4. Custom encoding for “Insertion Encoder”

This fourth assignment instructs to use a custom encoding scheme, such as the used Insertion encoder during the SLAE course.
Required to use the execve-stack as used during the course, to encode with the schema and execute.

Assignment

  • Create a custom encoding scheme like the “Insertion Encoder”
  • PoC with using execve-stack as the shellcode to encode with your schema and execute

Steps taken

– Compiling and generating shellcode for execve-stack
– Using the Insertion Encoder from SLAE
– Select a custom encoder and implement in Python script
– Building the decoder in assembly
– Run and check results

Chosen encoder

Rolling XOR random byte

I’ve chosen a rolling XOR-encoder schema which a random byte: first, ASM code is generated via a script which randomly chooses a byte between 1 and 255. Then, the randomly chosen byte is being used as first byte of the ASM string: the rest of the bytes are being XOR’ed by the randomly chosen byte.

Additionally, it checks if any bad characters are being generated.