From ... Thu Jul 19 21:45:05 2007 Date: Thu, 19 Jul 2007 21:45:05 +0200 From: Felix von Leitner <...> To: dailydave (at) lists.immunitysec.com Subject: Re: [Dailydave] add %ebx, (%esi) References: <944206.14902.qm@web56001.mail.re3.yahoo.com> <469FA98D.3040008@immunityinc.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <469FA98D.3040008@immunityinc.com> Lines: 77 Thus spake Dave Aitel (dave@immunityinc.com): > You can't really define sections for this assembler - but we haven't > had any problems. Let me know if there's something wacky here about > the x86 arch I didn't understand properly. We have been using a > similar (though much slower) assembler for a few years now in all of > our exploits (which is why I can finish an assembler in a week, rather > than a month or two). Once the C parser is rewritten, I'll release it > all as LGPL and you can fix it :>. How exactly is this a big deal? I once wrote an x86 assembler in Pascal. When I was in school. Not college, school. So did a friend of mine. And a disassembler. Took a couple days to get the kinks ironed out where I misparsed the Intel manual or it had bugs. You know, I don't want to lessen your achievement, but, you kwow, it's an assembler. How does that deserve any of the tooting it gets here? People do that as assignment for a course in college! http://www.ant.harvard.edu/ANT-1.0/Assts/asst8-1997.html http://www.cs.umd.edu/class/spring2005/cmsc212/p1/handout.html x86 is a little more complex, but that's just more, not harder work. Is the security scene so run down that we need to celebrate if one of us writes an assembler or a disassembler? Please, people, get back to work. Do something real for a change. > I really like the idea of a web service for shellcode decoder > creation. Wow. Convert something like that into a web service? Man, that's a dozen lines of perl. If your coding style is verbose. It would have taken less time than you just spent talking about how you are going to do it eventually. > This was part of the original idea for the CANVAS World > Service (which we're still going to do some day). One of the major > advantages is that people who invest lots of time for their own > customized polymorphic decoders could offer them as a web service > attached to CANVAS World Service and then charge a buck every time > they are used, for example. And having them as a web service also > means IDS companies can't easily write signatures, since you can > change them every day and they never see the code that generates the > shellcode decoder itself. Yeah, suuuure, people will pay a buck to allow their shell code to be uploaded to some random web service by a guy they don't know. Looking forward to the IPO! > For now, having an assembler web service is pretty fun. :> #!/usr/bin/perl use SOAP::Transport::HTTP; SOAP::Transport::HTTP::CGI -> dispatch_to('Assembler') -> handle; package Assembler; sub assemble { my ($class, $insn) = @_; my $res; open PIPE,"|as"; print PIPE $insn; close PIPE; open PIPE,"objdump -d a.out|"; while () { if (m/:\t/) { s/^.*:\t//; s/ *\t.*//; $res .= $_; } } close PIPE; return $res; } Just saying. Add some input validation, do something about the temp files, and you're good. Now can we please talk about new and interesting stuff? Like, for example, new and interesting ways to encode shellcode? Thanks, Felix