Go Back   EXETOOLS FORUM > General > General Discussion


Thread Tools Display Modes
Old 07-20-2017, 09:44
TechLord TechLord is offline
Banned User
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 789
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 811
Thanks Rcvd at 1,797 Times in 478 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
The Synesthesia Shellcode Generator

The Synesthesia Shellcode Generator: Code Release and Future Directions

( July 17, 2017 Rolf Rolles )

Link here .


Synesthesia is an idea that I published at EkoParty last year (slides and video are available) regarding automated shellcode generation under encoding restrictions. The presentation walked through an extended tutorial on program synthesis, and showed how the idea would be implemented using those techniques. I promised to release code; this blog entry is the notification of such release, and some explanation of what the code is, what it is not, and what I hope it shall be in future releases. Here is the GitHub repository.

Limitations of current release

As envisioned in that presentation, the ideal implementation of Synesthesia is a stand-alone compiler with three modes: 1) generate shellcode under input restrictions given a specification for its behavior; 2) re-compile existing shellcode under input restrictions; and 3) encode and generate decoder loops for existing, non-encoded shellcode binary blobs. No matter which mode, in the ideal fully-automated implementation, the user should be able to write programs that dictate their requirements on the shellcode, invoke the Synesthesia compiler, and recieve machine code as output. As with any compiler, Synthesthsia should be a black box: to use it, the user should not have to be an expert user of SMT solvers or possess advanced education in theoretical computer science and mathematics. At present, the current implementation falls short of the goal of being an actual compiler: the process is not fully (or even largely) automated.

The current implementation of Synesthesia is a set of .ys files, scripts written in the YICES 2.x SMT solver presentation language. Each one defines an SMT query corresponding to an example given in the presentation. To obtain a result, the user must pass the .ys files into yices 2.x with the --mode=ef command-line option, and then manually interpret the results. To solve a different problem from the ones given in the presentation, the user must manually create a .ys file (perhaps using the existing ones as a template) and pass it to Yices for solving.

Lately, I have been working on (and enjoying) bringing Synesthesia closer to the ideal vision. The in-progress version is a legitimate, stand-alone compiler with its own programming language, where the machine language decoding routines are written in that language. However, it is in early development at the moment and is not yet suitable for release.
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
tonyweb (07-21-2017)

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cmulator ( x86 - x64 ) Scriptable RE Sandbox Emulator for shellcode and PE Coldzer0 Source Code 0 09-29-2018 10:36

All times are GMT +8. The time now is 18:01.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX