[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Multipath-ROP: Tools available?
- To: Stefan Esser <stefan.esser@xxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Multipath-ROP: Tools available?
- From: halfdog <me@xxxxxxxxxxx>
- Date: Thu, 21 Jul 2011 17:51:52 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stefan Esser wrote:
> Hello,
>> Does someone know about this method? If there are no tools
>> available for that, I would like to create one, that uses
>> markov-chains for library analysis and that should support
>> multiple CPU-archs.
> As far as I know there are no tools available for this.
>
> However I submitted a talk to HITB2011KUL about exactly this
> technique applied to iPhone exploitation. So there should be a tool
> for this in October.
Fine. I'm looking forward to that. Funny to have the same idea.
> Not only covering exploiting ASLR but also ROP payloads that work
> against different devices (different library load offset by device
> class/firmware version).
Ok, I'm thinking to integrate this also. Having just one library at
different positions in memory or different libraries should be
essentially the same for such an tool.
- --
http://www.halfdog.net/
PGP: 156A AE98 B91F 0114 FE88 2BD8 C459 9386 feed a bee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFOKGcUxFmThv7tq+4RAuofAJ9/i3fbVkug5eXt429DLmQpJYAC1wCdEeHq
5L65SxnFNzI0XnMx4KT6J+c=
=Q+YT
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/