[Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
Hi, Nice paper. Some code examples should be great (i think). A question : what about false-disassembly into shellcode ? like : mov eax, eax [...] jmp false db 0xAA [...] false: mov eax, 1 int 0x80 [...] mv On 17 nov. 04, at 23:00, Peter Willis wrote: Hey, cool paper. Speaking of phrack, if in the future you have an article you think is print-worthy but is rejected by most zines, try sending it to Binary Revolution [EMAIL PROTECTED]. Although they're newer and have had some delays in getting new issues out, they're starting to re-focus on the magazine and the number of their supporters is growing. Sorry if this comes off a little advertisey, but hopefully if more people write in then BinRev can publish more original articles about vulnerabilities which can then make it back onto the web as sample articles. Berend-Jan Wever wrote: Hi all, This one got rejected by phrack and I couldn't be arsed to rewrite it so it would make the next edition: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops by SkyLined ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html ) The article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits our instruction set. Most of it is based on my experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set. (It's a continuation on rix's and obscou's work for phrack). Comments and questions welcome, but I can not guarantee an answer to n00b questions. Cheers, SkyLined http://www.edup.tudelft.nl/~bjwever [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Re: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
Code examples ? Check out the Shellcode encoders source codes on my webpage. Cheers, SkyLined PS. please send any discussions on the paper in pm to [EMAIL PROTECTED] or #SkyLined on EFNet - Original Message - From: Michael Vergoz [EMAIL PROTECTED] To: Peter Willis [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Berend-Jan Wever [EMAIL PROTECTED] Sent: Thursday, November 18, 2004 09:04 Subject: [Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops Hi, Nice paper. Some code examples should be great (i think). A question : what about false-disassembly into shellcode ? like : mov eax, eax [...] jmp false db 0xAA [...] false: mov eax, 1 int 0x80 [...] mv On 17 nov. 04, at 23:00, Peter Willis wrote: Hey, cool paper. Speaking of phrack, if in the future you have an article you think is print-worthy but is rejected by most zines, try sending it to Binary Revolution [EMAIL PROTECTED]. Although they're newer and have had some delays in getting new issues out, they're starting to re-focus on the magazine and the number of their supporters is growing. Sorry if this comes off a little advertisey, but hopefully if more people write in then BinRev can publish more original articles about vulnerabilities which can then make it back onto the web as sample articles. Berend-Jan Wever wrote: Hi all, This one got rejected by phrack and I couldn't be arsed to rewrite it so it would make the next edition: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops by SkyLined ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html ) The article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits our instruction set. Most of it is based on my experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set. (It's a continuation on rix's and obscou's work for phrack). Comments and questions welcome, but I can not guarantee an answer to n00b questions. Cheers, SkyLined http://www.edup.tudelft.nl/~bjwever [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
[Full-Disclosure] Re: New whitepaper: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops
Hey, cool paper. Speaking of phrack, if in the future you have an article you think is print-worthy but is rejected by most zines, try sending it to Binary Revolution [EMAIL PROTECTED]. Although they're newer and have had some delays in getting new issues out, they're starting to re-focus on the magazine and the number of their supporters is growing. Sorry if this comes off a little advertisey, but hopefully if more people write in then BinRev can publish more original articles about vulnerabilities which can then make it back onto the web as sample articles. Berend-Jan Wever wrote: Hi all, This one got rejected by phrack and I couldn't be arsed to rewrite it so it would make the next edition: Writing IA32 Restricted Instruction Set Shellcode Decoder Loops by SkyLined ( http://www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html ) The article addresses the requirements for writing a shellcode decoder loop using a limited number of characters that limits our instruction set. Most of it is based on my experience with alphanumeric decoders but the principles apply to any piece of code that is written to work with a limited instruction set. (It's a continuation on rix's and obscou's work for phrack). Comments and questions welcome, but I can not guarantee an answer to n00b questions. Cheers, SkyLined http://www.edup.tudelft.nl/~bjwever [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html