Decoder-free sino-Korean shellcode
Some researchers have recently showed that shellcode, a small piece of executable machine code, could be transformed into text. Although such shellcode-embedding text itself may elude defensive measures, due to the existence of a decoding routine attached the shellcode, it could be detected by them. In this paper, we propose a novel approach to building shellcode-embedding Korean text without a decoder and a list of addresses used for a code reuse attack. For shellcode that only makes system calls, some instructions can be replaced with equivalent ones and padded with the NOP instructions, in order to make the shellcode seen as Chinese characters on text editors having support for UTF-16. Gadgets, divided from the shellcode, carrying code to link them together, are then embedded into Korean text. Finally, shellcode-embedding Korean text can be obtained. Since the text does not have any routine for decoding and an address list used in a code reuse attack, it may be able to elude most defensive measures. A proof-of-concept that automates the production of decoder-free Korean shellcode has been implemented.
- Issue Date
- 2016-08
- Language
- English
- Citation
2016 International Conference on Software Security and Assurance, ICSSA 2016, pp.75 - 78
- Appears in Collection
- RIMS Conference Papers
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 1 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.