Skip to main content
SpringerLink
Log in

Automatic Generation of Compact Alphanumeric Shellcodes for x86

  • Conference paper
Information Systems Security (ICISS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8880))

Included in the following conference series:

Abstract

Shellcode can be viewed as machine language code that is injected in the form of string input to exploit buffer overflows. It usually contains non-ASCII values because not all machine instructions encode into ASCII values. Many applications allow arbitrary string input, even though only strings containing characters that are ASCII or a subset of ASCII are deemed valid. Thus a common defense against shellcode injection is to discard any string input containing non-ASCII characters. Alphanumeric shellcode helps attackers bypass such character restrictions. It is non-trivial to construct alphanumeric shellcodes by hand and so tools have been created to automate the process. The alphanumeric equivalent, generated by the existing tools, is much larger than the original shellcode. This paper presents two new encoding schemes to reduce the size of the alphanumeric equivalent. A smaller shellcode is better as it can fit into smaller buffers and is even more useful in case an application restricts the input size. Results show that the size reduction of the encoded shellcode is more than 20% for many shellcodes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aleph One. Smashing the stack for fun and profit. Phrack, 49 (1996), http://phrack.org/issues/49/14.html

  2. Rix. Writing IA32 alphanumeric shellcodes. Phrack, 57 (2001), http://phrack.org/issues/57/18.html

  3. Wever, B.J.: Writing IA32 restricted instruction set shellcode decoder loops, http://skypher.com/wiki/index.php?title=Www.edup.tudelft.nl/~bjwever/whitepaper_shellcode.html.php

  4. Shellcodes database, http://shell-storm.org

  5. ALPHA3 - alphanumeric shellcode encoder, https://code.google.com/p/alpha3/

  6. Younan, Y., Philippaerts, P.: Alphanumeric RISC ARM shellcode. Phrack, 66 (2009), http://phrack.org/issues/66/12.html

  7. Younan, Y., Philippaerts, P., Piessens, F., Joosen, W., Lachmund, S.: Filter-resistant code injection on ARM. Journal of Computer Virology and Hacking Techniques 7(3), 173–188 (2011)

    Article  Google Scholar 

  8. Kumar, P., Chowdary, N., Mathuria, A.: Alphanumeric Shellcode Generator for ARM Architecture. In: Gierlichs, B., Guilley, S., Mukhopadhyay, D. (eds.) SPACE 2013. LNCS, vol. 8204, pp. 38–39. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. DA-IICT, Gandhinagar, India

    Aditya Basu, Anish Mathuria & Nagendra Chowdary

Authors
  1. Aditya Basu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anish Mathuria
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nagendra Chowdary
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of EECS, University of Michigan, 48109-2121, Ann Arbor, MI, USA

    Atul Prakash

  2. Faculty of Technology and Computer Science, Tata Institute of Fundamental Research, Homi Bhabha Road, 400005, Mumbai, India

    Rudrapatna Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Basu, A., Mathuria, A., Chowdary, N. (2014). Automatic Generation of Compact Alphanumeric Shellcodes for x86. In: Prakash, A., Shyamasundar, R. (eds) Information Systems Security. ICISS 2014. Lecture Notes in Computer Science, vol 8880. Springer, Cham. https://doi.org/10.1007/978-3-319-13841-1_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-13841-1_22

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-13840-4

  • Online ISBN: 978-3-319-13841-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation