The scrap-is-not-scrap (sins) experiment began out of a public school education in biology and dissatisfaction with genetic algorithms with their ability to do work.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

69 lines
1.8 KiB

#! /usr/bin/env python3
from multiprocessing import Queue
from random import randint
import ctypes
import mmap
from .disassemble import disasm
seed_shell = b''.join([
b'\x55',
b'\x48\x89\xe5',
b'\x90' * randint(8, 64),
b'\x48\x89\x7d\xf8',
b'\x90' * randint(8, 64),
b'\x48\x8b\x45\xf8',
b'\x5d',
b'\xc3'])
# use template to declutter output, todo
seed_shell = b''.join([
b'\x55', # push rbp
b'\x48\x89\xe5', # mov rbp,rsp
b'\x90' * 8, # nop
b'\x48\x89\x7d\xf8', # mov QWORD [rbp-0x8],rdi
b'\x90' * 8, # nop
b'\x48\x8b\x45\xf8', # mov rax,QWORD [rbp-0x8]
b'\x5d', # pop rbp
b'\xc3']) # ret
def mutate(shellcode: bytes):
shellcode = bytearray(shellcode)
offset = randint(0, len(shellcode) - 1)
flip = randint(0, 255)
shellcode[offset] ^= flip
return bytes(shellcode)
def generation(queue: Queue, shellcode: bytes):
prot = mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC
flags = mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE
exec_mem = mmap.mmap(-1, len(shellcode), prot=prot, flags=flags)
exec_mem.write(shellcode)
ctypes_buffer = ctypes.c_int.from_buffer(exec_mem)
addr = ctypes.addressof(ctypes_buffer)
function = ctypes.CFUNCTYPE(ctypes.c_uint, ctypes.c_uint)(addr)
function._avoid_gc_for_mmap = exec_mem
shellcode_len = ctypes.c_uint(len(shellcode))
result = function(shellcode_len)
queue.put(result)
def growth(*, shellcode: bytes, objdump: str) -> bytes:
max_op_len = 15
if len(shellcode) > objdump.count('\n') * max_op_len:
return bytes(shellcode)
if objdump.count('nop'):
return bytes(shellcode)
shellcode = bytearray(shellcode)
shellcode += b'\x90'
return bytes(shellcode)