Running Shellcode in your Raspberry Pi

I was interested in learning ARM assembly language for developing small applications for microcontrollers. I wrote this small piece of shellcode which will write “” inside the /etc/hosts file in a Linux system. I used my Raspberry Pi model B+ for this 🙂
Image result for raspberry pi b+
We will be needing the following syscalls.

#define __NR_exit                       (__NR_SYSCALL_BASE+  1)
#define __NR_write                      (__NR_SYSCALL_BASE+  4)
#define __NR_open                       (__NR_SYSCALL_BASE+  5)
#define __NR_close                      (__NR_SYSCALL_BASE+  6)


x86 Linux Egg hunter

This is a small post regarding egg hunting on x86 Linux systems. I’d highly recommend you to read skape’s paper “Safely Searching Process Virtual Address Space” . He has described his techniques for Linux and Windows systems. I will be using one of his implementations.  I will use the access system call which is 33 for IA-32.

#define __NR_access              33

The access system call can be used the check whether the calling process can access the file.

#include <unistd.h>
int access(const char *pathname, int mode);

This is the x86 assembly implementation of the hunger code. It will search the virtual address space for our tag “AAAA” and begin execution of our shellcode. I am not going to explain this implementation. You can refer to skape’s document in higher detail.