ROP is a technique that re-uses existing code snippets (“gadgets”) already present in target program and chains them together to create a malicious payload without introducing new code. This technique bypasses both Data Execution Prevention (DEP) and ASLR (address space layout randomisation)
terminology
- gadget: is a number of instructions ending in a RET statement
technique
- identify gadgets in target code
- arrange memory addresses on the stack
- when executed, each gadget performs a small part of the exploit
tooling
- ROPgadget: analyses binary and identifies addresses at which usable gadgets reside
- Ropper
- angrop
mitigation
- ARM64 PAC pointer authentication code
- CFI (control flow integrity)
- NX bit non-executable memory