ROPSHELL 
ropshell> use bbb0ac982f9f95b9adf4ead52293dd4b (download)
name         : sm.raw (arm/RAW)
base address : 0x0
total gadgets: 265

ropshell> suggest
jmpcall
    > 0x00000070 : bx ip
    > 0x0000003c : bx lr
    > 0x00000934 : blx r0
    > 0x0000035c : blx r1
    > 0x00000089 : blx r6
load mem
    > 0x000003ee : ldr r0, [fp, #0x398]; blx r1
    > 0x00000e8e : ldr r0, [pc, #8]; add r0, pc, r0; pop {r4, pc}
    > 0x0000114e : ldrhs r3, [r1], #4; strhs r3, [r0], #4; bxeq lr
    > 0x00003aaa : ldr r1, [pc, #0x31c]; stm r4, {r1, r2}; add sp, sp, #0xc; pop {r4, r5, pc}
    > 0x000003ea : ldr r1, [r0, r1, lsl #2]; ldr r0, [fp, #0x398]; blx r1
pop pop ret
    > 0x00001ed0 : pop {r1, pc}
    > 0x00000abc : pop {r4, r5, pc}
    > 0x00000ff4 : pop {r3, r4, r5, pc}
    > 0x00000095 : pop {r4, r5, r6, r7, pc}
    > 0x00001a0c : pop {r3, r4, r5, r6, r7, pc}
syscall
    > 0x000014da : svc #0x3c; bx lr
write mem
    > 0x00000ff2 : strge r0, [r4]; pop {r3, r4, r5, pc}
    > 0x000012f6 : str r5, [r4]; pop {r4, r5, r6, pc}
    > 0x00000ce6 : strh r1, [ip]; pop {r4, r5, r6, pc}
    > 0x00001722 : strh r1, [r2]; bx lr
    > 0x00000e42 : str r0, [r1, #4]; pop {r4, r5, r6, pc}

© 2014 - 2019 - Powered by ROPEME | Contact