Skip to content

Instantly share code, notes, and snippets.

@Cryptogenic
Created May 27, 2018 21:52
Show Gist options
  • Save Cryptogenic/066072f2fb8c195e5968c802f42780e4 to your computer and use it in GitHub Desktop.
Save Cryptogenic/066072f2fb8c195e5968c802f42780e4 to your computer and use it in GitHub Desktop.
A script to convert payloads into JS shellcode
#!/usr/bin/python
import sys
import struct
import argparse
def swap32(i):
return struct.unpack("<I", struct.pack(">I", i))[0]
filename = None
buffername = None
blocksize = 30000 # ~3MB
parser = argparse.ArgumentParser()
parser.add_argument("file", type=str, help="specify binary file")
parser.add_argument("buffer", type=str, help="name of buffer to write shellcode to")
parser.add_argument("-b", "--blocksize", type=int, help="specify block size")
args = parser.parse_args()
if args.blocksize:
blocksize = args.blocksize
filename = args.file
buffername = args.buffer
with open(filename, "rb") as f:
block = f.read(blocksize)
hexStr = ""
blockOffset = 0
for ch in block:
hexStr += format((ord(ch)), 'x').zfill(2)
blockOffset += 1
if blockOffset % 4 == 0:
hexStr += "|"
byteSets = hexStr.split('|')
byteOffset = 0
del byteSets[-1]
for byteSet in byteSets:
byte = int(byteSet, 16)
byte = format(swap32(byte), 'x').zfill(8) # Little Endian Pls
print "p.write4(" + str(buffername) + ".add32(0x" + str(format((byteOffset), 'x').zfill(8)) + "), 0x" + str(byte) + ");"
#print str(buffername) + "[" + str(byteOffset) + "] = 0x" + str(byte) + ";"
byteOffset += 4
#byteOffset += 1
@valentinbreiz
Copy link

Thanks

@en0l1c
Copy link

en0l1c commented May 27, 2018

Thanks!!

@niemasd
Copy link

niemasd commented May 27, 2018

Some cleanup in my Pull Request: Cryptogenic/PS4-5.05-Kernel-Exploit#2

@moudly
Copy link

moudly commented May 27, 2018

How is this used?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment