Skip to content

a return-oriented programming chain searching tool for ELF x86_64 binaries implemented in Python3

License

Notifications You must be signed in to change notification settings

gabriel-duque/entropy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

entropy

Introduction

entropy is a Python3 library you can use to generate ROP chains. For a basic background on return oriented programming (ROP), you can read this light explanation.

In a nutshell, ROP is a modern exploit technique. In the old days, people used to abuse the fact that program stacks were executable. Once a vulnerability was found, attackers would write the code they wanted to execute on the stack then rewrite the return address of the function to have the program jump onto their code and execute it.

To mitigate this technique, the stack was marked as non-executable so this strategy wouldn't work anymore. In a general manner, we now enforce a general rule (or we should if we don't yet) called W^X (write xor execute). What this means is that no memory zone will be executable and writeable which means attackers cannot execute code they write.

The only way to run some code when W^X is enforced is to reuse existing code in executable segments.

This is where ROP starts making sense.

ROP is the concept of reusing small basic blocks we will call gadgets to execute the sequence of code we want. ROP is all about the bigger picture.

If you already know about how ROP works you can just skip to the next part about ROP mitigation.

We are going to go through a simple example of how ROP works.

ROP mitigation

In order to keep people from exploit programs with ROP chains, some people over in the OpenBSD project tried creating some mitigations.

Two of them prevailed and are now used system-wide on OpenBSD machines:

  • reducing the number of ret instructions
  • adding a new type of protector on the stack: retguards

About

a return-oriented programming chain searching tool for ELF x86_64 binaries implemented in Python3

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages