Obscure FISTing 2

In the realms of assembly obfuscations, this isn’t extremely high in complexity. This is me finding an excuse to use the “FIST” instruction. In the context of the PoC, it is being used as a decoder for some encoded shellcode. Before going into the super technical details, below is a video of the PoC in […]

Assembly Is Too High Level: Undocumented Code Exploration

With an assembler, your code gets assembled into machine code. All valid assembly instructions should be translated to corresponding machine code bytes. But in reverse, not every possible byte sequence is something that can be produced from assembly source. There a few categories of reasons for this: Reason 1:   Simple redundancies. XOR EAX, EAX […]

Assembly Is Too High-Level: Full Offsets

This is one of those times were I get kind of annoyed that what I tell my ‘high-level’ language gets ‘interpreted’ for me, because it knows better. I feel this post may be slightly less arbitrary than the rest; in the sense that the machine-level hack covers something that you should be able to use, […]

Assembly Is Too High-Level: Better Call SAL

  When it comes down to it, this is logically true. But it seems like everything tries to sweep SAL under the rug, therefore: I WANT!     I get it, it’s the same thing. And for the record, I verified that they operate exactly the same down to the eflags being set identically. Lets […]

Assembly Is Too High-Level: OP REG,imm redundancies 3

About a week ago I came accross one of Ange’s pages (https://code.google.com/p/corkami/wiki/x86oddities?wl=en). Before that point I only knew him as a major contributor to my favorite zine (PoC||GTFO) and author of some very useful technical info-graphics; his ELF diagram jump started my ability to create my m2elf.pl script. Looking at his x86 oddities page, it looks […]

How to Machine 1

I’ve been making a few posts on how I find situations where assembly language would be too high-level, almost to the point of evangelizing it. However, I realized that I have not yet gone into any kind of explanation on exactly what tricks I am using to directly code in machine code. There are actually […]

Bass + Computer 1

Summary: While I was at the NYC 2600 this month (September), I was talking with someone involved in chiptunes and it reminded me of one of my ‘secret’ projects that I somehow forgot to mention more publicly. This was a project that I put together all the way back in 2008/2009 (hardware/software respectively). Pretty much […]

Assembly Is Too High-Level: Consistent Instruction Sizes 1

YES! I want that. I want ALL my instructionz to be 15 bytes. Forget that this part of the manual is talking about AVX instructions, I don’t care about that; I just want 15 byte instructions, so when I look at machine code in a debugger, it doesn’t look all jagged and ugly. What do […]

8ball can now speedball

As I’m preparing to give a talk on automated regular expression denial of service methods and defenses at DefCon 23 this week, I beefed up part of 8ball (a tool demonstrated at DefCon 22 last year) to be able to incorporate RE:DoS. 8ball is a script that parses a txt file list of snort/suricata rules […]

Assembly Is Too High-Level: Shell with 178 ADDs and 1 JMP

While the discussion that will follow can all be done exclusively in assembly language, the fun stuff is happening with an understanding of the machine language component. Also, this general obfuscation trick is not completely a new one, it’s just my flavor of it. AddShell: I wrote a program that I called “AddShell”. It is […]