Skip to content

Latest commit

 

History

History
24 lines (14 loc) · 1.21 KB

README.md

File metadata and controls

24 lines (14 loc) · 1.21 KB

ELF Packer

Copyright 2023 (c) Aiden Fox Ivey [email protected], Alisya K.

Methodology

Under the hood we use Construct to parse the ELF files. We've written our code so that there is support for 32 and 64 bit ELF files. As is expected, the parser respects the e_ident[EI_DATA] rather than assuming the provided binary is the host encoding or an arbitrary one.

Thanks must be given to the elf32.py example provided in Construct's deprecated gallery, as it demonstrated a very clean way to construct the code.

A version of our current example has been added to Construct.

Also, we use Capstone Dissassembler for optional dissassembly of code within the files.

Resources

AARCH64 Syscalls available here.

ELF resources provided by tmp.out.

Some inspiration provided from Faster Than Lime.