Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- const r2promise = require(`r2pipe-promise`);
- const program = require(`commander`);
- const exec = require(`child-process-promise`).exec;
- program
- .version(`0.0.1`)
- .parse(process.argv);
- async function main() {
- //accepts shellcode from command line in same form as the shell32 arg from the silverlight app
- //outputs to binary then reads it with radare
- const binary = await exec(`echo ${process.argv[2]} | xxd -r -p - test.bin`);
- const r2 = await r2promise.open(`/home/mj/emulator/test.bin`);
- await r2.cmd(`e asm.comments=false`);
- await r2.cmd(`e asm.lines=false`);
- await r2.cmd(`e asm.flags=false`);
- await r2.cmd(`e io.cache=true`);
- await r2.cmd(`e asm.bits=32`);
- await r2.cmd(`e asm.arch=x86`);
- await r2.cmd(`aei`);
- await r2.cmd(`aeim 0xffffd000 0x2000 stack`);
- //pdj print disassembly to find base of code
- // let cmd = await r2.cmdj(`pdj 1`);
- // const base = cmd[0].offset;
- //we know the base already though because we made the binary
- const base = 0;
- //grab file size from the file info
- let cmd = await r2.cmdj(`oj`);
- const end = cmd[0].size;
- //can be used to automate decoding rig shellcodes
- // //look for loop opcode
- // cmd = await r2.cmdj(`pdj 100`);
- // let decoded = null;
- //
- // for (let c of cmd) {
- // if (c.opcode.match(`call`)) {
- // decoded = c.offset + 5;
- // break;
- // }
- // }
- //continue until byte 25 which is the beginning of the decoded shellcode
- await r2.cmd(`aecu 25`);
- //print disassembly of the remainder of the size of the shellcode minus the decoder, starting at the decoder
- //aka disassemble the decoded
- const raw = await r2.cmd(`pD ${end - 25} @ 25`);
- console.log(raw);
- }
- main();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement