arm-pi para geany

arm-pi.py

@@ -9,37 +9,44 @@
 cc_as="arm-linux-gnueabihf-as"
 cc_gcc="arm-linux-gnueabihf-gcc"
 
-
-proc = Popen([cc_as ,'-mthumb', '-o', arch+'.o' , arch + '.s'] , stdin = PIPE , stdout = PIPE)
-proc.stdout.readline()
-proc.stdout.flush()
-
-
-proc1=Popen([cc_gcc,'-o',arch,arch+'.o'], stdin = PIPE, stdout = PIPE)
-proc1.stdout.readline()
-proc1.stdout.flush()
-
+try:
+	if (sys.argv[3]=='s'):
+		#compila un archivo assembler arm a un obj-elf-arm
+		proc = Popen([cc_as ,'-mthumb', '-o', arch+'.o' , arch + '.s'] , stdin = PIPE , stdout = PIPE)
+		proc.stdout.readline()
+		proc.stdout.flush()
+
+		#linkea el obj-elf-arm a un bin-elf-arm
+		proc1=Popen([cc_gcc,'-o',arch,arch+'.o'], stdin = PIPE, stdout = PIPE)
+		proc1.stdout.readline()
+		proc1.stdout.flush()
+		print "Compilado para ARM cross-compiler -->"+cc_gcc+"\n"
+        	print "Fuente"+arch+".s"
+
+	if (sys.argv[3]=='c'):
+		#linkea el obj-elf-arm a un bin-elf-arm
+        	proc1=Popen([cc_gcc,'-o',arch,arch+'.c'], stdin = PIPE, stdout = PIPE)
+       		proc1.stdout.readline()
+        	proc1.stdout.flush()
+		print "Compilado para ARM cross-compiler -->"+cc_gcc+"\n"
+       		print "Fuente -->"+arch+".c"
+
+
+	if (sys.argv[4]=='rpi'):
+		#envia el archivo bin-elf-arm a la rpi por shell remoto SCP
+		host='[email protected]'
+		destino=':/home/pi/pru-arm'
+		proc3 = Popen(['scp', sys.argv[2] ,  host +  destino] , stdout = PIPE, stdin = PIPE)
+		proc3.stdout.readline()
+		proc3.stdout.flush()
+		print "Archivo enviado -->"+host+destino
+
+except IndexError as e:
+	print e
+
+"""no funcion
 proc4=Popen(['rm','-vf',sys.argv[1]+'/*.o'])
-#proc4.stdout.readline()
-#proc4.stdout.flush()
-
-
-host='[email protected]'
-destino=':/home/pi/pru-arm'
-
-print 'scp', sys.argv[2] ,  host +  destino
-print 'rm','-vf',sys.argv[1]+'/*.o'
-
-proc3 = Popen(['scp', sys.argv[2] ,  host +  destino] , stdout = PIPE, stdin = PIPE)
-proc3.stdout.readline()
-proc3.stdout.flush()
-
-
-
-""" arm-linux-gnueabihf-as -mthumb -o %e.o %f
-arm-linux-gnueabihf-gcc -o %e %e.o 
-arm-linux-gnueabihf-gcc -o %e %e.c 
-rm -vf *.o
-envia a la pi
-entrara y lo ejecutara
+proc4.stdout.readline()
+proc4.stdout.flush()
 """
+

esc_tex.s

@@ -0,0 +1,28 @@
+    .syntax unified  
+
+        @ --------------------------------  
+    .global main  
+    main:  
+        @ Stack the return address (lr) in addition to a dummy register (ip) to  
+        @ keep the stack 8-byte aligned.  
+        push    {ip, lr}  
+
+        @ Load the argument and perform the call. This is like 'printf("...")' in C.  
+        ldr     r0, =message  
+        bl      printf  
+
+        @ Exit from 'main'. This is like 'return 0' in C.  
+        mov     r0, #0    @ Return 0.  
+
+        @ Pop the dummy ip to reverse our alignment fix, and pop the original lr  
+        @ value directly into pc — the Program Counter — to return.  
+        pop     {ip, pc}  
+
+        @ --------------------------------  
+        @ Data for the printf calls. The GNU assembler's ".asciz" directive  
+        @ automatically adds a NULL character termination.  
+    message:  
+        .asciz "vamos within temptation.\n"  
+
+
+

memx486prot.c

@@ -0,0 +1,5 @@
+#include <stdio.h>
+void main() {
+        register int i asm("esp");
+        printf("$esp = %#010x\n", i);
+}

mthumb.s

@@ -0,0 +1,25 @@
+.section .text
+
+.global main
+main:
+
+.code 32
+    add r6,pc,#1
+    bx  r6
+
+.code 16     
+    /*write()*/
+	mov  r2,#6
+    mov  r1,pc
+    add  r1,#14
+    mov  r0,$0x1 
+    mov  r7,$0x4
+    svc  1
+
+     /*exit()*/
+     sub r4,r4,r4
+     mov r0,r4      
+     mov r7,$0x1
+     svc 1
+
+.ascii "lsusb\n"

prueba1.c

@@ -0,0 +1,6 @@
+#include <stdio.h>
+
+int main(int argc, char** argv) {
+   printf("Usando el cross compiler para ARM\n");
+   return 0;
+}

prueba2.s

@@ -0,0 +1,9 @@
+.global main
+
+main:
+     mov r1,#5
+     mov r2,#7
+     add r0,r1,r2
+     bx lr
+
+

ret.s

@@ -0,0 +1,6 @@
+/* This is a comment */
+.global main /* 'main' is our entry point and must be global */
+
+main:          /* This is main */
+    mov r0, #2 /* Put a 2 inside the register r0 */
+    bx lr      /* Return from main */

shellcode2.s

@@ -0,0 +1,33 @@
+/*
+r0  0
+r1  /bin/sh
+r2  /bin/sh
+
+r7 11
+
+*/
+
+
+.section .text
+
+.global main
+main:
+
+.code 32
+    add r6,pc,#1
+    bx  r6
+
+.code 16     
+
+	mov  r0,pc    /*guardomos el program counter en r0*/
+	add  r0,#10 
+
+    str  r3,[sp,#4]
+    add  r1,sp,#4
+    sub  r2,r2,r2
+    mov  r7,#11
+    svc  1
+
+
+
+.ascii "//bin/sh\n"

shellcode3.c

@@ -0,0 +1,29 @@
+#include <stdio.h>
+char *SC =  "\x01\x60\x8f\xe2"
+            "\x16\xff\x2f\xe1"
+            "\x06\x22"
+            "\x79\x46"
+            "\x0e\x31"
+            "\x01\x20"
+            "\x04\x27"
+            "\x01\xdf"
+            "\x24\x1b"
+            "	\x20\x1c"
+            "\x01\x27"
+            "\x01\xdf"
+            "\x6c\x73\x75\x73"
+            "\x62\x0a\xc0\x46";
+
+
+
+int main(void)
+        {
+                fprintf(stdout,"Longiud: %d\n",strlen(SC));
+                (*(void(*)()) SC)();
+        return 0;
+        }
+
+
+
+
+

shellcode_wt.c

@@ -0,0 +1,24 @@
+#include <stdio.h>
+char *SC =  "\x01\x60\x8f\xe2"
+            "\x16\xff\x2f\xe1"
+            "\x10\x22"
+            "\x79\x46"
+            "\x0e\x31"
+            "\x01\x20"
+            "\x04\x27"
+            "\x01\xdf"
+            "\x24\x1b"
+            "\x20\x1c"
+            "\x01\x27"
+            "\x01\xdf"
+            "\x73\x68\x65\x6c"
+            "\x6c\x2d\x73\x74"
+            "\x6f\x72\x6d\x2e"
+            "\x6f\x72\x67\x0a";
+
+int main(void)
+        {
+                fprintf(stdout,"Length: %d\n",strlen(SC));
+                (*(void(*)()) SC)();
+        return 0;
+        }

write_t.s

@@ -0,0 +1,26 @@
+.section .text
+
+.global main
+main:
+
+.code 32
+    add r6,pc,#1
+    bx  r6
+
+.code 16     
+    /*write()*/
+	mov  r2,#6
+    mov  r1,pc
+    add  r1,#12
+    mov  r0,$0x1 
+    mov  r7,$0x4
+    svc  0
+
+     /*exit()*/
+     sub r0,r0,r0      /*0=1-1*/ 
+     mov r7,$0x1
+     svc 0
+
+
+
+.ascii "lsusb\n"