Changelog rop-tool v2.3 (2015-06-01):
– New command : ‘disassemble’
– Fix bug when handling RAW mode for gadgets
– Handle ARM and ARM64 architectures
– Handle ELF symbols and sections
– libheap.so is now added staticly to binary
– New options for ‘info’ command : –all, –syms, –sections, –segments
– Some improvments in libheap.so
– Fix some bugs
ropc is A tool to help you writing binary exploits.
Example ropc :
A tool to help you writing binary exploits
FEATURES :
+ String searching, Gadget searching
+ Colored output
+ Intel and AT&T flavor
+ Support of ELF and PE binary format
+ Support of big and little endian
+ Support of x86 and x86_64 architecture
Usage :
Usage: rop <cmd> [OPTIONS] Commands : gadget Search gadgets search Search on binary help Print help version Print version Try "ropc help <cmd>" for more informations about a command. Usage : ropc gadget [OPTIONS] [FILENAME] OPTIONS: --arch, -A Select an architecture (in raw mode only) --all, -a Print all gadgets --bad, -B [b] Specify bad chars in address --depth, -d [d] Specify the depth for gadget searching (default is 5) --flavor, -f [f] Select a flavor (att or intel) --help, -h Print this help message --no-color, -n Don't colorize output --raw, -r Open file in raw mode (don't considere any file format) Usage : rop search [OPTIONS] [FILENAME] OPTIONS: --all-string, -a [n] Search all printable strings of at least [n] caracteres. (default is 6) --byte, -b [b] Search the byte [b] in binary --bad, -B [b] Specify bad chars in address --dword, -d [d] Search the dword [d] in binary --help, -h Print this help message --no-color, -n Don't colorize output --qword, -q [q] Search the qword [q] in binary --raw, -r Open file in raw mode (don't considere any file format) --split-string, -s [s] Search a string "splited" in memory (which is not contiguous in memory) --string, -S [s] Search a string (a byte sequence) in binary --word, -w [w] Search the word [w] in binary
GADGET COMMAND
Usage : rop-tool gadget [OPTIONS] [FILENAME] OPTIONS: --arch, -A Select an architecture (in raw mode only) --all, -a Print all gadgets (even gadgets which are not uniq) --depth, -d [d] Specify the depth for gadget searching (default is 5) --flavor, -f [f] Select a flavor (att or intel) --no-filter, -F Do not apply some filters on gadgets --help, -h Print this help message --no-color, -n Do not colorize output --raw, -r Open file in raw mode (don't considere any file format)
SEARCH COMMAND
Usage : rop-tool search [OPTIONS] [FILENAME] OPTIONS: --all-string, -a [n] Search all printable strings of at least [n] caracteres. (default is 6) --byte, -b [b] Search the byte [b] in binary --dword, -d [d] Search the dword [d] in binary --help, -h Print this help message --no-color, -n Don't colorize output --qword, -q [q] Search the qword [q] in binary --raw, -r Open file in raw mode (don't considere any file format) --split-string, -s [s] Search a string "splited" in memory (which is not contiguous in memory) --string, -S [s] Search a string (a byte sequence) in binary --word, -w [w] Search the word [w] in binary
PATCH COMMAND
Usage : rop-tool patch [OPTIONS] [FILENAME] OPTIONS: --address, -a [a] Select an address to patch --bytes, -b [b] A byte sequence (e.g. : "\xaa\xbb\xcc") to write --filename, -f [f] Specify the filename --help, -h Print this help message --offset, -o [o] Select an offset to patch (from start of the file) --output, -O [o] Write to an another filename --raw, -r Open file in raw mode
Example Heap Command
HEAP COMMAND Rop-Tool
Download :
rop-tool-2.3.zip
rop-tool-2.3.tar.gz
Source : https://t0x0sh.org/ | Our Post Before