PIROP

Project Description

In this project, we demonstrate that an advanced attacker can mount practical code-reuse attacks even in the complete absence of information disclosure. To this end, we present Position-Independent Code-Reuse Attacks (PIROP), a new class of code-reuse attacks relying on the relative rather than absolute location of code gadgets in memory. By means of memory massaging, the attacker first makes the victim program generate a rudimentary ROP payload (for instance, containing code pointers that target instructions “close” to relevant gadgets). Afterwards, the addresses in this payload are patched with small offsets via relative memory writes.

Demo

Papers