cargo-shellcode
| Crates.io | cargo-shellcode |
| lib.rs | cargo-shellcode |
| version | 0.1.1 |
| source | src |
| created_at | 2024-08-15 20:53:26.664811 |
| updated_at | 2024-08-15 22:01:33.072861 |
| description | Compile a Rust crate into shellcode |
| homepage | |
| repository | https://github.com/novafacing/cargo-shellcode |
| max_upload_size | |
| id | 1339474 |
| size | 47,757 |
Rowan Hart (novafacing)
documentation
README
cargo-shellcode
Compile your Rust project1 into shellcode for use in CTF or exploit development!
The subcommand runs an LLVM pass over your code which inlines all functions into the entrypoint, and moves all globals into stack space. This allows you to write mostly-normal-looking code which can be used as shellcode.
Install
cargo install cargo-shellcode
You will need to have LLVM installed (e.g. dnf install llvm llvm-libs llvm-devel).
Usage
To build your crate as shellcode:
cargo shellcode build
Optionally, you can specify where to output the shellcode:
cargo shellcode build -o shellcode.bin
To run your shellcode (note: this is pretty unsafe!):
cargo shellcode run
Or to run a specific shellcode file:
cargo shellcode run shellcode.bin
Crate Layout
Not just any crate can be compiled down to shellcode. In general, you'll need to follow these rules:
- The entrypoint must be called
_startormain - Your code must be
#![no_std]and#![no_main], and compatible with-nostartfiles(i.e. a freestanding binary) - Globals/constants may only be used by one function. Basically:
- Do not use
staticvariables - Put all
constvalues in the function that uses them, not in global scope
- Do not use
For an example of a crate that does something non-trivial that can be compiled to shellcode, check out the examples.
Acknowledgements
This project (in particular the global variable inlining) is partially taken from and inspired by SheLLVM. Thanks!
Footnotes
-
Some caveats apply, see crate layout. ↩