ARMSCGen — ARM Shellcode Generator

ARMSCGen.CompileSC(source, isThumb=False, isNeedHead=True)

Compiles shellcode

Args:

source (str): shellcode in strings

isThumb (boolean): Thumb or ARM Mode

isNeedHead (boolean): It shows up if true

Returns:

compiled shellcode

ARMSCGen.MakeXorShellcode(sc, isThumb=False)

Make XOR Encoder with Shellcode

Args:

sc(str): shellcode

isThumb(boolean): ARM or Thumb Mode

Returns:

shellcode in hex

Examples:

>>> sc = MakeXorShellcode(bindshell, isThumb=True)

ARMSCGen.SYSERR(m) → None

Print syserr(2) screen to debug

Args:

m(fmt): message will be printed on syserr screen

ARMSCGen.XOREncoder(scSize, xorkey, SC)

XOR Encoder to avoid some bad codes like 0x0a, 0x00 and so on

Args:

scSize(int): shellcode length

xorkey(int): XOR key

SC(str): shellcode

Returns:

XOR Encoder shellcode in string

class ARMSCGen.arm64SCGen

ARM64 Mode Shellcode Generator Class

class ARMSCGen.armSCGen

ARM Mode Shellcode Generator Class

ARMSCGen.checkBadChar(sc, bc=[0, 10])

checks bad chars in shellcode string

Args:

sc(str): shellcode

bc(list): bad chars like 0x00, 0x0a

Returns:

list if bad chars exists

ARMSCGen.cleanup(fn)

clean up compiled files

Args:

fn(list): files in list will be deleted

ARMSCGen.disasm(code, arch='ARM', mode='THUMB')

disassembles code in arch with mode

Args:

code(str): assemble code

arch(str): Architechture (so far ARM only)

mode(str): Mode (THUMB or ARM)

Returns:

result in string

Examples:

>>> rv = disasm(code, 'ARM', 'THUMB')

ARMSCGen.encodeShellcode(sc, key)

encodes shellcode with key to avoid all of bad chars such as 0x00

Args:

sc(str): shellcode key(int/str): XOR key

Returns:

xoredSC(str): XORed Shellcode

Examples:

>>> print encodeShellcode(sc, findXorKey(sc))
'à"¢á/ë¢ã   ’í-`kl-qj'

ARMSCGen.findXorKey(sc, bc=['\x00', '\n'])

find XOR key to scramble and to avoid all of bad chars such as 0x00

Args:

sc(str): shellcode

bc(list): bad chars to avoid

Returns:

key (int): XOR key

Examples:

>>> print findXorKey(sc)
2

ARMSCGen.getShellcodeHelp(scode, arch='thumb')

ARMSCGen.getShellcodeInfo(arch='thumb')

ARMSCGen.getdent_to_list(rv)

parses getdent’s struct to human readable.

Args:

rv(str): getdent’s struct included file/directory name(s)

Returns:

fn(list): file/directory name(s)

ARMSCGen.isScode(s, sname)

ARMSCGen.prepareCompiler(mode='THUMB')

prepares some PATH to compile safely

ARMSCGen.printHex(xhex)

print hex code in human-readable

Args:

xhex(hex): hex code

Returns:

human-readable hex code like ‘x41’

class ARMSCGen.thumbSCGen

Thumb Mode Shellcode Generator Class

ARMSCGen.thumb_fixup(reg, value)

fixes up value for register

Args:

reg(str): register

value(int): real value

Retruns:

fn(str): arranged value with register

ARMSCGen.u16(u)

struct.unpack(2-bytes)

Args:

u(str): 2-bytes packed data

Returns:

short value

ARMSCGen.u32(u)

struct.unpack(4-bytes)

Args:

u(str): 4-bytes packed data

Returns:

integer value

ARMSCGen.uu16(u)

struct.unpack(2-bytes)

Args:

u(str): 2-bytes packed data

Returns:

unsigned short value

ARMSCGen.uu32(u)

struct.unpack(4-bytes)

Args:

u(str): 4-bytes packed data

Returns:

unsigned integer value