Description
This tool lets you search your gadgets on your binaries to facilitate your ROP exploitation. ROPgadget supports ELF/PE/Mach-O format on x86, x64, ARM, PowerPC, SPARC and MIPS architectures. Since the version 5, ROPgadget has a new core which is written in Python using Capstone disassembly framework for the gadgets search engine - The older version can be found in the Archives directory but it will not be maintained.
GitHub https://github.com/JonathanSalwan/ROPgadget
Change Log
v5.3: Fix: some Bugs
Fix: Use segment instead of section to find gadgets
Add: --all option
Add: --multibr option
Add: --offset option
Add: --rawArch option
Add: --rawMode option
Add: pypi setup install
Add: support for Universal binaries on OS X
Add: more console commands
Add: Add ARM64 gadgets
Add: x86_64 ROP chain generation
Add: more x86 branch instructions
Update: design
v5.1: Bug fix: Aligning Instruction
Add: --badbytes option
Add: System gadget for MIPS arch
Fix: JOP PPC
v5.0: Restart from scratch
New core in Python using Capstone Framework
Support ARM, x86, x64, MIPS, Sparc and PowerPC
Suport Mach-O, PE and ELF
Add console mode
v4.0.3: Made searching for gadgets faster by dark-rose
v4.0.2: Bug fix genInstrX86.
Bug fix by cao - comparison in gadget search for gadgets with null character
v4.0.1: Update python3 to python2.
Add new script python to generate gadgets table 32 and 64 bits.
Update default syntax to Intel.
genInstrX86.py: Add severals pop + ret combination
v4.0.0: Addition of 64 bit linux support for ROP exploit generation.
Addition of 64 bit support for ROP gadget searching.
Addition of Windows PE file loading for gadget searching.
Addition of detection of shared libraries and improved code gen for them.
Generation of execve ROP exploits with arbitrary argument vectors.
Payload generation in PHP, C and Perl as well as improved generation for python.
Color disable/enable switch.
Improved user friendliness.
Vastly increased ROP searching speed.
Code restructuring for easing addition of new architectures/platforms.
General refacoring and code friendiness.
v3.4.1: Bug Fix in module importsc with intel syntax
v3.4.0: Feature - Support Att and intel syntax
v3.3.4: Bug Fix - Fake positive (github issue)
v3.3.3: Bug Fix in the supported architecures. (src/check_arch_supported.c)
v3.3.2: Bug Fix (Buffer Overflow - src/check_bind_mode.c)
v3.3.1: Segmentation Fault fixed, on compilation x86 64 bits (src/varop.c)
v3.3: New Core and news features.
How to install
$ git clone -b master git@github.com:JonathanSalwan/ROPgadget.git $ cd ROPgadget $ cd ./dependencies/capstone-next $ ./make.sh $ sudo ./make.sh install $ cd ./bindings/python $ make $ sudo make install
Usage
usage: ROPgadget.py [-h] [-v] [--binary <binary>] [--opcode <opcodes>]
[--string <string>] [--memstr <string>] [--depth <nbyte>]
[--only <key>] [--filter <key>] [--range <start-end>]
[--thumb] [--console] [--norop] [--nojop] [--nosys]
optional arguments:
-h, --help show this help message and exit
-v, --version Display the ROPgadget's version
--binary <binary> Specify a binary filename to analyze
--opcode <opcodes> Searh opcode in executable segment
--string <string> Search string in readable segment
--memstr <string> Search each byte in all readable segment
--depth <nbyte> Depth for search engine (default 10)
--only <key> Only show specific instructions
--filter <key> Suppress specific instructions
--range <start-end> Search between two addresses (0x...-0x...)
--thumb Use the thumb mode for the search engine. (ARM only)
--console Use an interactive console for search engine
--norop Disable ROP search engine
--nojop Disable JOP search engine
--nosys Disable SYS search engine
console commands:
display Display all gadgets
help Display the help
load Load all gadgets
quit Quit the console mode
search Search specific keywords or not
Screenshot
3244
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
