Skip to content

bx/elf-bf-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

demo

demo

 
 

elf_bf_compiler

elf_bf_compiler

 
 

elf_bf_debug

elf_bf_debug

 
 

libelf_bf

libelf_bf

 
 

ping_backdoor

ping_backdoor

 
 

syscall

syscall

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE

LICENSE

 
 

README

README

 
 

Repository files navigation

OVERVIEW
This project contains tools that can be used to coarse the gcc's runtime loader
into performing interesting operations using only valid relocation entries and
symbols.

Slides from our DEFCON 20 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/elf-defcon20.pdf

Slides from our BerlinSides0x3 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-berlinsides-0x3.pdf

Slides from our 29C3 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-29c3.pdf

Slides from our USENIX WOOT 2013 talk can be found here:
http://www.cs.dartmouth.edu/~bx/elf-bf-tools/slides/ELF-WOOT-2013.pdf


directories:
libelf_bf/ contains files that make up the library
elf_bf_compiler/ implementation for Brainfuck to ELF compiler
elf_bf_debug/ contains useful scripts for debugging the runtime loading process
as it processes relocation entries
ping_backdoor/ contains code that uses relocation entries to build a backdoor
into ping
demo/ contains a simple c program to play with


BUILDING

These instructions are written for Ubuntu 11.10 x86_64. If you are running a
different version of Ubuntu, you should setup a 64bit Oneiric chroot
environment.  See https://help.ubuntu.com/community/DebootstrapChroot
for for information.  If you are not running 64-bit Ubuntu, best of luck.
At the very least you will need a amd64 system using eglibc 2.13.


Required apt packages: build-essential, subversion, libssl-dev, cmake

You will need to install eresi from source, which can be found at
http://www.eresi-project.org/
Their code can be checked out using:
$> svn checkout http://svn.eresi-project.org/svn/trunk/ eresi

build eresi as follows;
./configure --prefix /usr/local --enable-64
make
sudo make install install64
(If install fails with "chmod: cannot operate on dangling symlink `/usr/local//lib/libelfsh.so', don't worry. Just move on)

To build elf-bf-tools, in the elf-bf-tools directory
cmake .
make

..and that's it

Thanks for reading, be sure to visit the README files located in
elf_bf_compiler, elf_bf_debug, and ping_backdoor if you end up working with the
code there.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

107 stars

Watchers

8 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages