How to change hex to shellcode bytes

Question

0x62, 0x75, 0x66, 0x20, 0x3d, 0x20, 0x20, 0x62, 0x22, 0x22, 0x0a, 0xeb,
0x7c, 0x38, 0x5c, 0x78, 0x34, 0x65, 0x5c, 0x78, 0x32, 0x39, 0x5c, 0x78, 
0x31, 0x35, 0x5c, 0x78, 0x39, 0x39, 0x5c, 0xeb, 0x34, 0xeb, 0x27, 0x65, 
0x5c, 0x78, 0x64, 0x36, 0x5c, 0x0f, 0x88, 0x34, 0x04, 0x00, 0x00, 0x38, 
0x5c, 0x78, 0x38, 0x34, 0x5c, 0x78, 0x63, 0x31, 0x22, 0x0a, 0x62, 0x75, 
0x66, 0x20, 0x2b, 0x3d, 0x20, 0x62, 0x22, 0x5c, 0xe9, 0x1c, 0x03, 0x00, 
0x00

Given the above values, how can I convert to shellcode bytes format.

buf =  b""
buf += b"\xd9\xc8\xbd\x91\x98\xd9\xc4\xd9\x74\x24\xf4\x5a\x33"

Answer 1

The original format is meant to initialize a character array in a C-like syntax (it works in a lot of languagues derived from or inspired by C). Every byte is given as two hexadecimal digit, each byte is prefixed by 0x, because that's how hexadecimal values are designated in C, and the bytes are separated by commas, because that's how you separate array values in C. So the first two bytes of your shell code are represented by the hexadecimal values 62 and 75.

The target format you show is a python bytestring. That's actually a common way to represent sequences of bytes in python. A bytestring in python is expressed by the letter b, followed by a C-like string literal. In string literals, most letters represent their ASCII code, but there is a way to escape from that 1:1 mapping - by using the "escape" character \. The sequence \x means that the next two letters should be read as hexadecimal number (this is oversimplified but good enough for this answer), and the byte with that value is to be put into the byte string.

So transforming from C-style array syntax to python bytestring syntax, the result would look like

buf = b""
buf += b"\x62\x75\x66\x20\x3d\x20\x20\x62\x22\x22\x0a\xeb"
buf += b"\x7c\x38 ...

You would need to continue reformatting from the C-style array representation to the string literal representation. buf += means "append the following stuff to the current contents of buf, so splitting the data into multiple append operations doesn't change the meaning. Using multiple append operations for each line of the original character array isn't necessary, but it's a straight-forward way to keep the line breaks without introducing any advanced python syntax features.

An easier way to get the bytes in C-style array format into a python bytes-like object (which is essentially what your python code does) is:

buf = bytes([0x62, 0x75, 0x66, 0x20, 0x3d, 0x20, 0x20, 0x62, 0x22, 0x22, 0x0a, 0xeb,
             0x7c, 0x38, 0x5c, 0x78, 0x34, 0x65, 0x5c, 0x78, 0x32, 0x39, 0x5c, 0x78,
             ...])

This allows you to copy&paste the C-style array data as is.

This answer only works if the C-style array data you gave at the beginning is just the shell code. As Mark Tolonen pointed out in the comments, this is likely not the case. The first bytes decode to the ASCII characters buf = b"" followed by a new line. This has no valid reason to appear in raw x86 shell code. Also later parts of the input you give seem to be a strange mix of x86 opcode bytes and ASCII encoded characters. It is therefore likely that the input you gave in your question is already not useful and converting it into a different syntax won't fix it.