Dailydave mailing list archives
Re: multistage shellcode
From: dave <dave () immunitysec com>
Date: Mon, 02 Aug 2004 11:55:47 -0400
Mordy Ovits wrote:
Also remember to choose your "tag" properly. If the mangling is actually a filter, than choose a tag that doesn't fit through the filter.On Sunday 01 August 2004 03:27 pm, wirepair wrote:has anyone else attempted this type of check? and if so, anything smaller than 25bytes???A very simple checksum algorithm is to loop over the data adding each 32-bit word to a running total, allowing integer overflow to do its thing. Then you compare the 4 bytes you're left with to the one you stored. It's a tiny algorithm. It's not a cryptographic checksum, as some changes can cancel others out, but it'll catch even a single bit flip. You don't need more; you're facing random mangling, not a malicious attacker.Mordy
-dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- multistage shellcode wirepair (Aug 01)
- Re: multistage shellcode Mordy Ovits (Aug 02)
- Re: multistage shellcode dave (Aug 02)
- Re: multistage shellcode Mordy Ovits (Aug 02)