行业智能>> riscv-business>> 返回
项目作者: HosakaCorp

项目描述 :
RISC-V: RV64G Linux assembly and payloads from the ground up
高级语言: Assembly
项目地址: git://github.com/HosakaCorp/riscv-business.git
创建时间: 2019-04-06T20:57:44Z
项目社区:https://github.com/HosakaCorp/riscv-business
开源协议:MIT License
下载


RISC-V RV64G Linux Shellcoding

This repository contains all the code used to create a minimal example
of creating shellcode for RISC-V RV64G. I attempted to do this as black-
box as possible using only the RISC-V documentation and source from gcc,
glibc, and the linux kernel. This was dual purpose to work on furthering
my understanding of hardware specifics, to learn to shellcode on a
lesser known/new ISA, and to attempt to get some payloads available even
before common adoption.

Repository Layout

Inside of the src/ directory there are simple C examples
(simpleN.c), assembly examples (asmN.s), and shellcode examples
(scN.h) that are included by sctester.c and executed using a GCC
trampoline.

The reading path is not one-to-one by the numbers, instead it should be
read in the following manner or as described in the coming blogpost:

files lesson
asm1.s, asm2.s Learn about the basic calling conventions, linux specifics for system calls, data access
asm3.s Port a program to not use the rodata section and learn about PIC
asm4.s Graceful shell spawning in assembly
sc1.h, asm5.s Learn about the pitfalls of shellcode and use a simple shellcode tester to check for null chars
sc2.h, asm6.s Discover more pitfalls, solutions, and port the more advanced shell exec shellcode
asm7.s Create a reverse shell in assembly
asm8.s, sc3.h Porting the reverse shell to shellcode

Additionally, it is extremely common for most of the implimentations of
RISC-V to contain the C compressed instruction extension. For that
reason I decided to add a few examples:

files lesson
asm6c.s An example of some shellcode with compressed instructions and less xor

Usage / Building

It is expected that you have a VM to test with, the instructions for
running will be here. Once you have the VM the code can either be
compiled from the directly from the root of the repository with a simple
make in the root of the directory. This expect you to have gcc(1) and
as(1) for assembly.

Additionally the realease page should have a copy of the bin directory
after a successful compilation.

Supporting/Helpful Documents