Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Morpher ARM support #3

Open
Bry-fi opened this issue Jul 10, 2017 · 3 comments
Open

Morpher ARM support #3

Bry-fi opened this issue Jul 10, 2017 · 3 comments

Comments

@Bry-fi
Copy link

Bry-fi commented Jul 10, 2017

as AES.s -o AES.O
AES.s: Assembler messages:
AES.s:16: Error: bad instruction callq read' AES.s:17: Error: bad instruction movaps %xmm0,%xmm5'
AES.s:18: Error: bad instruction pxor %xmm2,%xmm2' AES.s:19: Error: bad instruction aeskeygenassist $1,%xmm0,%xmm1'
AES.s:20: Error: bad instruction callq scheduling' AES.s:21: Error: bad instruction movaps %xmm0,%xmm6'
AES.s:23: Error: bad instruction aeskeygenassist $2,%xmm0,%xmm1' AES.s:24: Error: bad instruction callq scheduling'
AES.s:25: Error: bad instruction movaps %xmm0,%xmm7' AES.s:26: Error: bad instruction aeskeygenassist $8,%xmm0,%xmm1'
AES.s:27: Error: bad instruction callq scheduling' AES.s:28: Error: bad instruction movaps %xmm0,%xmm9'
AES.s:29: Error: bad instruction aeskeygenassist $16,%xmm0,%xmm1' AES.s:30: Error: bad instruction callq scheduling'
AES.s:31: Error: bad instruction movaps %xmm0,%xmm10' AES.s:33: Error: bad instruction aeskeygenassist $64,%xmm0,%xmm1'
AES.s:34: Error: bad instruction callq scheduling' AES.s:35: Error: bad instruction movaps %xmm0,%xmm12'
AES.s:36: Error: bad instruction aeskeygenassist $128,%xmm0,%xmm1' AES.s:37: Error: bad instruction callq scheduling'
AES.s:38: Error: bad instruction movaps %xmm0,%xmm13' AES.s:39: Error: bad instruction aeskeygenassist $27,%xmm0,%xmm1'
AES.s:40: Error: bad instruction callq scheduling' AES.s:41: Error: bad instruction movaps %xmm0,%xmm14'
AES.s:42: Error: bad instruction aeskeygenassist $54,%xmm0,%xmm1' AES.s:43: Error: bad instruction callq scheduling'
AES.s:44: Error: bad instruction movaps %xmm0,%xmm15' AES.s:47: Error: bad instruction callq read'
AES.s:48: Error: ARM register expected -- cmp $16,%rax' AES.s:49: Error: bad instruction jl exit'
AES.s:50: Error: bad instruction pxor %xmm5,%xmm0' AES.s:51: Error: bad instruction aesenc %xmm6,%xmm0'
AES.s:52: Error: bad instruction aesenc %xmm7,%xmm0' AES.s:54: Error: bad instruction aesenc %xmm9,%xmm0'
AES.s:55: Error: bad instruction aesenc %xmm10,%xmm0' AES.s:57: Error: bad instruction aesenc %xmm12,%xmm0'
AES.s:58: Error: bad instruction aesenc %xmm13,%xmm0' AES.s:59: Error: bad instruction aesenc %xmm14,%xmm0'
AES.s:60: Error: bad instruction aesenclast %xmm15,%xmm0' AES.s:61: Error: bad instruction callq write'
AES.s:62: Error: bad instruction jmp crypt' AES.s:66: Error: ARM register expected -- mov $0x0,%rax'
AES.s:67: Error: ARM register expected -- mov $0x0,%rdi' AES.s:68: Error: ARM register expected -- mov $buffer,%rsi'
AES.s:69: Error: ARM register expected -- mov $16,%rdx' AES.s:70: Error: bad instruction syscall '
AES.s:71: Error: bad instruction movaps buffer,%xmm0' AES.s:72: Error: bad instruction retq '
AES.s:76: Error: bad instruction movaps %xmm0,buffer' AES.s:77: Error: ARM register expected -- mov $0x1,%rax'
AES.s:78: Error: ARM register expected -- mov $0x1,%rdi' AES.s:79: Error: ARM register expected -- mov $buffer,%rsi'
AES.s:80: Error: ARM register expected -- mov $16,%rdx' AES.s:81: Error: bad instruction syscall '
AES.s:82: Error: bad instruction retq ' AES.s:85: Error: ARM register expected -- mov $0x3c,%rax'
AES.s:86: Error: ARM register expected -- mov $0x0,%rdi' AES.s:87: Error: bad instruction syscall '
AES.s:90: Error: bad instruction pshufd $0b11111111,%xmm1,%xmm1' AES.s:91: Error: bad instruction shufps $0b00010000,%xmm0,%xmm2'
AES.s:92: Error: bad instruction pxor %xmm2,%xmm0' AES.s:93: Error: bad instruction shufps $0b10001100,%xmm0,%xmm2'
AES.s:94: Error: bad instruction pxor %xmm2,%xmm0' AES.s:95: Error: bad instruction pxor %xmm1,%xmm0'
AES.s:96: Error: bad instruction `retq'
@cryptolok
Copy link
Owner

What's your CPU ? lscpu
try as --64 AES.s -o AES.O

@Bry-fi
Copy link
Author

Bry-fi commented Jul 11, 2017

Arm7 processor on nethunter

@cryptolok cryptolok changed the title Bad instruction Morpher ARM support Jul 11, 2017
@cryptolok
Copy link
Owner

cryptolok commented Jul 11, 2017
edited
Loading

Well, as I stated in the description, the assembly code will function on Inte x64 with AES-NI support only, regardless the fact that the morpher itself is written in pyhton, since I use a custom AES implementation in x64 assembly.
For more details you can see the issue number 1.
So, unfortunately, you will not be able to use it on ARM...
Such possibility will require recoding my implementation on ARM assembly and there are 2 possibilities:

  1. Use AES-NI on ARM - some Allwinner and Broardcom processors suport that, but not only the support is limited and not officially claimed, it's poorly documented and not wide spread as well

  2. Completely recode AES for ARM - a very time consuming task, especially considering that the shellcode target has to support AES-NI anyway

I will, nonetheless consider it as a future improvement, despite the fact that it can open the door for ARM shellcoding, it would be quit unrealistic, but perhaps someday I will do it, perhaps with a help of someone :)

I will update the README in any case

Thanks for your contribution :)

@cryptolok cryptolok mentioned this issue Apr 12, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Bry-fi @cryptolok