Decoder-Free Sino-Korean Shellcode
暂无分享,去创建一个
Some researchers have recently showed that shellcode, a small piece of executable machine code, could be transformed into text. Although such shellcode-embedding text itself may elude defensive measures, due to the existence of a decoding routine attached the shellcode, it could be detected by them. In this paper, we propose a novel approach to building shellcode-embedding Korean text without a decoder and a list of addresses used for a code reuse attack. For shellcode that only makes system calls, some instructions can be replaced with equivalent ones and padded with the NOP instructions, in order to make the shellcode seen as Chinese characters on text editors having support for UTF-16. Gadgets, divided from the shellcode, carrying code to link them together, are then embedded into Korean text. Finally, shellcode-embedding Korean text can be obtained. Since the text does not have any routine for decoding and an address list used in a code reuse attack, it may be able to elude most defensive measures. A proof-of-concept that automates the production of decoder-free Korean shellcode has been implemented.
[1] Angelos D. Keromytis,et al. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing , 2013, USENIX Security Symposium.
[2] Wei Wang,et al. Poster: An Adaptive Copy Spraying Scheme for Data Forwarding in Mobile Opportunistic Networks , 2015, MobiHoc.
[3] Joshua Mason,et al. English shellcode , 2009, CCS.
[4] Hovav Shacham,et al. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) , 2007, CCS '07.