TL;DR
MAJORCA is a versatile tool that automatically constructs ROP and JOP payloads across architectures, considering symbol restrictions, and evaluates the feasibility of code-reuse attacks against various OS defenses.
Contribution
It introduces an architecture-agnostic ROP/JOP payload generator that accounts for restricted symbols and provides a new metric to assess attack success probabilities.
Findings
MAJORCA outperforms open-source tools in payload generation.
It successfully generates payloads for x86 and MIPS architectures.
The ROP chaining metric estimates attack feasibility across OS defenses.
Abstract
Nowadays, exploits often rely on a code-reuse approach. Short pieces of code called gadgets are chained together to execute some payload. Code-reuse attacks can exploit vulnerabilities in the presence of operating system protection that prohibits data memory execution. The ROP chain construction task is the code generation for the virtual machine defined by an exploited executable. It is crucial to understand how powerful ROP attacks can be. Such knowledge can be used to improve software security. We implement MAJORCA that generates ROP and JOP payloads in an architecture agnostic manner and thoroughly consider restricted symbols such as null bytes that terminate data copying via strcpy. The paper covers the whole code-reuse payloads construction pipeline: cataloging gadgets, chaining them in DAG, scheduling, linearizing to the ready-to-run payload. MAJORCA automatically generates both…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
