Project Description

In this project, we demonstrate that an advanced attacker can mount practical code-reuse attacks even in the complete absence of information disclosure. To this end, we present Position-Independent Code-Reuse Attacks (PIROP), a new class of code-reuse attacks relying on the relative rather than absolute location of code gadgets in memory. By means of memory massaging, the attacker first makes the victim program generate a rudimentary ROP payload (for instance, containing code pointers that target instructions “close” to relevant gadgets). Afterwards, the addresses in this payload are patched with small offsets via relative memory writes.