5

I was wondering about since, Ret2Libc attack doesn't works on ARM, and we have to rely on ROP for that. How different is ROP on ARM from the x86 architecture.

Are there any tools, such as mona.py for x86, for ARM? Which would generate me long chains of gadgets.

Also, if there are any resource available online on it (ROP on ARM, or simply ROP, except the corelan one), do point me to that.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Robert Shane
  • 115
  • 2
  • 6

1 Answers1

5

You should look at the BlackHat talk ARM Exploitation ROPmap. In short you can find ROP gadgets with any assembler variant, just the rules are a little different for ARM.

Before tools like mona we used objdump and grep!

rook
  • 46,916
  • 10
  • 92
  • 181
  • Why did your link point to google redirect? – F. Hauri - Give Up GitHub Mar 16 '13 at 10:44
  • @F.Hauri Hasty copy-paste from Google search results, maybe? I used to do this all the time, until [someone pointed me to](http://webapps.stackexchange.com/questions/22291/turning-off-google-search-results-indirection/22339#22339) a [browser](http://userscripts.org/scripts/show/121923) [extension](https://chrome.google.com/webstore/detail/dont-track-me-google/gdbofhhdmcladcmmfjolgndfkpobecpg). – Gilles 'SO- stop being evil' Mar 19 '13 at 17:18