Re: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops

From: Berend-Jan Wever (skylined_at_edup.tudelft.nl)
Date: 11/18/04

  • Next message: xtrecate: "RE: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment"
    Date: Thu, 18 Nov 2004 13:53:10 +0100
    
    

    Code examples ?
    Check out the "Shellcode encoders" source codes on my webpage.

    Cheers,
    SkyLined

    PS. please send any discussions on the paper in pm to skylined@edup.tudelft.nl or #SkyLined on EFNet

    ----- Original Message -----
    From: "Michael Vergoz" <descript@secureyourapache.com>
    To: "Peter Willis" <psyphreak@phreaker.net>
    Cc: <full-disclosure@lists.netsys.com>; <vuln-dev@securityfocus.com>; "Berend-Jan Wever" <skylined@edup.tudelft.nl>
    Sent: Thursday, November 18, 2004 09:04
    Subject: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops

    > Hi,
    >
    > Nice paper.
    > Some code examples should be great (i think).
    > A question : what about false-disassembly into shellcode ?
    >
    > like :
    > mov eax, eax
    > [...]
    > jmp false
    > db 0xAA
    > [...]
    > false:
    > mov eax, 1
    > int 0x80
    > [...]
    >
    > mv
    >
    > On 17 nov. 04, at 23:00, Peter Willis wrote:
    >
    > > Hey, cool paper. Speaking of phrack, if in the future you have an
    > > article you think is print-worthy but is rejected by most zines, try
    > > sending it to Binary Revolution <articles@binrev.com>. Although
    > > they're newer and have had some delays in getting new issues out,
    > > they're starting to re-focus on the magazine and the number of their
    > > supporters is growing. Sorry if this comes off a little advertisey,
    > > but hopefully if more people write in then BinRev can publish more
    > > original articles about vulnerabilities which can then make it back
    > > onto the web as sample articles.
    > >
    > > Berend-Jan Wever wrote:
    > >
    > >> Hi all,
    > >>
    > >> This one got rejected by phrack and I couldn't be arsed to rewrite it
    > >> so it would make the next edition:
    > >> "Writing IA32 Restricted Instruction Set Shellcode Decoder Loops" by
    > >> SkyLined
    > >> ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html )
    > >>
    > >> The article addresses the requirements for writing a shellcode
    > >> decoder loop using a limited number of characters that limits our
    > >> instruction set. Most of it is based on my experience with
    > >> alphanumeric decoders but the principles apply to any piece of code
    > >> that is written to work with a limited instruction set. (It's a
    > >> continuation on rix's and obscou's work for phrack).
    > >>
    > >> Comments and questions welcome, but I can not guarantee an answer to
    > >> n00b questions.
    > >>
    > >> Cheers,
    > >> SkyLined
    > >>
    > >> http://www.edup.tudelft.nl/~bjwever
    > >> <skylined@edup.tudelft.nl>
    > >>
    > >>
    > >>
    > >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: xtrecate: "RE: FW: [Full-Disclosure] Shadowcrew Grand Jury Indictment"