From 89c13129a55ccbecda31614c83e88612972c11a6 Mon Sep 17 00:00:00 2001
From: Malfurious <m@lfurio.us>
Date: Sun, 22 Aug 2021 08:25:26 -0400
Subject: Refactor genhex into shelltool

For convenience, I've rewritten my old shellcode parser program in
Python.  It is moved to the shellcode templates dir and renamed to
shelltool.

As a new feature, shelltool will now check the result for NULL bytes and
newline bytes that may cause problems in an exploit.

Signed-off-by: Malfurious <m@lfurio.us>
---
 templates/shellcode/shelltool.py | 30 ++++++++++++++++++++++++++++++
 tools/genhex.cpp                 | 33 ---------------------------------
 2 files changed, 30 insertions(+), 33 deletions(-)
 create mode 100755 templates/shellcode/shelltool.py
 delete mode 100644 tools/genhex.cpp

diff --git a/templates/shellcode/shelltool.py b/templates/shellcode/shelltool.py
new file mode 100755
index 0000000..b95a8cd
--- /dev/null
+++ b/templates/shellcode/shelltool.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+# This script will convert shellcode disassembly into an escaped string literal
+# and warn about problematic bytes in the payload.
+#     objdump -d elf | ./shelltool.py
+
+import sys
+
+name = None
+bytecode = []
+badchars = [ 0x00, 0x0a ]
+
+for line in sys.stdin:
+    for tok in line.split():
+        if name is None:
+            name = tok
+        if len(tok) == 2:
+            try:
+                bytecode.append(int(tok, base=16))
+            except:
+                pass
+
+result = ''.join([ "\\x%02x"%(x) for x in bytecode ])
+result = f'{name}"{result}"'
+
+for x in badchars:
+    if x in bytecode:
+        result += f'    **0x{"%02x"%(x)} detected**'
+
+print(result)
diff --git a/tools/genhex.cpp b/tools/genhex.cpp
deleted file mode 100644
index a37f91e..0000000
--- a/tools/genhex.cpp
+++ /dev/null
@@ -1,33 +0,0 @@
-#include <iostream>
-#include <string>
-
-/*
- * Read in all of stdin (should be piped from objdump), look for bytecode hex,
- * and print this code, escaped in a C-string literal, to stdout.
- *
- * EG output: "\x01\x02\x03\x04"
- */
-
-int main()
-{
-    std::string tmp;
-    unsigned int hex;
-
-    std::cout << "\"";
-
-    while (true)
-    {
-        std::cin >> tmp;
-
-        if (std::cin.eof())
-            break;
-
-        if (tmp.size() == 2 &&
-            tmp.find(":") == std::string::npos &&
-            sscanf(tmp.c_str(), "%x", &hex) > 0)
-            std::cout << "\\x" << tmp;
-    }
-
-    std::cout << "\"\n";
-    return 0;
-}
-- 
cgit v1.2.3