Need help with ropeme?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

packz
130 Stars 41 Forks 4 Commits 0 Opened issues

Description

ROPME is a set of python scripts to generate ROP gadgets and payload.

Services available

!
?

Need anything else?

Contributors list

# 13,827
PHP
cython
skype
command...
2 commits
# 460,715
Shell
C++
C
unix-ph...
1 commit

ROPEME - ROP Exploit Made Easy

Proof-Of-Concept Return-Oriented-Programming automation tool Version: Black Hat USA 2010 - Jul 28, 2010

Copyright (c) 2010 by Long Le Dinh

This file has been released under the GNU GPL version 2 or later.

ROPME is a set of python scripts to generate ROP gadgets and payload.

Requirements

  • Python >=2.6
  • diStorm64 - for disassembly
  • binutils

Usages

  • ropshell.py: interactive ROP shell to generate and search for gadgets

$ ropeme/ropshell.py Simple ROP interactive shell: [generate, load, search] gadgets ROPeMe> help Available commands: type help for detail generate Generate ROP gadgets for binary load Load ROP gadgets from file search Search ROP gadgets shell Run external shell commands ^D Exit

ROPeMe> **

  • ropsearch.py: search for ADD MEM gadgets sequence in binary

$ ropeme/ropsearch.py vuln 4 Searching ROP sequences for binary: vuln Generating gadgets for vuln with backward depth=4 It may take few minutes depends on the depth and file size... Processing code block 1/1 Generated 87 gadgets Found ROP sequences for file vuln:

start

pop ecx ; pop ebx ; leave ;; = 0x8048624

pop ebp ;; = 0x80484b4

add [ebp+0x5b042464] ecx ; pop ebp ;; = 0x80484ae

end

Warning: trailing "leave" found in ROP sequence: [('pop ecx ; pop ebx ; leave ;;', 134514212L), ('pop ebp ;;', 134513844L), ('add [ebp+0x5b042464] ecx ; pop ebp ;;', 134513838L)] **

  • payload.py: sample ROP stage-1 and stage-0 payload generator. See the sample exploit.py for usage.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.