Re: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
From: Berend-Jan Wever (skylined_at_edup.tudelft.nl)
Date: 11/18/04
- Previous message: Turbolinux: "[Full-Disclosure] [TURBOLINUX SECURITY INFO] 18/Nov/2004"
- In reply to: Michael Vergoz: "[Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Nov 2004 13:53:10 +0100
Code examples ?
Check out the "Shellcode encoders" source codes on my webpage.
Cheers,
SkyLined
PS. please send any discussions on the paper in pm to skylined@edup.tudelft.nl or #SkyLined on EFNet
----- Original Message -----
From: "Michael Vergoz" <descript@secureyourapache.com>
To: "Peter Willis" <psyphreak@phreaker.net>
Cc: <full-disclosure@lists.netsys.com>; <vuln-dev@securityfocus.com>; "Berend-Jan Wever" <skylined@edup.tudelft.nl>
Sent: Thursday, November 18, 2004 09:04
Subject: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
> Hi,
>
> Nice paper.
> Some code examples should be great (i think).
> A question : what about false-disassembly into shellcode ?
>
> like :
> mov eax, eax
> [...]
> jmp false
> db 0xAA
> [...]
> false:
> mov eax, 1
> int 0x80
> [...]
>
> mv
>
> On 17 nov. 04, at 23:00, Peter Willis wrote:
>
> > Hey, cool paper. Speaking of phrack, if in the future you have an
> > article you think is print-worthy but is rejected by most zines, try
> > sending it to Binary Revolution <articles@binrev.com>. Although
> > they're newer and have had some delays in getting new issues out,
> > they're starting to re-focus on the magazine and the number of their
> > supporters is growing. Sorry if this comes off a little advertisey,
> > but hopefully if more people write in then BinRev can publish more
> > original articles about vulnerabilities which can then make it back
> > onto the web as sample articles.
> >
> > Berend-Jan Wever wrote:
> >
> >> Hi all,
> >>
> >> This one got rejected by phrack and I couldn't be arsed to rewrite it
> >> so it would make the next edition:
> >> "Writing IA32 Restricted Instruction Set Shellcode Decoder Loops" by
> >> SkyLined
> >> ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html )
> >>
> >> The article addresses the requirements for writing a shellcode
> >> decoder loop using a limited number of characters that limits our
> >> instruction set. Most of it is based on my experience with
> >> alphanumeric decoders but the principles apply to any piece of code
> >> that is written to work with a limited instruction set. (It's a
> >> continuation on rix's and obscou's work for phrack).
> >>
> >> Comments and questions welcome, but I can not guarantee an answer to
> >> n00b questions.
> >>
> >> Cheers,
> >> SkyLined
> >>
> >> http://www.edup.tudelft.nl/~bjwever
> >> <skylined@edup.tudelft.nl>
> >>
> >>
> >>
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
