Automatic ROP gadgets chaining for ARM

Question

Automatic ROP gadgets chaining for ARM

Closed this issue 4 years ago · 4 comments

Dear whom it may concern,

I am a PhD student on Software engineering. I am working on the recognition of ROP attacks on ARM board for IoT applications. I have tried to generate an automatic ROP gadgets chaining but I didn't get a solution with ROPgadget tool !!

So It would be my pleasure if I could contribute to the releases for your tool.
Can someone please how can I proceed ??

Best regards

Answer 1 · 2020-07-02T12:49:13.000Z

Hi!

ROPgadget is mostly a gadget finding tool. It uses quite a straightforward way to generate chains (regex pattern matching). You can try advanced ROP chaining tools which generate more chains. Also, you can start with references list in this paper (we are currently translating it into English).

Answer 2 · 2020-07-02T12:59:01.000Z

Hi !!
Thank you for your reply. I have tried many tools (Exrop, nROP, ROPium, ROPeme, Ropper, BarfROP ...) !! There is no tool for automatically generating rop chains on the ARM architecture.

Answer 3 · 2020-07-02T13:07:02.000Z

You can try roper. Also, it can be easily supported in angrop -- you just need to find a syscall gadget. ROPium is going to extend to ARM soon. Exrop is based on Triton which supports ARM. The thing I am trying to say that it is better to support ARM in more complex tools than ROPgadget. If you really want it in ROPgadget you can start a PR from here.

Answer 4 · 2020-07-02T14:08:31.000Z

Thank you for your response !!