ARM support for SROP is merged in and you can see the corresponding PR here.
This week I've been working on adding in support for SROP on MIPS(and mipsel). It was simpler compared to ARM as there weren't any specific flag checks. If you had the offsets correct, you could simply set the registers as you wanted and set the rest to "\x00". This was my first time working with MIPS and it was sort of interesting. The syscall number is passed in the register v0 and arguments in a0, a1 ... a3. There is a "ra" register which is pretty much the same as the "lr" register on ARM.
The pull request for SROP on MIPS can be found here. You'll notice that the registers have a "JUNK" value between them and this becomes clearer when you inspect the kernel source here. The register values go inside the "sc_regs[32]" whose type is "unsigned long long", implying that the sigreturn frames for MIPS 64 and MIPS 32 are the same. This makes sense when you see that the ABI for MIPS 32 and MIPS 64 are pretty much the same(they only seem to differ in how the 5th and 6th arguments are passed to the system call; see here) which is not the case with x86 and x64.
When you're setting up the network connection with QEMU, make sure the interface that brings in your internet connection does not have an ip but the interface that acts as the bridged connection has that ip instead.
This week I've been working on adding in support for SROP on MIPS(and mipsel). It was simpler compared to ARM as there weren't any specific flag checks. If you had the offsets correct, you could simply set the registers as you wanted and set the rest to "\x00". This was my first time working with MIPS and it was sort of interesting. The syscall number is passed in the register v0 and arguments in a0, a1 ... a3. There is a "ra" register which is pretty much the same as the "lr" register on ARM.
The pull request for SROP on MIPS can be found here. You'll notice that the registers have a "JUNK" value between them and this becomes clearer when you inspect the kernel source here. The register values go inside the "sc_regs[32]" whose type is "unsigned long long", implying that the sigreturn frames for MIPS 64 and MIPS 32 are the same. This makes sense when you see that the ABI for MIPS 32 and MIPS 64 are pretty much the same(they only seem to differ in how the 5th and 6th arguments are passed to the system call; see here) which is not the case with x86 and x64.
When you're setting up the network connection with QEMU, make sure the interface that brings in your internet connection does not have an ip but the interface that acts as the bridged connection has that ip instead.
