Skip to content

Python library to convert elf to os-independent shellcodes

License

Notifications You must be signed in to change notification settings

jonatanSh/shelf

Repository files navigation

Shelf - Shellcode ELF convert elf to shellcode

Convert standard elf files to standalone shellcodes. Please read the following documentation and view the examples for this project to work properly

Project links

Github

Pypi

Supported architectures

  • mips
  • i386 (intel x32)
  • x86_64 (intel x64)
  • arm (32bit)
  • aarch64 (arm 64 bit)
  • RISC-V rv64

Installation:

pip install py_shelf
Python version support
  • python3

How does this work ?

The python library parses the elf and create a simple relocatable file format called shelf (shellcode elf).

The mini loader is inserted as the entry point for shelf.

the mini loader will load and relocate the shelf then it will execute it. There are no special requirements, the library contain the compiled mini loaders and resources.

The diagram below explain the format (Only work in browsers)

  classDiagram
    ShellcodeEntryPoint --|> MiniLoader
    ShellcodeEntryPoint: Shellcode containing pre mini loader logic
    MiniLoader --|> Relocation table
    MiniLoader: Contain all the logic for parsing the relocation table
    MiniLoader: fully os independent
    Relocation table --|> HOOKS Optional
    Relocation table : Contain table required for shellcode runtime relocation
    HOOKS Optional --|> SHELF
    HOOKS Optional: Read more about hooks in the documentation below
    HOOKS Optional: This section is optional and only exists if hooks are used
    SHELF: Shellcode elf - This is the compiled binary we convert into shellcode
    SHELF: This binary is stripped into only opcodes
    SHELF: fully relocatable using the relocation table
Loading

This project is intended to convert elf to os independent shellcodes. Therefor the loader never allocate memory and the shellcode format is not packed. You can just execute it, eg ...

((void (*)()) shellcode)();

follow the examples below

Creating a shellcode

Some compilation flags are required for this to work properly. You must compile the binary with -fPIE and -static take a look at the provided examples below (makefile).

shellcode is a stripped binary with no symbols and no elf information only opcodes, in order to make the shellcode this library require a binary with elf information. so make sure you are not stripping the binary before using this library

simplified make command for mips big endian

gcc example.c -fno-stack-protector -fPIE -fpic -static -nostartfiles --entry=main -o binary.out
python -m shelf --input binary.out                                     

Examples:

Makefile

Example.c

Testing your shellcode

You can use the provided shellcode Loader to test you shellcodes

qemu-mips ./shellcode_loader ./myshellcode.out

Using the shelf loader library

it is advised to use the shelf loader library to tests your shellcode here you can read more about it: Shelf loader documentation

Advanced concepts and features

for following links only work on the github page