initial

author: Root THC 2026-02-24 12:42:47 +0000
committer: Root THC 2026-02-24 12:42:47 +0000
commit: c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree: aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/mips.c
parent: 073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)
1 files changed, 143 insertions, 0 deletions
diff --git a/other/shellkit/mips.c b/other/shellkit/mips.c
new file mode 100644
index 0000000..dda3f92
--- /dev/null
+++ b/other/shellkit/mips.c
@@ -0,0 +1,143 @@
+/* mips.c - generic mips functions
+ *
+ * by team teso
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include "shellcode.h"
+#include "mips.h"
+static unsigned long int mips_nop_rwreg (void);
+static unsigned long int mips_nop_roreg (void);
+static unsigned long int mips_nop_xfer (char *xferstr);
+/* mips generic isa "nop" space generator
+ */
+/* get random read write register (i.e. not sp, everything else allowed)
+ */
+static unsigned long int
+mips_nop_rwreg (void)
+{
+        unsigned long int       reg;
+        do {
+                reg = random_get (0, 31);
+        } while (reg == 29);    /* 29 = $sp */
+        return (reg);
+}
+static unsigned long int
+mips_nop_roreg (void)
+{
+        return (random_get (0, 31));
+}
+static unsigned long int
+mips_nop_xfer (char *xferstr)
+{
+        int                     bw = 0; /* bitfield walker */
+        unsigned long int       tgt;    /* resulting instruction */
+        /* in a valid xferstr we trust */
+        for (tgt = 0 ; xferstr != NULL && xferstr[0] != '\0' ; ++xferstr) {
+                switch (xferstr[0]) {
+                case ('0'):
+                        BSET (tgt, 1, 0, bw);
+                        break;
+                case ('1'):
+                        BSET (tgt, 1, 1, bw);
+                        break;
+                case ('r'):
+                        BSET (tgt, 5, mips_nop_roreg (), bw);
+                        break;
+                case ('w'):
+                        BSET (tgt, 5, mips_nop_rwreg (), bw);
+                        break;
+                case ('c'):
+                        BSET (tgt, 16, random_get (0, 0xffff), bw);
+                        break;
+                case ('.'):
+                        break;  /* ignore */
+                default:
+                        fprintf (stderr, "on steroids, huh?\n");
+                        exit (EXIT_FAILURE);
+                        break;
+                }
+        }
+        if (bw != 32) {
+                fprintf (stderr, "invalid bitwalker: bw = %d\n", bw);
+                exit (EXIT_FAILURE);
+        }
+        return (tgt);
+}
+unsigned int
+mips_nop (unsigned char *dest, unsigned int dest_len,
+        unsigned char *bad, int bad_len)
+{
+        int     walk;
+        int     bcount; /* bad counter */
+        char *  xs;
+        char *  xferstr[] = {
+                "000000.r.r.w.00000.000100",    /* sllv rs rt rd */
+                "000000.r.r.w.00000.000110",    /* srlv rs rt rd */
+                "000000.r.r.w.00000.000111",    /* srav rs rt rd */
+                "000000.r.r.w.00000.100001",    /* addu rs rt rd */
+                "000000.r.r.w.00000.100011",    /* subu rs rt rd */
+                "000000.r.r.w.00000.100100",    /* and rs rt rd */
+                "000000.r.r.w.00000.100101",    /* or rs rt rd */
+                "000000.r.r.w.00000.100110",    /* xor rs rt rd */
+                "000000.r.r.w.00000.100111",    /* nor rs rt rd */
+                "000000.r.r.w.00000.101010",    /* slt rs rt rd */
+                "000000.r.r.w.00000.101011",    /* sltu rs rt rd */
+                "001001.r.w.c",                 /* addiu rs rd const */
+                "001010.r.w.c",                 /* slti rs rd const */
+                "001011.r.w.c",                 /* sltiu rs rd const */
+                "001100.r.w.c",                 /* andi rs rd const */
+                "001101.r.w.c",                 /* ori rs rd const */
+                "001110.r.w.c",                 /* xori rs rd const */
+                "001111.00000.w.c",             /* lui rd const */
+                NULL,
+        };
+        unsigned long int       tgt;
+        if (dest_len % 4) {
+                fprintf (stderr, "off by %d padding of dest_len (= %u), rounding down\n",
+                        dest_len % 4, dest_len);
+                dest_len -= (dest_len % 4);
+        }
+        for (walk = 0 ; dest_len > 0 ; dest_len -= 4 , walk += 4) {
+                /* avoid endless loops on excessive badlisting */
+                for (bcount = 0 ; bcount < 16384 ; ++bcount) {
+                        xs = xferstr[random_get (0, 17)];
+                        tgt = mips_nop_xfer (xs);
+                        dest[walk + 0] = (tgt >> 24) & 0xff;
+                        dest[walk + 1] = (tgt >> 16) & 0xff;
+                        dest[walk + 2] = (tgt >> 8) & 0xff;
+                        dest[walk + 3] = tgt & 0xff;
+                        if (badstr (&dest[walk], 4, bad, bad_len) == 0)
+                                break;
+                }
+                /* should not happen */
+                if (bcount >= 16384) {
+                        fprintf (stderr, "too much blacklisting, giving up...\n");
+                        exit (EXIT_FAILURE);
+                }
+        }
+        return (walk);
+}
author	Root THC	2026-02-24 12:42:47 +0000
committer	Root THC	2026-02-24 12:42:47 +0000
commit	c9cbeced5b3f2bdd7407e29c0811e65954132540 (patch)
tree	aefc355416b561111819de159ccbd86c3004cf88 /other/shellkit/mips.c
parent	073fe4bf9fca6bf40cef2886d75df832ef4b6fca (diff)

diff --git a/other/shellkit/mips.c b/other/shellkit/mips.c new file mode 100644 index 0000000..dda3f92 --- /dev/null +++ b/other/shellkit/mips.c
@@ -0,0 +1,143 @@
	1	/* mips.c - generic mips functions
	2	*
	3	* by team teso
	4	*/
	5
	6	#include <stdio.h>
	7	#include <stdlib.h>
	8	#include "shellcode.h"
	9	#include "mips.h"
	10
	11	static unsigned long int mips_nop_rwreg (void);
	12	static unsigned long int mips_nop_roreg (void);
	13	static unsigned long int mips_nop_xfer (char *xferstr);
	14
	15	/* mips generic isa "nop" space generator
	16	*/
	17
	18	/* get random read write register (i.e. not sp, everything else allowed)
	19	*/
	20	static unsigned long int
	21	mips_nop_rwreg (void)
	22	{
	23	unsigned long int reg;
	24
	25	do {
	26	reg = random_get (0, 31);
	27	} while (reg == 29); /* 29 = $sp */
	28
	29	return (reg);
	30	}
	31
	32
	33	static unsigned long int
	34	mips_nop_roreg (void)
	35	{
	36	return (random_get (0, 31));
	37	}
	38
	39
	40	static unsigned long int
	41	mips_nop_xfer (char *xferstr)
	42	{
	43	int bw = 0; /* bitfield walker */
	44	unsigned long int tgt; /* resulting instruction */
	45
	46	/* in a valid xferstr we trust */
	47	for (tgt = 0 ; xferstr != NULL && xferstr[0] != '\0' ; ++xferstr) {
	48	switch (xferstr[0]) {
	49	case ('0'):
	50	BSET (tgt, 1, 0, bw);
	51	break;
	52	case ('1'):
	53	BSET (tgt, 1, 1, bw);
	54	break;
	55	case ('r'):
	56	BSET (tgt, 5, mips_nop_roreg (), bw);
	57	break;
	58	case ('w'):
	59	BSET (tgt, 5, mips_nop_rwreg (), bw);
	60	break;
	61	case ('c'):
	62	BSET (tgt, 16, random_get (0, 0xffff), bw);
	63	break;
	64	case ('.'):
	65	break; /* ignore */
	66	default:
	67	fprintf (stderr, "on steroids, huh?\n");
	68	exit (EXIT_FAILURE);
	69	break;
	70	}
	71	}
	72
	73	if (bw != 32) {
	74	fprintf (stderr, "invalid bitwalker: bw = %d\n", bw);
	75	exit (EXIT_FAILURE);
	76	}
	77
	78	return (tgt);
	79	}
	80
	81
	82	unsigned int
	83	mips_nop (unsigned char *dest, unsigned int dest_len,
	84	unsigned char *bad, int bad_len)
	85	{
	86	int walk;
	87	int bcount; /* bad counter */
	88	char * xs;
	89	char * xferstr[] = {
	90	"000000.r.r.w.00000.000100", /* sllv rs rt rd */
	91	"000000.r.r.w.00000.000110", /* srlv rs rt rd */
	92	"000000.r.r.w.00000.000111", /* srav rs rt rd */
	93	"000000.r.r.w.00000.100001", /* addu rs rt rd */
	94	"000000.r.r.w.00000.100011", /* subu rs rt rd */
	95	"000000.r.r.w.00000.100100", /* and rs rt rd */
	96	"000000.r.r.w.00000.100101", /* or rs rt rd */
	97	"000000.r.r.w.00000.100110", /* xor rs rt rd */
	98	"000000.r.r.w.00000.100111", /* nor rs rt rd */
	99	"000000.r.r.w.00000.101010", /* slt rs rt rd */
	100	"000000.r.r.w.00000.101011", /* sltu rs rt rd */
	101	"001001.r.w.c", /* addiu rs rd const */
	102	"001010.r.w.c", /* slti rs rd const */
	103	"001011.r.w.c", /* sltiu rs rd const */
	104	"001100.r.w.c", /* andi rs rd const */
	105	"001101.r.w.c", /* ori rs rd const */
	106	"001110.r.w.c", /* xori rs rd const */
	107	"001111.00000.w.c", /* lui rd const */
	108	NULL,
	109	};
	110	unsigned long int tgt;
	111
	112	if (dest_len % 4) {
	113	fprintf (stderr, "off by %d padding of dest_len (= %u), rounding down\n",
	114	dest_len % 4, dest_len);
	115	dest_len -= (dest_len % 4);
	116	}
	117
	118	for (walk = 0 ; dest_len > 0 ; dest_len -= 4 , walk += 4) {
	119	/* avoid endless loops on excessive badlisting */
	120	for (bcount = 0 ; bcount < 16384 ; ++bcount) {
	121	xs = xferstr[random_get (0, 17)];
	122	tgt = mips_nop_xfer (xs);
	123
	124	dest[walk + 0] = (tgt >> 24) & 0xff;
	125	dest[walk + 1] = (tgt >> 16) & 0xff;
	126	dest[walk + 2] = (tgt >> 8) & 0xff;
	127	dest[walk + 3] = tgt & 0xff;
	128	if (badstr (&dest[walk], 4, bad, bad_len) == 0)
	129	break;
	130	}
	131
	132	/* should not happen */
	133	if (bcount >= 16384) {
	134	fprintf (stderr, "too much blacklisting, giving up...\n");
	135	exit (EXIT_FAILURE);
	136	}
	137	}
	138
	139	return (walk);
	140	}
	141
	142
	143