldr r3, [ip]; eor r3, r3, r2; bx r3
> 0x000a17ea : ldr r0, [fp, #-0x114]; blx r3
> 0x000a1bde : ldr r1, [fp, #-0x118]; blx r3
> 0x00100b66 : ldr r4, [lr]; mov r0, ip; blx r4
> 0x00087add : ldr r6, [pc, #0x200]; movs r1, r1; pop {r2, r4, r5, r6, r7, pc}
> 0x000695fd : ldrh r4, [r5, r4]; movs r5, r1; blx lr
> 0x000e03b2 : ldr r3, [lr]; pop {lr}; eor r3, r3, ip; bx r3
> 0x00023a86 : ldr r0, [pc, #0x154]; add r0, pc, r0; pop {r4, pc}
> 0x000247de : ldr r3, [pc, r3]; str r2, [r0, r3]; pop {r4, pc}
> 0x000b90ba : ldr r0, [r1, #0x14]; add sp, sp, #0x24; pop {r4, r5, r6, r7, pc}
> 0x00063c06 : ldr r3, [r2]; mov r0, r3; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x000db89e : ldr ip, [r2, #0x14]; cmp ip, #0; bxeq lr
> 0x000f7caa : ldr r1, [r5, #0x10]; mov r0, r4; blx r3
> 0x00062b62 : ldr r7, [r5, #0xc]; mov r0, r5; blx r7
> 0x000da121 : ldr r4, [r6, #0x74]; movs r6, r0; blx lr
> 0x00063ade : ldr r5, [r6, #4]; mov r0, r6; blx r5
> 0x00076c9a : ldr r3, [r7, r3]; ldr r3, [r3]; blx r3
> 0x0006e992 : ldr r4, [r7, r3]; ldr r3, [r4]; blx r3
> 0x00063436 : ldr r3, [r8, #0x10]; mov r0, r8; blx r3
> 0x0006266a : ldr r3, [fp, #0xa4]; mov r0, r7; blx r3
> 0x0010c566 : ldr r4, [r8, #0x200]; mov r2, #0; blx r4
> 0x0010c3f6 : ldr r5, [r8, #0x200]; add r3, pc, r3; blx r5
> 0x000b8f12 : ldr r1, [pc, r1]; str r3, [r0, r1]; mov r0, r2; pop {r7, pc}
> 0x00063e9e : ldr r2, [pc, r2]; str ip, [r0, r2]; mov r0, r1; pop {r4, r5, r6, pc}
> 0x00039f12 : ldr r4, [pc, #0x1c]; add r4, pc, r4; mov r0, r4; pop {r4, pc}
> 0x0006858a : ldr r7, [r2, #0x1c]; mov r0, r3; mov r2, r6; blx r7
> 0x000e9a7a : ldr r2, [r4, r2]; str r3, [r2]; add sp, sp, #0x6c; pop {r4, r5, r6, r7, pc}
> 0x0005c8ea : ldr r0, [ip, #0xa0]; mov r4, ip; mov r5, r2; blx r3
> 0x00024d8e : ldrsheq sl, [r1], -r8; add r3, r0, #0x80; cmp r3, #0x180; bxhs lr
> 0x00062b06 : ldr r2, [r3, #4]; str r2, [r3]; add sp, sp, #0x1c; pop {r4, r5, r6, r7, pc}
> 0x0010c026 : ldr r4, [r3, #4]; add r0, r0, r4; add sp, sp, #0x10; pop {r4, pc}
> 0x0002f296 : ldr ip, [r3, ip]; ldr ip, [ip]; eor r8, r8, ip; blx r8
> 0x0006ce56 : ldr sl, [r4, #0x18]; str r2, [sp, #4]; blx r3
> 0x00101a9e : ldr r3, [r5]; add r0, r0, r3, lsl #3; strh r2, [r0, #-4]; pop {r4, r5, r6, pc}
> 0x00063622 : ldr r6, [r4, #0x58]; ldr r3, [r6, #0x10]; mov r0, r6; blx r3
> 0x00063432 : ldr r8, [r4, #0x58]; ldr r3, [r8, #0x10]; mov r0, r8; blx r3
> 0x0003ab4e : ldr lr, [r4, #0x58]; ldr r4, [r4, #0x30]; mov r0, #0; bx lr
> 0x00087ad9 : ldr r5, [pc, #0x350]; movs r1, r1; ldr r6, [pc, #0x200]; movs r1, r1; pop {r2, r4, r5, r6, r7, pc}
> 0x0009b6e1 : ldrh r4, [r1, #0x26]; movs r0, r1; strh r4, [r4, r6]; movs r2, r1; blx lr
> 0x000f78ee : ldr r6, [r2]; ldr r2, [pc, #0x140]; mov r0, r5; add r2, pc, r2; blx r6
> 0x00026da2 : ldr r2, [r6]; add r0, pc, r0; eor r2, r2, r1; add r0, r0, #0x1c; blx r2
> 0x0002198e : ldr r2, [sl, #0xa8]; ldr r3, [r3]; mov r0, fp; eor r3, r3, r2; blx r3
> 0x000c499a : ldr r5, [r4, #0x24]; add r3, r4, #0x14; ldr r0, [r4, #0xc]; blx r5
> 0x000247d6 : ldr lr, [pc, lr]; str r1, [r0, lr]; ldr r3, [pc, r3]; str r2, [r0, r3]; pop {r4, pc}
> 0x00100ff6 : ldr r4, [r2]; ldr r2, [pc, #0x50]; mov r3, r6; add r2, pc, r2; mov r0, r7; blx r4
> 0x0010c0ca : ldr r6, [lr, #0x208]; str r5, [sp, #0xc]; str r5, [sp, #4]; blx r6
> 0x000675a6 : ldr r1, [r3]; ldr r2, [r3, #0xc]; str r1, [r3, #4]; str r2, [r3, #0x10]; pop {r4, pc}
> 0x00097c52 : ldr r7, [pc, #0x28]; svc #0; cmn r0, #0x1000; movhi r3, #0; movls r3, #1; mov r0, r3; pop {r4, r5, r7, pc}
> 0x0003d5c6 : ldr r4, [r0]; orr r3, r3, r2, lsl #12; ror r5, r3, #0xc; mov r0, r4; mov r1, r5; pop {r4, r5}; bx lr
> 0x000cdb7a : ldrne r2, [r0]; str r0, [r4, #4]; orrne r2, r2, #0x8000; movne r0, #1; strne r2, [r3]; moveq r0, r3; pop {r4, pc}
> 0x00016d26 : ldr r5, [r2, r3]; add r4, pc, r4; ldr r2, [r4, #0xc8]; ldr r3, [r5]; eor r3, r3, r2; blx r3
> 0x000fe4fa : ldr lr, [r2, #0xc]; mov r0, r1; ldr r2, [r3, #0x1ac]; add r1, r3, #0x1c; mov r3, lr; pop {lr}; bx r3
> 0x00026fa6 : ldr r2, [r7, #0xa8]; ldr r3, [r6]; add r0, pc, r0; eor r3, r3, r2; add r0, r0, #0x1c; blx r3
> 0x000e03a6 : ldr lr, [ip, lr]; add r3, pc, r3; ldr ip, [r3, #0x50]; ldr r3, [lr]; pop {lr}; eor r3, r3, ip; bx r3
> 0x0006361a : ldr r5, [r3, #0x28]; mov fp, sl; ldr r6, [r4, #0x58]; ldr r3, [r6, #0x10]; mov r0, r6; blx r3
> 0x000df176 : ldr ip, [r7, #-8]; mov r1, r8; str r0, [fp, #-0x4c]; str ip, [fp, #-0x40]; mov r0, r4; blx r3
> 0x000df296 : ldr ip, [r8, #-8]; mov r1, r7; str r0, [fp, #-0x4c]; str ip, [fp, #-0x40]; mov r0, r4; blx r3
> 0x000402fa : ldr r3, [sl, #0x98]; ldr r1, [fp, #-0x450]; ldr r3, [r3, #0x1c]; mov r2, r4; mov r0, sl; blx r3
> 0x00025d1a : ldr ip, [r0, #0xa8]; mov r0, r2; eor r1, r1, ip; str r3, [fp, #-0x40]; str r2, [fp, #-0x3c]; blx r1
> 0x0006a52a : ldr r8, [r5, r2]; stm sp, {r0, ip}; mov r2, #0; ldr r1, [r3, #0x24]; mov r0, r4; mov r3, #0; blx r1
> 0x0002745a : ldr r1, [r6, r2]; add r3, pc, r3; ldr r2, [r3, #0xa8]; ldr r3, [r1]; mov r0, fp; eor r3, r3, r2; blx r3
> 0x0010ce6e : ldr r1, [ip, r2]; add r3, pc, r3; ldr r2, [r3, #0xc4]; ldr r3, [r1]; mov r0, lr; eor r3, r3, r2; blx r3
> 0x0010bf12 : ldr r4, [ip, #0x1fc]; str r1, [sp]; add r2, sp, #0xf; add r1, sp, #0x14; add r0, sp, #0x10; blx r4
> 0x0010c37a : ldr r2, [fp, #-0x5c]; ldr r1, [fp, #-0x54]; str r2, [sp]; ldr r0, [fp, #-0x58]; mov r2, r6; blx r4
> 0x000a95c6 : ldr r1, [r0, #8]; add r2, r3, #1; str r2, [r4, #4]; mov r0, #1; str r5, [r1, r3, lsl #2]; pop {r4, r5, r6, pc}
> 0x000d0a4e : ldr r3, [r0, #8]; str r1, [r0, #4]; str r3, [lr, #4]; str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x00017042 : ldr ip, [pc, #0x30]; ldr r3, [r4, ip]; ldr r3, [r3]; eor r3, r3, lr; add sp, sp, #0x14; pop {r4, r5, lr}; bx r3
> 0x000d53a2 : ldr r1, [r2, #0xc]; ldr r2, [r1, r3, lsl #2]; cmn r2, #1; addne r2, r2, #1; strne r2, [r1, r3, lsl #2]; pop {r4, r5, pc}
> 0x000d0aa6 : ldrge r3, [r1, #4]; strlt r3, [lr, #4]; strge r3, [lr, #8]; strlt lr, [r1, #8]; strge lr, [r1, #4]; pop {r4, pc}
> 0x0002f50a : ldr ip, [r5, #0xc]; ldr r2, [r5]; ldr r3, [r7]; str ip, [r0, r1]; eor r3, r3, r2; ldr r0, [r5, #4]; blx r3
> 0x00063616 : ldr sl, [r3, #0x20]; ldr r5, [r3, #0x28]; mov fp, sl; ldr r6, [r4, #0x58]; ldr r3, [r6, #0x10]; mov r0, r6; blx r3
> 0x0004180e : ldr r5, [fp, #-0x498]; ldr r3, [r7, #0x98]; ldr r1, [fp, #-0x46c]; ldr r3, [r3, #0x1c]; mov r2, r5; mov r0, r7; blx r3
> 0x0004194a : ldr r6, [fp, #-0x498]; ldr r3, [r7, #0x98]; mov r2, r6; ldr r1, [fp, #-0x46c]; ldr r3, [r3, #0x1c]; mov r0, r7; blx r3
> 0x0010494a : ldrne r1, [r4, #0x14]; str r0, [r4, #0xc]; addne r1, r1, r5; streq r0, [r4, #0x10]; strne r5, [r4, #0x10]; strne r1, [r4, #0x14]; pop {r4, r5, r6, pc}