SLAE64: Assignment 4 – Custom Encoder

This is assignment #4 for the SecurityTube Linux Assembly Expert certification. It consists in the implementation of a custom encoder.

Encoding is a common strategy for obfuscating a shellcode payload as to avoid signature and pattern detection.

For this assignment I wanted to implement something that was simple, both in logic and implementation. I was inspired by the XOR encoder that is explained throughout the course. My implementation differs from the regular XOR encoder because it sequentially XORs each byte of the shellcode with the result of the XOR with the previous byte.

As per the course examples I implemented the encoder in Python, here is the encoder source file.

In order to be able to properly test my idea I’ve written the decoder below, also in Python.

For the final proof-of-concept I’ve written a shellcode that takes the Reverse Shell I’ve written for Assignment #2 encoded with the Python script above, decodes it and runs it. Please note that since I’m including the shellcode in the .text section, compilation needs to have the -N flag to allow the section to be writable by the program. I’ve also inspired myself in the Egg Hunter assignment (#3) and used this approach to find out when to stop decoding.

This was a really fun assignment that forced me to go back and read again about all the ELF sections and their inherent permissions and ways to change them.

All code is available from my Github repo.

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert Certification.

Student ID: SLAE64-1440

Leave a Reply

Your email address will not be published. Required fields are marked *