Updates upto 5th May 2015 - SROP support added in!
So far I've been working on adding in SROP support to binjitsu for the x86 and x64 platforms and its been merged with the main branch. You can see the code here!If you wish to use binjitsu to create an...
View ArticleUpto May 13th - Integrating SROP with ROP
I've been working on the integration of SROP into ROP and its done! You can view the pull request here.Right now, if you use ROP to call a function that is unresolvable, but has a corresponding...
View ArticleSROP demo examples
This week I've been working on writing 2 demo examples for demonstrating how you can use SROP with binjitsu. I've also done a bit of work on the ARM end. I've been testing on an RPi and so far I've...
View ArticleWeekly update on SROP integration
This week I worked on fixing the examples at the pull request and improving them based on feedback.Spent some time trying to investigate why the r0 load fails after the sigreturn call. I tried using...
View ArticleJune 5th update : SROP on ARM
I just got SROP working on ARM and I've uploaded a PoC on a temporary bitbucket repository. I mention in my earlier blogposts how I've been running into problems with loading r0 when running the...
View ArticleOABI and EABI - notes
I thought I'd document whatever I learnt last week about the OABI and the EABI ARM system call application binary interfaces. As you probably know, the ABI describes, amongst other things, how the...
View ArticleSROP support for ARM merged in, MIPS pending
ARM support for SROP is merged in and you can see the corresponding PR here.This week I've been working on adding in support for SROP on MIPS(and mipsel). It was simpler compared to ARM as there...
View ArticleMIPS SROP support
Over the past week I've been working on getting SROP to work on MIPS and MIPSel. It was quite interesting as using MIPS and MIPSel introduced a new set of requirements in.1. The SROP registers in MIPS...
View ArticleMIPS and MIPSel now in, doctests added
I was travelling for the most part of last week, and thats why this post is coming out a bit late. Right now we have doctests for ARM, MIPS and MIPSel added in, and srop.py has been changed to use an...
View ArticleTests for AMD64 and aarch64
This week I've been working on adding an integration test into srop.py for AMD64. You can see the merged PR here. Writing an integration test involves writing mako templates for read and sigreturn.I've...
View ArticleSetting up Aarch64 and QEMU
This is a short quick post on how I set up Aarch64 with a NAT connection.For the most part, the process is similar to what is described here and here. Here is the command line I ended up using to start...
View ArticleAarch64 SROP support completed
I just added in Aarch64 support for pwntools. There is no sys_sigreturn in Aarch64, instead there is a sys_rt_sigreturn implementation. In a lot of ways writing the SROP frame was similar to my ARM...
View ArticleIntegration tests complete for arm, mips and mipsel + ppc initial commit
This week I worked on getting the integration tests for ARM, MIPS and MIPSel merged in. Additionally I've set up the qemu image for working with powerpc(big endian). The image I'm using can be from...
View ArticlePowerPC support added in
I just added in support for PPC-srop. You can see the pull request here. The doctest is skipped as the current version of qemu-user segfaults when the test is run. If you try debugging the integration...
View Article
