ROPSHELL 
ropshell> use b7f8fd5f3c6631031d7297b64179b84d (download)
name         : libc-2.13.so (arm/ELF)
base address : 0x154a0
total gadgets: 4829

ropshell> suggest "write mem"
> 0x000cc60a : streq r1, [r0]; bxeq lr
> 0x00062d86 : str r3, [r0]; bx lr
> 0x000bd1a2 : str r3, [r1]; bx lr
> 0x0006a202 : str r3, [r2]; bx lr
> 0x0007fd86 : str r1, [r3]; bxeq lr
> 0x000624c2 : streq r2, [r3]; bx lr
> 0x000d17b6 : str r0, [r1, r3]; bx lr
> 0x000786f6 : streq ip, [r0, #0x1c]; bxeq lr
> 0x0006a38a : str r2, [r1, #4]; bx lr
> 0x000add22 : str r0, [r2]; mov r0, r3; bx lr
> 0x000f7952 : str r0, [r3, #4]; bx lr
> 0x0006a0b2 : str r3, [r4]; pop {r4, lr}; bx lr
> 0x0007f6fa : str r5, [ip]; pop {r4, r5}; bx lr
> 0x00020d82 : str r2, [r5, r4]; movne lr, pc; bxne r3
> 0x000f7986 : str r3, [ip]; mov r0, #1; bx lr
> 0x000c8a56 : str r2, [r0]; mov r0, #0; pop {lr}; bx lr
> 0x000fec26 : str r4, [r0, #0x14]; ldm sp!, {r4}; bx lr
> 0x0007854e : str r4, [r3, #0x20]; ldm sp!, {r4}; bx lr
> 0x000f4be6 : str r5, [r4]; pop {r4, r5, r6, lr}; bx lr
> 0x0007af1a : str r3, [r6]; pop {r4, r5, r6, lr}; bx lr
> 0x0010b346 : str lr, [fp, #-0x38]; mov lr, pc; bx sb
> 0x000209ee : str sl, [r2, r6, lsl #2]; movne lr, pc; bxne r3
> 0x000f71fa : str r0, [r4, r2]; movne r0, r5; movne lr, pc; bxne r3
> 0x000d3e5a : str r6, [r4, r5]; pop {r4, r5, r6, lr}; bx lr
> 0x000e0c59 : str r4, [r6, #0x48]; movs r5, r0; blx lr
> 0x000fe1c6 : str r2, [ip]; mov r0, #1; pop {r4, r5}; bx lr
> 0x0008cf1e : str r7, [r4]; mov r0, r4; mov r1, sl; mov lr, pc; bx r8
> 0x0007f746 : strne r0, [r5]; mov r0, r4; pop {r4, r5, r6, lr}; bx lr
> 0x00074286 : str r3, [r5, #0xc]; pop {r4, r5, r6, lr}; bx lr
> 0x000aee72 : str r4, [r5, #0x10]; pop {r4, r5, r6, lr}; bx lr
> 0x000183fe : str r7, [r5]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000ddcb6 : str lr, [r5, #0x1c]; mov r2, r5; mov lr, pc; bx ip
> 0x00080372 : str r0, [r6]; mov r0, r4; pop {r4, r5, r6, lr}; bx lr
> 0x000772e2 : str r1, [r6]; mov r0, r4; pop {r4, r5, r6, lr}; bx lr
> 0x0007b102 : str r8, [r6]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x00098dd6 : strne r8, [r7]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0007864e : str r4, [ip, #0x10]; pop {r4, r5, r6, r7, r8}; bx lr
> 0x000cccd6 : str r6, [r5, #4]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000dc5ea : strne r3, [r7, #0xc]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000192b6 : str r0, [r8, #4]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000aecea : str r3, [r8, #0x7c]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0008d546 : str r6, [r0, #-8]!; ldr r1, [sp, #4]; mov lr, pc; bx r2
> 0x000b02b2 : str r5, [r3, r0, lsl #2]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0007725a : str r1, [r4, r7]; mov r0, r5; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000af3fe : str r2, [r4, #4]; mov r0, #1; pop {r4, r5, r6, lr}; bx lr
> 0x000ed289 : strh pc, [r4, #0xfe]!; lsls r0, r0, #3; movs r0, r0; blx lr
> 0x0002e76a : str r0, [r7]; mov r0, #2; pop {r4, r5, r6, r7, fp, lr}; bx lr
> 0x0007adfe : str r6, [r8]; mov r0, #0; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000e21d6 : str r7, [r3, #0x2c]; mov r0, r4; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0005c4ba : str r8, [r4]; pop {r4, r5, r6, r7, r8, lr}; add sp, sp, #8; bx lr
> 0x000ae81a : strne r5, [r0]; addeq r0, r0, #0xc; movne r0, #0; pop {r4, r5, r6, lr}; bx lr
> 0x0009a3ca : str r8, [r0, r3]; add sp, sp, #0x10; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0004d822 : streq r6, [r2, #8]; movne r0, #0x10; moveq r0, r3; pop {r4, r5, r6, lr}; bx lr
> 0x000fcbde : str sl, [r6, #8]; mov r0, r7; ldr ip, [r3, #0x14]; mov lr, pc; bx ip
> 0x0010979a : str r4, [r7]; mov r0, r5; add sp, sp, #0xc; pop {r4, r5, r6, r7, lr}; bx lr
> 0x000eb1b6 : str sl, [r8]; add sp, sp, #0x14; pop {r4, r5, r6, r7, r8, sl, lr}; bx lr
> 0x000d02de : str r4, [r1]; str r3, [r2]; mov r0, #1; add sp, sp, #0x10; pop {r4, lr}; bx lr
> 0x000a8e92 : str ip, [r1]; str r2, [r3]; add sp, sp, #0x14; pop {r4, r5, r6, r7, lr}; bx lr
> 0x0006880a : str r1, [r5, #0x50]; str r2, [r5, #0x54]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000293fa : str r5, [r7]; str r3, [r6]; add sp, sp, #0x10; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x00025d5a : str r2, [fp, #-0x78]; add r0, r0, #0x1c; ldr ip, [r4, #0xa0]; mov lr, pc; bx ip
> 0x00099906 : str sl, [r0, r3]; mov r0, r8; add sp, sp, #0xc; pop {r4, r5, r6, r7, r8, sl, lr}; bx lr
> 0x0006368e : str ip, [r3, #0x28]; str r1, [r3, #0x20]; str r2, [r3, #8]; pop {r4, r5}; bx lr
> 0x0006c3f2 : str r7, [r6]; str r5, [r4]; str r3, [ip]; str r0, [r1]; pop {r4, r5, r6, r7, r8}; bx lr
> 0x000f96ae : streq r3, [fp]; mov r0, r5; ldr r3, [r5, #4]; ldr ip, [r3, #0x10]; mov lr, pc; bx ip
> 0x00097c8e : str ip, [r4, #0xc]; str r2, [r4, #8]; mov r0, r3; add sp, sp, #0x80; pop {r4, lr}; bx lr
> 0x000a8e8e : str r6, [r7]; str ip, [r1]; str r2, [r3]; add sp, sp, #0x14; pop {r4, r5, r6, r7, lr}; bx lr
> 0x000ae8b6 : str r7, [r8, #8]; strne r0, [r2]; add sp, sp, #8; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0004d81e : streq r1, [r2, #4]; streq r6, [r2, #8]; movne r0, #0x10; moveq r0, r3; pop {r4, r5, r6, lr}; bx lr
> 0x000e22ca : str r8, [r3, #0x2c]; add r0, r5, #2; add sp, sp, #0x10; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0004fa1e : str ip, [lr, #-0x10c]; ldr r3, [r5, #0x98]; mov r0, r5; ldr ip, [r3, #0x1c]; mov lr, pc; bx ip
> 0x000f80ae : str r2, [r6, #0x24]; str r3, [r6, #0x28]; mov r7, r8; mov r0, r7; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x0006c3ee : str r8, [r2, #0x464]; str r7, [r6]; str r5, [r4]; str r3, [ip]; str r0, [r1]; pop {r4, r5, r6, r7, r8}; bx lr
> 0x0006425e : str r6, [ip, #0x1c]; str r5, [ip, #0x18]; strne r3, [r4, #0x3c]; streq r3, [r4, #0x3c]; pop {r4, r5, r6, r7, r8, lr}; bx lr
> 0x000ae8ae : str r7, [ip, #4]; str r3, [r6, #0x20]; str r7, [r8, #8]; strne r0, [r2]; add sp, sp, #8; pop {r4, r5, r6, r7, r8, lr}; bx lr

© 2014 - 2019 - Powered by ROPEME | Contact