Vulnerability Development mailing list archives
xor encoding / decoding of shellcode
From: KF <dotslash () snosoft com>
Date: Wed, 28 Nov 2001 12:31:54 -0500
I have been working alot with asm lately on the ppc platform... my goal has been to develop shellcode for several different situations... I have come up with shellcode that writes an xinetd.d entry and one that binds a shell to a port as well as a few other typical shellcode examples. The problem that I am having is that alot of my instructions cause null. I have a technique to remove some of them but the method I use takes 2 instructions for every one with null. I have been trying to figure out how the stack needs to be layed out in order for me to xor encode / decode my shellcode. I imagine it is similar to <nops><xor decoder><xor encoded shellcode><return addy>. At the moment I am stuck on how to place a xor encoded string on the stack and then use it as executable code. In essence I need to learn how to write a xor decoder does anyone have any tips on this technique? I am trying to come up with something similar to ADMmutate that works on power pc or other RISC processors. -KF
Current thread:
- xor encoding / decoding of shellcode KF (Nov 28)
- Re: xor encoding / decoding of shellcode Ryan Permeh (Nov 28)
- Re: xor encoding / decoding of shellcode blitzkrieg (Nov 28)
- Message not available
- Message not available
- Re: ppc asm KF (Nov 29)
- Message not available