ROPSHELL 
ropshell> use 948a48c7414eb0970f6841b0461f589c (download)
name         : libc.so.6 (arm/ELF)
base address : 0x15f30
total gadgets: 5253

ropshell> suggest "write mem"
> 0x00104c82 : str r4, [r0]; pop {r4, r5, r6, pc}
> 0x00064c02 : str r3, [r1]; pop {r4, pc}
> 0x0002bd0a : str ip, [r1]; pop {r4, pc}
> 0x000d0a5e : str r0, [r2]; pop {r4, pc}
> 0x00065c4e : str r3, [r2]; pop {r4, pc}
> 0x0007892e : str r4, [r2]; pop {r4, r5, r6, pc}
> 0x0005fdf6 : str r5, [r2]; pop {r4, r5, r6, pc}
> 0x000cb22a : str lr, [r2]; pop {r7, pc}
> 0x000cca2a : str r0, [r3]; pop {r4, pc}
> 0x000618a6 : str r1, [r3]; pop {r4, pc}
> 0x00077c12 : str r2, [r3]; pop {r4, pc}
> 0x000d4e82 : str r4, [r3]; pop {r4, pc}
> 0x000de9aa : str r6, [r3]; pop {r4, r5, r6, pc}
> 0x000f7462 : str r0, [r4]; pop {r4, pc}
> 0x00061d6e : str r1, [r4]; pop {r4, pc}
> 0x0006bdca : str r3, [r4]; pop {r4, pc}
> 0x000f54e6 : str r3, [r5]; pop {r4, r5, r6, pc}
> 0x000ef736 : str r4, [r5]; pop {r4, r5, r6, pc}
> 0x0007fbe2 : str ip, [r5]; pop {r4, r5, pc}
> 0x00075bbe : str r3, [r6]; pop {r4, r5, r6, pc}
> 0x0007b44a : str r4, [r6]; pop {r4, r5, r6, pc}
> 0x000247e2 : str r2, [r0, r3]; pop {r4, pc}
> 0x000ee69a : str r5, [r0, r3]; pop {r4, r5, r6, pc}
> 0x000d539a : strhne r2, [r1, r3]; pop {r4, r5, pc}
> 0x000c788a : str r6, [r4, r3]; pop {r4, r5, r6, pc}
> 0x000160ae : str r1, [r0]; mov r0, r3; pop {r4, r5, r6, pc}
> 0x000799de : str r3, [r0, #0x10]; pop {r4, r5, r6, r7, pc}
> 0x0005b052 : str ip, [r0]; mov r0, r2; pop {r4, r5, r6, pc}
> 0x000d0ab6 : strge lr, [r1, #4]; pop {r4, pc}
> 0x0007890a : str r1, [r2]; mov r0, r3; pop {r4, r5, r6, pc}
> 0x000aa4a6 : str r7, [r2, #0x20]; pop {r4, r5, r6, r7, pc}
> 0x000618e2 : str ip, [r3, #0x20]; pop {r4, pc}
> 0x000f9f72 : str lr, [r3, #0x10]; pop {r4, pc}
> 0x000b72d6 : str r5, [r4, #0x14]; pop {r4, r5, r6, pc}
> 0x000755f2 : str r0, [r5]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x00080562 : str r0, [r6]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x00079b3a : str lr, [ip, #-4]; pop {r4, pc}
> 0x00101af6 : strh r3, [lr, #4]; pop {r4, r5, r6, pc}
> 0x00015fb2 : str r4, [r1]; str r3, [r2]; pop {r4, r5, r6, pc}
> 0x000a95d6 : str r5, [r1, r3, lsl #2]; pop {r4, r5, r6, pc}
> 0x0003d55e : str ip, [r2]; mov r0, #2; pop {r4, r5, pc}
> 0x000bd592 : str ip, [r4]; mov r0, #0; pop {r4, r5, r6, pc}
> 0x0003bfde : str lr, [r5, r2, lsl #2]; pop {r4, r5, r6, pc}
> 0x0002bce6 : str r0, [r1]; and r0, r0, #0x80000000; pop {r4, pc}
> 0x00063bfa : str r2, [r4]; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x000f97ca : str r2, [r5, #0x2c]; mov r0, r3; pop {r4, r5, r6, pc}
> 0x0008b472 : str r1, [r6]; add sp, sp, #0x10; pop {r4, r5, r6, pc}
> 0x00104792 : str r3, [r7]; add sp, sp, #0xc; pop {r4, r5, r6, r7, pc}
> 0x0010a5fe : str r6, [r7]; add sp, sp, #0xc; pop {r4, r5, r6, r7, pc}
> 0x00025d2a : str r2, [fp, #-0x3c]; blx r1
> 0x00026dda : str r3, [fp, #-0x50]; blx r2
> 0x000d0a5a : str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x00101af2 : str r4, [lr]; strh r3, [lr, #4]; pop {r4, r5, r6, pc}
> 0x000f6f9e : str r8, [r5, #0xc]; mov r0, r4; blx r3
> 0x00102a9e : str r5, [r6, #8]; mov r0, r8; blx r3
> 0x000f8d61 : str r4, [r7, #0x18]; movs r4, r0; blx lr
> 0x0008cd66 : str r4, [r8]; mov r1, r7; mov r0, r8; blx r6
> 0x000df84a : str r0, [fp, #-0x40]; mov r0, r4; blx r5
> 0x000ca85a : str r6, [r0, r2]; mov r0, r3; add sp, sp, #0x4c; pop {r4, r5, r6, r7, pc}
> 0x0009daa2 : str r7, [r0, r3]; mov r0, r4; add sp, sp, #0xc; pop {r4, r5, r6, r7, pc}
> 0x0007721a : streq r6, [r5]; streq r2, [r5, #4]; mov r0, r3; pop {r4, r5, r6, pc}
> 0x0002ac42 : str r2, [r6]; str r3, [r5]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x000c123e : str r4, [ip, #4]; str r3, [r5, #4]; pop {r4, r5, r6, pc}
> 0x000df0fa : str r1, [fp, #-0x40]; mov r0, r8; mov r1, r5; blx r3
> 0x000d2fee : str r2, [lr, #4]; mov r0, r3; add sp, sp, #0x20; pop {r4, r5, r7, pc}
> 0x000f5306 : str r3, [ip]; str r3, [r0]; str r3, [r1]; str r3, [r2]; pop {r4, pc}
> 0x00098716 : str lr, [r4, #0xc]; str r2, [r4, #0x10]; add sp, sp, #0x80; pop {r4, r5, r6, pc}
> 0x00109bbe : str r5, [r3, #0xc]; strh r1, [r3, #0x10]; mov r0, r2; add sp, sp, #8; pop {r4, r5, r7, pc}
> 0x00098a25 : str r0, [r7, #0x68]; movs r2, r1; str r0, [r3, #0x68]; movs r2, r1; blx lr
> 0x00100aa1 : strh r5, [r7, #0x34]; movs r1, r0; ldr r0, [pc, #0x370]; movs r2, r0; blx sp
> 0x001016ae : streq r3, [sl]; ldr r3, [r5, #4]; mov r0, r5; ldr r3, [r3, #0x10]; blx r3
> 0x000ab0be : str r5, [ip, #0x20]; strne r0, [r2]; cmp r3, #0; strne r0, [r3]; add sp, sp, #0x10; pop {r4, r5, r6, pc}
> 0x000cb01e : str r7, [r4, #0x18]; str ip, [r4, #0x1c]; str r2, [r4, #0x24]; add sp, sp, #0x4c; pop {r4, r5, r6, r7, pc}
> 0x000c330e : strheq fp, [r7], -ip; str r7, [sp, #-4]!; mov r7, #6; svc #0; pop {r7}; cmn r0, #0x1000; bxlo lr
> 0x0006663a : str r1, [r5, #0x10]; str r2, [r5, #0x14]; str r3, [r5, #0x18]; str r3, [r4, #0xc]; pop {r4, r5, r6, pc}
> 0x000d35ae : strheq lr, [r6], -r8; str r7, [sp, #-4]!; ldr r7, [pc, #0x10]; svc #0; pop {r7}; cmn r0, #0x1000; bxlo lr
> 0x0010bbba : str r2, [r7, #0xc]; str r3, [r7, #8]; add r0, r6, #0x4c0; add r0, r0, #4; ldr r3, [r6, #0x7f4]; blx r3

© 2014 - 2019 - Powered by ROPEME | Contact