Full Disclosure mailing list archives

Re: Multipath-ROP: Tools available?

From: halfdog <me () halfdog net>
Date: Thu, 21 Jul 2011 17:51:52 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Stefan Esser wrote:

Hello,

Does someone know about this method? If there are no tools 
available for that, I would like to create one, that uses 
markov-chains for library analysis and that should support
multiple CPU-archs.

As far as I know there are no tools available for this.

However I submitted a talk to HITB2011KUL about exactly this 
technique applied to iPhone exploitation. So there should be a tool 
for this in October.


Fine. I'm looking forward to that. Funny to have the same idea.

Not only covering exploiting ASLR but also ROP payloads that work 
against different devices (different library load offset by device 
class/firmware version).


Ok, I'm thinking to integrate this also. Having just one library at
different positions in memory or different libraries should be
essentially the same for such an tool.

- -- 
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88  2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFOKGcUxFmThv7tq+4RAuofAJ9/i3fbVkug5eXt429DLmQpJYAC1wCdEeHq
5L65SxnFNzI0XnMx4KT6J+c=
=Q+YT
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Multipath-ROP: Tools available? halfdog (Jul 21)
- Re: Multipath-ROP: Tools available? Stefan Esser (Jul 21)
  - Re: Multipath-ROP: Tools available? Dan Rosenberg (Jul 21)
  - Re: Multipath-ROP: Tools available? halfdog (Jul 21)
- Message not available
  - Re: Multipath-ROP: Tools available? halfdog (Jul 21)
- Message not available
  - Re: Multipath-ROP: Tools available? halfdog (Jul 22)
    - Re: Multipath-ROP: Tools available? halfdog (Jul 23)