Skip to content


Subversion checkout URL

You can clone with
Download ZIP
C Shell C++ Python
Branch: master

Merge pull request #1 from lungetech/master

fix spelling errors
latest commit f1ed4e077f
@bx authored


This project contains tools that can be used to coarse the gcc's runtime loader
into performing interesting operations using only valid relocation entries and

Slides from our DEFCON 20 talk can be found here:

Slides from our BerlinSides0x3 talk can be found here:

Slides from our 29C3 talk can be found here:

Slides from our USENIX WOOT 2013 talk can be found here:

libelf_bf/ contains files that make up the library
elf_bf_compiler/ implementation for Brainfuck to ELF compiler
elf_bf_debug/ contains useful scripts for debugging the runtime loading process
as it processes relocation entries
ping_backdoor/ contains code that uses relocation entries to build a backdoor
into ping
demo/ contains a simple c program to play with


These instructions are written for Ubuntu 11.10 x86_64. If you are running a
different version of Ubuntu, you should setup a 64bit Oneiric chroot
environment.  See
for for information.  If you are not running 64-bit Ubuntu, best of luck.
At the very least you will need a amd64 system using eglibc 2.13.

Required apt packages: build-essential, subversion, libssl-dev, cmake

You will need to install eresi from source, which can be found at
Their code can be checked out using:
$> svn checkout eresi

build eresi as follows;
./configure --prefix /usr/local --enable-64
sudo make install install64
(If install fails with "chmod: cannot operate on dangling symlink `/usr/local//lib/', don't worry. Just move on)

To build elf-bf-tools, in the elf-bf-tools directory
cmake .

..and that's it

Thanks for reading, be sure to visit the README files located in
elf_bf_compiler, elf_bf_debug, and ping_backdoor if you end up working with the
code there.

Something went wrong with that request. Please try again.