Explore jump-oriented programming (JOP) and its comparison to return-oriented programming (ROP) in this 34-minute conference talk from ANYCon 2017. Delve into the intricacies of JOP, including dispatcher and functional gadgets, as well as basic gadget flavors. Examine current tools, their limitations, and potential improvements in areas such as basic support, architecture support, and gadget comprehension. Learn about innovative approaches to gadget composition, including the use of SMT solvers and emulators. Discover the challenges and opportunities in adding support for new architectures like ARM, AVR, and SPARC. Gain insights into the current state of disassembler frameworks and encoding examples. Conclude with an overview of JOP techniques and explore ideas for future developments in this field of cybersecurity.
Jumping the Fence - Comparison and Improvements for Existing Jump Oriented Programming Tools
via YouTube
Overview
Syllabus
Intro
What is JOP?
Explaining Return Oriented Programming
In Depth Explanation
Dispatcher
Functional Gadgets
Basic Gadget Flavors
Current Tools
Issues to Consider: Basic Support
Issues to Consider: Architecture Support
Architecture Support in Popular ROP Gadget Tools
Actual Functionality Provided
Functionality Examples
Ropgadget
General Issues
Improving Basic Gadget Search
Improving Gadget Comprehension
Gadget Comprehension Strategies
Gadget Comprehension Example with Unicorn VM
Approaches to Gadget Composition
Corelan's ROP Algorithm from Mona.py
Technique: SMT Solver and Emulator
ARM Support
Adding New Architecture Support: AVR
The Current State of AVR Disassembler Framworks
How about Sparc?
Sparc Encoding Example
Overview
Ideas for the Future
