Machine code decoding 🔣 You can feed him with opcodes and will decode it using Go's x86asm package or create a custom ELF with them.
$ ./gopdecode
> 30c1
xor cl, al
> 90
nop
> history
0 30c1
1 90
> q
$qorquit: quit the application.set flavor=[att|go|intel]: change output syntax (AT&T, Intel or Go Assembly).set output=(filepath): save output to file.set mode=[16|32|64]: set arch mode (default is 64-bit).set colors: toggle "pretty" printing.set json: toggle print JSON opcode information.history: show history of previous inputs (.gop_history file).
JSON output:
> set json
> 8b55fc
{
"length": 3,
"instruction": "mov",
"args": [
"edx",
"dword ptr [rbp-0x4]"
]
}
>create [filepath]: this will create a custom ELF executable with the opcodes that you feed to this tool. All headers are setted by default and with a predefined entry point.
$ ./gopdecode
> create elf_test
Custom ELF file 'elf_test' created.
> 30c0
xor al, al
> b03c
mov al, 0x3c
> 0f05
syscall
> q
$ strace ./elf_test
execve("./elf_test", ["./elf_test"], 0x7ffea74e25f0 /* 21 vars */) = 0
exit(0) = ?
+++ exited with 0 +++
$ file elf_test
elf_test: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, corrupted section header sizeBased on m2elf's decoding functionality.