SLAE32 Assignment 7 – Custom Crypter

Note: All related code can be found at My Github Repository.

Task:
– Create one program to encrypt the shellcode
– Create another program to decrypt and execute it

For this task we picked up the (TEA) Tiny Encryption Algorithm. It is a block cipher notable for its simplicity of description and implementation, designed by David Wheeler and Roger Needham of the Cambridge Computer Laboratory.

As input we are using the shellcode (\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x89\xe2\x53\x89\xe1\xb0\x0b\xcd\x80) as extracted from the execve-stack file, which simply spawns a /bin/sh shell.

Take the execve.nasm file

Compile and link the execve.nasm:

Use objdump to get the opcodes for execve.nasm

Of course, we could easily complicate the shellcode further, eg:
1. Use the XOREncoder.py with the opcodes from execve.nasm
2. Run “python XOREncoder.py” take the output 0x…
3. Update xor-decoder.nasm using the output from “python XOREncoder.py”
4. Compile and link the updated xor-decoder.nasm
5. Use objdump to get the opcodes from the compiled/linked xor-decoder
6. Feed our TEA-Encypter with code with opcodes from xor-decoder

TEA Encryptor

Compile and run

TEA DeCrypter & Executor

Compile and run

#####
This post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Student ID: SLAE- 461
#####

Facebooktwittergoogle_plusredditpinterestlinkedinmailby feather