C Shell C++ Python
|Failed to load latest commit information.|
OVERVIEW This project contains tools that can be used to coarse the gcc's runtime loader into performing interesting operations using only valid relocation entries and symbols. Slides from our DEFCON 20 talk can be found here: http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/elf-defcon20.pdf Slides from our BerlinSides0x3 talk can be found here: http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-berlinsides-0x3.pdf Slides from our 29C3 talk can be found here: http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-29c3.pdf Slides from our USENIX WOOT 2013 talk can be found here: http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-WOOT-2013.pdf directories: libelf_bf/ contains files that make up the library elf_bf_compiler/ implementation for Brainfuck to ELF compiler elf_bf_debug/ contains useful scripts for debugging the runtime loading process as it processes relocation entries ping_backdoor/ contains code that uses relocation entries to build a backdoor into ping demo/ contains a simple c program to play with BUILDING These instructions are written for Ubuntu 11.10 x86_64. If you are running a different version of Ubuntu, you should setup a 64bit Oneiric chroot environment. See https://help.ubuntu.com/community/DebootstrapChroot for for information. If you are not running 64-bit Ubuntu, best of luck. At the very least you will need a amd64 system using eglibc 2.13. Required apt packages: build-essential, subversion, libssl-dev, cmake You will need to install eresi from source, which can be found at http://www.eresi-project.org/ Their code can be checked out using: $> svn checkout http://svn.eresi-project.org/svn/trunk/ eresi build eresi as follows; ./configure --prefix /usr/local --enable-64 make sudo make install install64 (If install fails with "chmod: cannot operate on dangling symlink `/usr/local//lib/libelfsh.so', don't worry. Just move on) To build elf-bf-tools, in the elf-bf-tools directory cmake . make ..and that's it Thanks for reading, be sure to visit the README files located in elf_bf_compiler, elf_bf_debug, and ping_backdoor if you end up working with the code there.