ropbot: Reimaging Code Reuse Attack Synthesis
Kyle Zeng
Network and Distributed System Security (NDSS) Symposium 2026 · Day 3 · Systems Security
ropbot is a next-generation **code reuse payload generation engine** that fundamentally reimagines how ROP chains are constructed. By introducing the concept of a **"rop block"** -- a self-contained sequence of gadgets with guaranteed chainability -- ropbot replaces the traditional **generate-and-test algorithm** (O(n^n) worst case) with a **graph-search approach** that runs in effectively **linear time**. The result is a tool that outperforms all state-of-the-art ROP chain generators, achieves **100% success rate** on full chain generation (dup2/execve payloads), works across **multiple architectures** (x86, ARM, and more), and has been **adopted by Google** as part of its kernel exploit development (XDK) framework for the kernel CTF vulnerability research program.
AI review
A fundamental advance in automated exploit development that reduces ROP chain generation from O(n^n) to linear time through the elegant rop block abstraction. 100% success rate on full chain generation, works across architectures, adopted by Google for kernel CTF -- this is the kind of tool that changes how exploitation is done. If you write exploits, you need to know this tool.