Further refactoring

CHANGELOG.md

@@ -30,6 +30,8 @@ implement specialized classes doing encoding.
 The encoder.py file is moved on a adhoc directory and it will be the main
 encoding class with all basic functionalities.
 
+I made the package flat in shellerate directory to make imports easier, will
+refactor back later on.
 
 ## [0.4.0] - 2019-02-05
 ### Added

setup.py

@@ -5,7 +5,7 @@
 
 setuptools.setup(
     name="shellerate",
-    version="0.4.2",
+    version="0.4.3",
     python_requires='>=3.6.*',
     author="Paolo Perego",
     author_email="paolo@armoredcode.com",

shellerate/asm_x86.py

@@ -8,7 +8,51 @@ def get_where_am_i_in_ecx():
 # jumps is how many 256 bytes backword jump you want to take
 def jmp_backwards_ecx(jumps=1):
     return get_where_am_i_in_ecx() + "\xfe\xcd" * jumps + "\xff\xe1"
-
+
+
+def zero_eax():
+  """
+    Creates a shellcode that set the EAX register 0 using two AND instructions.
+
+    If you look at the binary representation you can understand why these two
+    ANDs will set EAX to 0 whatever the starting value.
+
+    AND EAX, 0x554e4d4a
+    AND EAX, 0x2a313235
+  """
+  return "\\x25\\x4A\\x4D\\x4E\\x55\\x25\\x35\\x32\\x31\\x2A"
+
+def zero_with_and(reg="eax", badchar=[]):
+
+  while True:
+    first_and = secrets.token_hex(4)
+    n_b = bin(int(first_and, 16))
+    n_b_2 = bit_not(int(n_b, 2), 32)
+    if n_b_2 > 0:
+      break
+
+  second_and = format(n_b_2, 'x').zfill(8)
+
+  logging.debug("First AND: %s" % first_and)
+  logging.debug("Second AND: %s" % second_and)
+
+  first_and_hex = strings.from_string_to_payload(strings.swap(first_and))
+  second_and_hex = strings.from_string_to_payload(strings.swap(second_and))
+
+  if reg == "eax":
+    return "\\x25"+first_and_hex+"\\x25"+second_and_hex
+
+  if reg == "ebx":
+    return "\\xb1\\xe3"+first_and_hex+"\\xb1\\xe3"+second_and_hex
+  if reg == "ebx":
+    return "\\xb1\\xe3"+first_and_hex+"\\xb1\\xe3"+second_and_hex
+  if reg == "ecx":
+    return "\\xb1\\xe1"+first_and_hex+"\\xb1\\xe1"+second_and_hex
+  if reg == "edx":
+    return "\\xb1\\xe2"+first_and_hex+"\\xb1\\xe2"+second_and_hex
+
+
+
 
 def nop_sled(count=1):
     return "\\x90"*count

shellerate/math.py

@@ -10,36 +10,6 @@ def has_restricted_chars(string, r_chars=[]):
       return True
   return false
 
-# def push_eax_
-def zero_with_and(reg="eax", badchar=[]):
-
-  while True:
-    first_and = secrets.token_hex(4)
-    n_b = bin(int(first_and, 16))
-    n_b_2 = bit_not(int(n_b, 2), 32)
-    if n_b_2 > 0:
-      break
-
-  second_and = format(n_b_2, 'x').zfill(8)
-
-  logging.debug("First AND: %s" % first_and)
-  logging.debug("Second AND: %s" % second_and)
-
-  first_and_hex = strings.from_string_to_payload(strings.swap(first_and))
-  second_and_hex = strings.from_string_to_payload(strings.swap(second_and))
-
-  if reg == "eax":
-    return "\\x25"+first_and_hex+"\\x25"+second_and_hex
-
-  if reg == "ebx":
-    return "\\xb1\\xe3"+first_and_hex+"\\xb1\\xe3"+second_and_hex
-  if reg == "ebx":
-    return "\\xb1\\xe3"+first_and_hex+"\\xb1\\xe3"+second_and_hex
-  if reg == "ecx":
-    return "\\xb1\\xe1"+first_and_hex+"\\xb1\\xe1"+second_and_hex
-  if reg == "edx":
-    return "\\xb1\\xe2"+first_and_hex+"\\xb1\\xe2"+second_and_hex
-
 
 
 def bit_not(n, bits=8):

shellerate/strings.py

@@ -5,6 +5,21 @@ def pad(string):
 def split(string, n=2):
   return [string[i:i+n] for i in range(0, len(string), n)]
 
+def reverse(string):
+  """
+    Creates a reverse copy of a given string.
+
+    example:
+      from shellerate import strings;
+
+      strings.reverse("90898887") #  => "87888990"
+  """
+  v=split(string)
+  ret = ""
+  for i in reversed(v): 
+    ret += i
+  return ret
+
 # This method takes a byte in a printable char representation and give the
 # hex code.
 #   "\\x31" => "31"