Full Disclosure mailing list archives
Re: Multipath-ROP: Tools available?
From: halfdog <me () halfdog net>
Date: Thu, 21 Jul 2011 17:51:52 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stefan Esser wrote:
Hello,Does someone know about this method? If there are no tools available for that, I would like to create one, that uses markov-chains for library analysis and that should support multiple CPU-archs.As far as I know there are no tools available for this. However I submitted a talk to HITB2011KUL about exactly this technique applied to iPhone exploitation. So there should be a tool for this in October.
Fine. I'm looking forward to that. Funny to have the same idea.
Not only covering exploiting ASLR but also ROP payloads that work against different devices (different library load offset by device class/firmware version).
Ok, I'm thinking to integrate this also. Having just one library at different positions in memory or different libraries should be essentially the same for such an tool. - -- http://www.halfdog.net/ PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFOKGcUxFmThv7tq+4RAuofAJ9/i3fbVkug5eXt429DLmQpJYAC1wCdEeHq 5L65SxnFNzI0XnMx4KT6J+c= =Q+YT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multipath-ROP: Tools available? halfdog (Jul 21)
- Re: Multipath-ROP: Tools available? Stefan Esser (Jul 21)
- Re: Multipath-ROP: Tools available? Dan Rosenberg (Jul 21)
- Re: Multipath-ROP: Tools available? halfdog (Jul 21)
- Message not available
- Re: Multipath-ROP: Tools available? halfdog (Jul 21)
- Re: Multipath-ROP: Tools available? Stefan Esser (Jul 21)
- Message not available
- Re: Multipath-ROP: Tools available? halfdog (Jul 22)
- Re: Multipath-ROP: Tools available? halfdog (Jul 23)
- Re: Multipath-ROP: Tools available? halfdog (Jul 22)