Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 demo
Octocat-spinner-32 elf_bf_compiler
Octocat-spinner-32 elf_bf_debug
Octocat-spinner-32 libelf_bf
Octocat-spinner-32 ping_backdoor
Octocat-spinner-32 syscall
Octocat-spinner-32 CMakeLists.txt
Octocat-spinner-32 LICENSE
Octocat-spinner-32 README
README
OVERVIEW
This project contains tools that can be used to coarse the gcc's runtime loader
into performing interesting operations using only valid relocation entries and
symbols.

Slides from our DEFCON 20 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/elf-defcon20.pdf

Slides from our BerlinSides0x3 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-berlinsides-0x3.pdf

Slides from our 29C3 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-29c3.pdf

Slides from our USENIX WOOT 2013 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-WOOT-2013.pdf


directories:
libelf_bf/ contains files that make up the library
elf_bf_compiler/ implementation for Brainfuck to ELF compiler
elf_bf_debug/ contains useful scripts for debugging the runtime loading process
as it processes relocation entries
ping_backdoor/ contains code that uses relocation entries to build a backdoor
into ping
demo/ contains a simple c program to play with


BUILDING

These instructions are written for Ubuntu 11.10 x86_64. If you are running a
different version of Ubuntu, you should setup a 64bit Oneiric chroot
environment.  See https://help.ubuntu.com/community/DebootstrapChroot
for for information.  If you are not running 64-bit Ubuntu, best of luck.
At the very least you will need a amd64 system using eglibc 2.13.


Required apt packages: build-essential, subversion, libssl-dev, cmake

You will need to install eresi from source, which can be found at
http://www.eresi-project.org/
Their code can be checked out using:
$> svn checkout http://svn.eresi-project.org/svn/trunk/ eresi

build eresi as follows;
./configure --prefix /usr/local --enable-64
make
sudo make install install64
(If install fails with "chmod: cannot operate on dangling symlink `/usr/local//lib/libelfsh.so', don't worry. Just move on)

To build elf-bf-tools, in the elf-bf-tools directory
cmake .
make

..and that's it

Thanks for reading, be sure to visit the README files located in
elf_bf_compiler, elf_bf_debug, and ping_backdoor if you end up working with the
code there.

Something went wrong with that request. Please try again.