Jump to content
Nytro

Cross Architecture Shellcode in C

By Nytro, in Programe hacking

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Cross Arch Shellcode Compiler

2016 - ixtyInformation

 

This program allows to build portable, architecture independant shellcode from C code. It currently supports the following architectures:

  • x86
  • x86_64
  • arm
  • arm_64

 

It works by:

  • compiling the same C code for each architecture
  • linking it to arch specific syscall implementation
  • using a polyglot dispatching shellcode

 

The final layout of the output binary is: [ DISPATCHER ] [ X86 BLOCK ] [ X86_64 BLOCK ] [ ARM BLOCK ] [ ARM_64 BLOCK ]

The dispatcher is in stage0 Open stage0/README for information on how it works

Each arch specific block has the following layout: 

[ LOADER    ]
[ RELOC NUM ]
[ RELOC 0   ]
[ RELOC 1   ]
    ...
[ RELOC N   ]
[ START OFF ]
[ CODE      ]

Open stage1/README for information on loaders

The final payload code is the stage2. Open stage2/README for information on the payloadDependencies

  • python2.7
  • nasm
  • gcc
  • pyelftools (pip install pyelftools)
  • qemu-user-static
  • qemu-utils
  • arm chroot with gcc
  • arm64 chroot with gcc

 

Assuming you use debian: 

# apt-get install gcc nasm python2.7 python-pip
# apt-get install qemu qemu-user-static qemu-utils binfmt-support debootstrap
# qemu-debootstrap --arch=arm64 jessie /opt/arm64/ http://ftp.debian.org/debian
# qemu-debootstrap --arch=armhf jessie /opt/armhfxx/ http://ftp.debian.org/debian

# chroot /opt/arm64
# apt-get install gcc
# exit

# chroot /opt/armhf
# apt-get install gcc
# exitRunning & testing

$ ./build.py

 

If everything goes well, it creates ./ouput which is the portable multi-arch shellcode.

To test that everything works, use the provided 'sc' utility: 

On the local x86_64 machine
user@x86_64-box   $ ./sc_86     ./output
user@x86_64-box   $ ./sc_x86_64 ./output
... And in the chroots for arm/arm64
user@armhf-chroot $ ./sc_arm    ./output
user@arm64-chroot $ ./sc_arm_64 ./outputCredits

Thanks to feliam

https://github.com/feliam/mkShellcode

http://blog.binamuse.com/2013/01/about-shellcodes-in-c.html

The x86 / x86_64 loader code is taken from this project and the shellcode extraction technique is based upon his work aswell.

 

Link: https://github.com/ixty/xarch_shellcode

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...