Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Operation request: Disassemble shellcode #68

Closed
schrodyn opened this issue Feb 5, 2017 · 2 comments · Fixed by #192
Closed

Operation request: Disassemble shellcode #68

schrodyn opened this issue Feb 5, 2017 · 2 comments · Fixed by #192
Labels
help wanted operation

Comments

@schrodyn
Copy link

schrodyn commented Feb 5, 2017

Request to add an operation which would perform disassembly on input bytes.

E.g.:
from base64
from gzip
disassemble
@n1474335
Copy link
Member

n1474335 commented Feb 7, 2017

Hi @schrodyn,

A shellcode disassembler for x86, x64, ARM etc. is something that has been on the 'To Do' list for a while. I've done some research into what's already available and open sourced as far as client-side JavaScript is concerned and this is what I've found:

  • Capstone.js

    • This seems to be the most comprehensive JavaScript solution and supports a good selection of different architectures. The main issue is its size. The minified version is 4.84MB at the time of writing this, which is a bit much to ask everyone to download when only a handful will actually use those operations (see Design Principals for an explanation of this). For context, the whole of CyberChef is currently around 2MB so that's quite a big size hit. Even if we stripped Capstone down to just support x86 it still comes in at 1.8MB.

  • X86-64-Disassembler-JS

    • This is much smaller (302KB before it's even been minified), however it would need some work before it could be incorporated into a large project as it is all declared at the global scope with no identifier encapsulation. It also only supports x86 and x64, but that isn't too bad to start off with. I'd be concerned that it's not a particularly active project though so I doubt any further architectures will be incorporated in future.

Other solutions not written in JavaScript include ODA which makes AJAX requests to a server-side API. This doesn't appear to be open source but I'd be happy to be proven wrong.

If anyone else has any thoughts on this we'd like to hear them. The other option is to just start from scratch, but this feels like a fairly comprehensive project in its own right and probably shouldn't live inside the CyberChef repository.

@n1474335 n1474335 mentioned this issue Mar 8, 2017
Closed
@Maijin
Copy link

Maijin commented Aug 30, 2017
edited
Loading

Since you mentionned ODA, there is also https://github.com/radare/radare2/ via r2pipe, could even get graphs etc. from it see https://github.com/radare/radare2-r2pipe see https://github.com/radare/radare2-r2pipe/tree/master/nodejs @radare

@n1474335 n1474335 mentioned this issue Sep 20, 2017
Merged
@n1474335 n1474335 mentioned this issue Oct 4, 2017
Merged
BRAVO68WEB pushed a commit to BRAVO68WEB/CyberChef that referenced this issue May 29, 2022
@Lissy93
Merge pull request gchq#68 from Lissy93/DOCS_Adds-showcase
c4bcac5 
Creates showcase page
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted operation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disassemble x86 gchq/CyberChef
3 participants
@Maijin @schrodyn @n1474335