No description, website, or topics provided.
C Shell C++ Python
Switch branches/tags
Nothing to show
Clone or download
bx Merge pull request #1 from lungetech/master
fix spelling errors
Latest commit f1ed4e0 Jan 6, 2014


This project contains tools that can be used to coarse the gcc's runtime loader
into performing interesting operations using only valid relocation entries and

Slides from our DEFCON 20 talk can be found here:

Slides from our BerlinSides0x3 talk can be found here:

Slides from our 29C3 talk can be found here:

Slides from our USENIX WOOT 2013 talk can be found here:

libelf_bf/ contains files that make up the library
elf_bf_compiler/ implementation for Brainfuck to ELF compiler
elf_bf_debug/ contains useful scripts for debugging the runtime loading process
as it processes relocation entries
ping_backdoor/ contains code that uses relocation entries to build a backdoor
into ping
demo/ contains a simple c program to play with


These instructions are written for Ubuntu 11.10 x86_64. If you are running a
different version of Ubuntu, you should setup a 64bit Oneiric chroot
environment.  See
for for information.  If you are not running 64-bit Ubuntu, best of luck.
At the very least you will need a amd64 system using eglibc 2.13.

Required apt packages: build-essential, subversion, libssl-dev, cmake

You will need to install eresi from source, which can be found at
Their code can be checked out using:
$> svn checkout eresi

build eresi as follows;
./configure --prefix /usr/local --enable-64
sudo make install install64
(If install fails with "chmod: cannot operate on dangling symlink `/usr/local//lib/', don't worry. Just move on)

To build elf-bf-tools, in the elf-bf-tools directory
cmake .

..and that's it

Thanks for reading, be sure to visit the README files located in
elf_bf_compiler, elf_bf_debug, and ping_backdoor if you end up working with the
code there.