Egg/convert x86 linux binsh #24741
Egg/convert x86 linux binsh #24741
Conversation
|
can you send a separate PR only with the null deref check? i dont think that we should be providing assembly versions of the shellcodes. maybe we can have a script that does that with rax2 and rasm2. but considering most shellcodes do jump-in-the-middle and have gaps to fill im unsure if that would be good to provide as is. maybe @gum3t have some thoughts or can use those .rasm for testing chameleon |
|
i think its a good start, and i think it will be very nice to use these shellcodes for more than just an asm reference. im spending some time to improve rasm and we need tests! so having a makefile that uses rasm2 to compare the output with the .h from the original shellcodes will be ideal. also check the inline comments in the files you pushed |
|
please rebase so the nullderef commit goes away |
vicky-dx
force-pushed
the
egg/convert-x86-linux-binsh
branch
from
6ddda34 to
cda2272
Compare
|
fix the linter complains: Run sys/lint.sh |
Convert hardcoded shellcodes to human-readable assembly sources: - x86-linux-binsh: 32-bit Linux /bin/sh (24 bytes) - x86_64-linux-binsh: 64-bit Linux /bin/sh (28 bytes) - x86-osx-binsh: macOS x86_64 /bin/sh with setuid(0) (45 bytes) All files are rasm2-compatible and produce byte-exact output. Ref: radareorg#14765
Add assembly sources for three more shellcodes: - arm-linux-binsh: 32-bit ARM Linux /bin/sh (47 bytes) - thumb-linux-binsh: ARM Thumb mode /bin/sh (31 bytes) - x86-osx-suidbinsh: macOS x86_64 /bin/sh with setuid(0) (45 bytes, identical to x86-osx-binsh) All files produce byte-exact output matching original shellcodes. Ref: radareorg#14765
- Remove duplicate instruction comments (keep only meaningful ones) - Add .arch and .bits directives to ARM files - Use .string/.ascii directives instead of .byte for strings - Convert thumb-linux-binsh from .byte directives to proper assembly - All shellcodes verified to produce byte-exact output
- Add 'make test' target to verify rasm2 output matches original shellcodes - Fix ARM shellcode to use .ascii instead of .string (no null terminator) - All 6 shellcodes now produce byte-exact output - Tests run automatically and report pass/fail for each shellcode
vicky-dx
force-pushed
the
egg/convert-x86-linux-binsh
branch
from
cda2272 to
748f092
Compare
- Move test-shellcodes.sh from libr/egg/p/sc/ to sys/test-egg-shellcodes.sh (avoids lint issues with ;; in libr/ folder) - Fix empty comment lines in x86-osx-binsh.rasm and x86-osx-suidbinsh.rasm - Update Makefile to call script from sys/ folder - Use [OK]/[XX] format instead of emojis (as requested)
2 participants
Convert shellcodes to human-readable assembly sources
This PR converts 6 out of 16 hardcoded shellcodes to rasm2-compatible assembly sources as requested in issue #14765.
Converted in this PR:
x86-linux-binsh.rasm- 32-bit Linux /bin/sh (24 bytes)x86_64-linux-binsh.rasm- 64-bit Linux /bin/sh (28 bytes)x86-osx-binsh.rasm- macOS x86_64 /bin/sh with setuid(0) (45 bytes)x86-osx-suidbinsh.rasm- macOS suid variant (identical to x86-osx-binsh)arm-linux-binsh.rasm- 32-bit ARM Linux /bin/sh (47 bytes)thumb-linux-binsh.rasm- ARM Thumb mode /bin/sh (31 bytes)Remaining shellcodes (for future PRs):
Verification:
All assembly files produce byte-exact output matching original shellcodes:
rasm2 -a x86 -b 32 -f libr/egg/p/sc/asm/x86-linux-binsh.rasm # Output: 31c050682f2f7368682f62696e89e3505389e199b00bcd80