jueves, 5 de febrero de 2009

MOSDEF 2.0 is out!


Dear Diary,
MOSDEF 2.0 is out, let's the hype begging...
Wait...
Were is all the cheering?
Do we need to coordinate with a lot of vendors to make it cool?
Ah, or probably announce it secretly teasing everyone of something that it doesn't do?

The interweb had change quite a lot lately...

Anyways, MOSDEF v2.0 a LGPL C-like compiler written in python is out. And it's incredible fast.
Why you will be using it? Because if fun, because it's simple to use and practical.
Other than using the usual compiler capabilities, you can use MOSDEF inside your exploit for shellcode. Rather than the usual stolen string shellcode, you can now write your own by do doing:
from MOSDEF import mosdef
mosdef.assemble("jmp %ebx", "X86") # or "PPC"

Simple and useful. But this is like the most simple thing you can do with it, there is a huge world of things you can no do.
I would love to see people start doing their own packers/polymorphic shellcode over MOSDEF.

The compiler chain works this way (stolen from rich's pdf):
cc.py -> cpp.py -> cparse2.py -> il2X86.py -> x86parse.py -> makeexe.py

If you want to see the mechanic of the compiler, you probably want to take a look at the first three files, but what we really gonna care for any cool new tool is the last 3 files:

il2X86.py takes a really simple to understand Intermediate Language, and transform it into assembly. Let's see some examples:


def _loadint(self, words):
return ["movl $%d,%%eax\n" % long(words[1],0)]

def _call(self, words):
return ["call %s\n"%words[1]]

def _subconst(self, words):
return ["subl $%d,%%eax\n"%int(words[1])]


It will be really simple, based on the IL to transform the IL into a virtual machine packer.

x86parser.py It's the file in charge of transforming the output assembly into opcode.
makeexe.py This file is in charge of creating, based on the created shellcode a binary with the corresponding fileformat. If you are talking Windows (which is not released on 2.0, canvas client's only for now), you can probably create one of the smallest PE a compiler can gave you (And forget about IAT or any Import.). And this step you can easily create your own ELF, including whatever tweak you might wanna add.


Hopefully soon I will made a bigger post with much more details. For a good read, get Rich's paper. Or directly download MOSDEF 2.0 sources.

Cheers,
Nico
PS: Since we released MOSDEF 2.0, we are preparing a one-two day trainning on Windows 32 Shellcode writing. If you are interested, ping me.

No hay comentarios: