Ragg2-cc is now completely erased from r2 (merged into ragg2) (#9996)

2018-05-02 20:34:30 +02:00 · 2018-05-02 20:34:30 +02:00 · 78ce646cf6
parent 5180e0220f
commit 78ce646cf6
6 changed files with 21 additions and 463 deletions
--- a/binr/Makefile
+++ b/binr/Makefile
@ -28,11 +28,9 @@ install:
 		${INSTALL_PROGRAM} "$$BINARY/$$BINARY" "${DESTDIR}${BINDIR}/$$BINARY" ; \
 	done
 	${INSTALL_SCRIPT} "$(BTOP)/r2pm/r2pm" "${DESTDIR}${BINDIR}/r2pm"
-	rm -f "${DESTDIR}${BINDIR}/ragg2-cc"
 	rm -rf "${DESTDIR}${DATADIR}/radare2/${VERSION}/r2pm"
 	#mkdir -p "${DESTDIR}${DATADIR}/radare2/${VERSION}/r2pm"
 	#cp -rf r2pm/d/* "${DESTDIR}${DATADIR}/radare2/${VERSION}/r2pm"
-	${INSTALL_SCRIPT} ragg2/ragg2-cc "${DESTDIR}${BINDIR}/ragg2-cc"
 	-cd "${DESTDIR}${BINDIR}" && rm -f r2 ; ln -fs radare2 r2
 ifeq ($(WITHPIC),1)
 	${INSTALL_LIB} "preload/libr2.$(EXT_SO)" "${DESTDIR}${LIBDIR}"
@ -48,7 +46,6 @@ symstall install-symlink:
 	cd .. && \
 	mkdir -p "${DESTDIR}${BINDIR}" && \
 	for BINARY in ${BINS} ; do ln -fs "${BTOP}/$$BINARY/$$BINARY" "${DESTDIR}${BINDIR}/$$BINARY" ; done
-	cd .. && ln -fs "${BTOP}/ragg2/ragg2-cc" "${DESTDIR}${BINDIR}/ragg2-cc"
 	cd .. && ln -fs "${BTOP}/r2pm/r2pm" "${DESTDIR}${BINDIR}/r2pm"
 	cd .. && rm -rf "${DESTDIR}${DATADIR}/radare2/${VERSION}/r2pm"
 	cd .. && mkdir -p "${DESTDIR}${DATADIR}/radare2/${VERSION}/"
@ -62,7 +59,6 @@ symstall install-symlink:
 deinstall uninstall:
 	-cd .. ; \
 	for BINARY in ${BINS} ; do rm -f "${DESTDIR}${BINDIR}/$$BINARY" ; done ; \
-	rm -f "${DESTDIR}${BINDIR}/ragg2-cc" ; \
 	rm -f "${DESTDIR}${BINDIR}/r2pm" ; \
 	rm -f "${DESTDIR}${BINDIR}/r2"

--- a/binr/ragg2/ragg2-cc
+++ b/binr/ragg2/ragg2-cc
@ -1,320 +0,0 @@
-#!/bin/sh
-# ragg2-cc : a shellcode compiler -- pancake - 2011-2016
-#
-# Supported operating systems:
-#  - GNU/Linux
-#  - OSX
-#  - BSD
-# Supported compilers
-#  - gcc
-#  - clang
-# TODO
-#  add support for arm
-#  add support for nested shellcodes
-
-# Find which compiler is installed
-if [ -z "${CC}" ]; then
-	for a in llvm-gcc clang gcc ; do
-		$a --version >/dev/null 2>&1
-		if [ $? = 0 ]; then
-			CC="$a"
-			break
-		fi
-	done
-	if [ -z "${CC}" ]; then
-		echo "Cannot find CC" >&2
-		exit 1
-	fi
-fi
-
-# Get path for sflib
-if [ -z "${SFLIBPATH}" ]; then
-	SFLIBPATH="$(r2 -hh | grep INCDIR | awk '{print $2}')"/sflib
-fi
-if [ ! -d "${SFLIBPATH}" ]; then
-	echo "Cannot find ${SFLIBPATH}"
-	echo "Define SFLIBPATH env var or fix the r2 installation"
-	exit 1
-fi
-
-# Get local architecture
-case "$(uname -m)" in
-arm64|aarch64|x86_64)
-	B=64
-	;;
-*)
-	B=32
-	;;
-esac
-
-dohelp() {
-	cat<<EOF
-Usage: ragg2-cc [-cdsvx] [-a arch] [-b bits] [-k kernel] [-o output] [file.c]
-  -a x86   set arch (x86, arm)
-  -b 32    bits (32, 64)
-  -c       generate compiled shellcode
-  -d       enable debug mode
-  -k linux set kernel (darwin, linux)
-  -o file  set output file
-  -s       generate assembly
-  -v       show version
-  -x       show hexpair bytes
-EOF
-}
-
-case "`uname`" in
-Darwin)
-	K=darwin
-	;;
-*)
-	K=linux
-	;;
-esac
-
-X=0
-C=""
-D=""
-O=""
-F=""
-ASM=0
-A=x86
-while : ; do
-	[ -z "$1" ] && break
-	F=$1
-	case "$F" in
-	-a) # architecture (x86, mips, arm)
-		shift
-		A=$1
-		[ -z "$A" ] && { echo "Missing argument for -a" ; exit 1; }
-		;;
-	-b)  # register size (32, 64, ...)
-		shift
-		B=$1
-		[ -z "$B" ] && { echo "Missing argument for -b" ; exit 1; }
-		;;
-	-k)  # kernel
-		shift
-		K=$1
-		[ -z "$K" ] && { echo "Missing argument for -k" ; exit 1; }
-		;;
-	-x)  # execute
-		X=1
-		;;
-	-c)  # set configuration option
-		C=1
-		;;
-	-d)  # patch dword (4 bytes) at given offset
-		D=1
-		;;
-	-s)  # show assembler
-		ASM=1
-		;;
-	-o)  # output file
-		shift
-		O=$1
-		if [ -z "$O" ]; then
-			echo "Missing argument for -o"
-			exit 1
-		fi
-		;;
-	-h)  # help
-		dohelp
-		exit 0
-		;;
-	-v)  # version
-		ragg2 -v | sed -e 's,2,2-cc,'
-		exit 0
-		;;
-	esac
-	shift
-done
-
-if [ -z "$F" ]; then
-	dohelp
-	exit 1
-fi
-
-JMP=jmp
-case "$A" in
-arm|aarch64|arm64|thumb|arm32)
-	JMP=b
-	;;
-mips|mips32|mips64)
-	JMP=b
-	;;
-esac
-
-FMT=elf
-if [ "$K" = darwin ]; then
-	OBJCOPY=gobjcopy
-	FMT=mach0
-	ARCH="$A"
-	if [ "$ARCH" = x86 ]; then
-		if [ "${B}" = 32 ]; then
-			ARCH=i386
-			TRIPLET=darwin-x86-32
-		else
-			ARCH=x86_64
-			TRIPLET=darwin-x86-64
-		fi
-		case "$B" in
-		32)
-			CFLAGS="-arch $ARCH "
-			LDFLAGS="-arch $ARCH -shared -c"
-			;;
-		64)
-			CFLAGS="-arch $ARCH"
-			LDFLAGS="-arch $ARCH -shared -c"
-			;;
-		esac
-	else
-		LDFLAGS="-shared -c"
-	fi
-	SHDR="
-.text
-${JMP} _main"
-else
-	OBJCOPY=objcopy
-	SHDR="
-.section .text
-.globl  main
-// .type   main, @function
-${JMP} main
-"
-	if [ "$A" = x86 ]; then
-		case "$B" in
-		64)
-			CFLAGS="-fPIC -fPIE -pie -fpic -m64"
-			LDFLAGS="-fPIC -fPIE -pie -fpic -m64"
-			TRIPLET=linux-x86-64
-			;;
-		*) 
-			CFLAGS="-fPIC -fPIE -pie -fpic -m32"
-			LDFLAGS="-fPIC -fPIE -pie -fpic -m32"
-			TRIPLET=linux-x86-32
-			;;
-		esac
-	else
-		CFLAGS="-fPIC -fPIE -pie -fpic -nostartfiles"
-		LDFLAGS="-fPIC -fPIE -pie -fpic -nostartfiles"
-	fi
-fi
-
-[ "$A$K" ] && TRIPLET="$K-$A-$B"
-
-case "$K" in
-windows)
-	#TEXT="__TEXT.__text"
-	TEXT=".text"
-	FMT=pe
-	;;
-darwin)
-	#TEXT="__TEXT.__text"
-	#TEXT="0.__text"
-	TEXT=0.__TEXT.__text
-	FMT=mach0
-	;;
-*|linux)
-	TEXT=".text"
-	FMT=elf
-	;;
-esac
-
-USE_CLANG=0
-case "$K-$A-$B" in
-darwin-arm-64)
-	CC="xcrun --sdk iphoneos gcc -arch arm64 -miphoneos-version-min=0.0"
-	USE_CLANG=1
-	TEXT=0.__TEXT.__text
-	;;
-darwin-arm-32)
-	USE_CLANG=1
-	CC="xcrun --sdk iphoneos gcc -arch armv7 -miphoneos-version-min=0.0"
-	TEXT=0.__TEXT.__text
-	;;
-esac
-
-OPT=-Os
-CFLAGS="${CFLAGS} -nostdinc -include ${SFLIBPATH}/${TRIPLET}/sflib.h"
-if [ 1 = "${USE_CLANG}" ]; then
-	CFLAGS="${CFLAGS} -fomit-frame-pointer -fno-zero-initialized-in-bss"
-else
-	CFLAGS="${CFLAGS} -z execstack -fomit-frame-pointer -finline-functions -fno-zero-initialized-in-bss"
-fi
-LDFLAGS="${LDFLAGS} -nostdlib"
-
-
-rmtemps() {
-	[ -z "$D" ] && rm -f $F.tmp $F.text $F.s $F.o
-}
-
-fail() {
-	echo "ERROR: $@"
-	rmtemps
-	exit 1
-}
-
-if [ "$D" ]; then
-	echo "==> Compile"
-	echo "${CC} ${CFLAGS} -o $F.tmp -S ${OPT} $F"
-fi
-rm -f "$F.bin"
-echo ${CC} ${CFLAGS} -o "$F.tmp" -S ${OPT} "$F"
-${CC} ${CFLAGS} -o "$F.tmp" -S ${OPT} "$F" || fail
-echo "${SHDR}" > $F.s
-cat "$F.tmp" \
-	| sed -e s,rdata,text, -e s,rodata,text, -e 's,get_pc_thunk.bx,__getesp__,g' \
-	| grep -v .cstring | grep -v size | grep -v ___main | grep -v section \
-	| grep -v __alloca | grep -v zero | grep -v cfi >> $F.s
-rm -f "$F.tmp"
-if [ $ASM = 1 ]; then
-	echo "$F.s"
-	exit 0
-fi
-
-echo ==============================
-
-if [ "$D" ]; then
-	echo "==> Assemble"
-	echo "${CC} ${LDFLAGS} ${OPT} -o $F.o $F.s"
-fi
-echo "${CC} ${LDFLAGS} ${OPT} -o $F.o $F.s"
-${CC} ${LDFLAGS} ${OPT} -o "$F.o" "$F.s" || fail 'compile object'
-
-if [ "$D" ]; then
-	echo "==> Link"
-	#echo "${OBJCOPY} -j .text -O binary $F.o $.text"
-	echo "rabin2 -o '$F.text' -O d/S/${TEXT} $F.o"
-fi
-rabin2 -o "$F.text" -O d/S/${TEXT} $F.o
-if [ ! -f "$F.o" ]; then
-	echo "Cannot find $F.o"
-	exit 1
-fi
-if [ "`du $F.text|awk '{print $1}'`" = 0 ]; then
-	# use objcopy as falback for rabin2
-	echo "FALLBACK: Using objcopy instead of rabin2"
-	${OBJCOPY} -j .text -O binary $F.o $F.text || fail
-fi
-if [ "$C" = 1 ]; then
-	if [ "$O" ]; then
-		mv "$F.text" "$O"
-	else
-		O="$F.text"
-	fi
-	echo "$O"
-	exit 0
-fi
-
-[ "$X" = 1 ] && exec rax2 -S < "$F.text"
-
-if [ "$D" ]; then
-#	hexdump -C $F.text
-	rax2 -S - < $F.text
-	ls -l $F.text
-fi
-[ -z "$O" ] && O="$F.bin"
-ragg2 -b "$B" -C "$F.text" -f ${FMT} -a $A -o "$O" || fail "ragg2 cannot generate executable. Use -x"
-echo "$O"
-rmtemps
-exit 0
--- a/doc/zsh/_ragg2-cc
+++ b/doc/zsh/_ragg2-cc
@ -1,45 +0,0 @@
-#compdef ragg2-cc
-local context state state_descr line
-local -i ret=1
-
-r2_qc() {
-  r2 -qc $1 --
-}
-
-_ragg2-cc() {
-  local -a options=(
-  '-a+[select architecture (x86, mips, arm)]: :->arch'
-  '-b+[register size (32, 64, ..)]:bits:(32 64)'
-  '-c[generate compiled shellcode]'
-  '-d[enable debug mode]'
-  "-k+[set kernel]: :->asm.os"
-  '-o+[set output file]: :_files'
-  '-s[generate assembly]'
-  '-v[show version]'
-  '-x[show hexpair bytes]'
-  )
-
-  _arguments -S -s : $options '1:file:_files' && ret=0
-
-  case $state in
-    arch)
-      local -a sub=(${(f)"$(r2_qc 'e asm.arch=?~[2,4-99]' | sed -E 's/ (.*)/[\1]/')"})
-      _values 'arch' $sub && ret=0
-      ;;
-    asm.os)
-      _values 'asm.os' $(r2_qc 'e asm.os=?') && ret=0
-      ;;
-  esac
-  return ret
-}
-
-_ragg2-cc "$@"
-
-# Local Variables:
-# mode: shell-script
-# coding: utf-8-unix
-# indent-tabs-mode: nil
-# sh-indentation: 2
-# sh-basic-offset: 2
-# End:
-# vim: ft=zsh sw=2 sts=2 et
--- a/man/ragg2-cc.1
+++ b/man/ragg2-cc.1
@ -1,86 +0,0 @@
-.Dd Sep 30, 2014
-.Dt RAGG2-CC 1
-.Sh NAME
-.Nm ragg2-cc
-.Nd CC frontend for compiling shellcodes
-.Sh SYNOPSIS
-.Nm ragg2-cc
-.Op Fl a Ar arch
-.Op Fl b Ar bits
-.Op Fl k Ar kernel
-.Op Fl o Ar file
-.Op Fl dscxvh
-.Sh DESCRIPTION
-ragg2-cc is a frontend of CC. It is used to creates tiny binaries (1KB) or shellcodes in binary or hexpairs from a C source.
-.Pp
-The compiler used is the one configured by the CC environment. This has been tested with gcc, llvm-gcc and clang.
-.Pp
-Uses sflib (shellforge4) includes to get the syscall definitions.
-.Pp
-Only linux/darwin x86-32/64 is supported at the moment. Planned support for more architectures.
-.Sh OPTIONS
-.Pp
-.Bl -tag -width Fl
-.It Fl a Ar arch
-set architecture x86, arm
-.It Fl b Ar bits
-32 or 64
-.It Fl k Ar kernel
-windows, linux or osx
-.It Fl o Ar file
-output file to write result of compilation
-.It Fl h
-show help message
-.It Fl v
-show version
-.It Fl d
-show assembler code
-.It Fl s
-generate assembly file
-.It Fl c
-generate compiled shellcode
-.It Fl x
-show hexpair bytes
-.El
-.Sh EXAMPLE
-.Pp
-  $ cat hi.c
-  int main() {
-    write (1, "Hello World\\n", 12);
-    exit (0);
-  }
-.Pp
-  $ ragg2-cc hi.c
-  hi.c.bin
-.Pp
-  # Linked into a tiny binary. This is 294 bytes
-  $ wc \-c < hi.c.bin
-     294
-.Pp
-  $ ./hi.c.bin
-  Hello World
-.Pp
-  # The compiled shellcode has zeroes
-  $ ragg2-cc \-x hi.c
-  e90000000083ec0ce800000000588d882a000000b804000000606a0651
-  6a0150cd8083c41061b8010000006a0050cd8083c40883c40cc368656c
-  6c6f0a00
-.Pp
-  # Use a xor encoder with key 32 to bypass
-  $ ragg2 \-e xor \-c key=32 \-B `ragg2-cc \-x hi.c`
-  6a3e596a205be8ffffffffc15e4883c60d301e48ffc6e2f9c920202020
-  a3cc2cc82020202078ada80a2020209824202020404a26714a2170eda0
-  a3e4304198212020204a2070eda0a3e428a3e42ce348454c4c4f2a20
-.Sh SEE ALSO
-.Pp
-.Xr radare2(1) ,
-.Xr rahash2(1) ,
-.Xr rafind2(1) ,
-.Xr rabin2(1) ,
-.Xr rafind2(1) ,
-.Xr radiff2(1) ,
-.Xr rasm2(1) ,
-.Xr ragg2cc(1) ,
-.Sh AUTHORS
-.Pp
-pancake <pancake@nopcode.org>
--- a/man/ragg2.1
+++ b/man/ragg2.1
@ -32,9 +32,7 @@ This tool is experimental and it is a rewrite of the old rarc2 and rarc2-tool pr
 .Pp
 Programs generated by r_egg are relocatable and can be injected in a running process or on-disk binary file.
 .Pp
-ragg2-cc is another tool that comes with r2 and it is used to generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process.
-.Pp
-ragg2-cc is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported.
+Since the ragg2-cc merge, ragg2 can now generate shellcodes from C code. The final code can be linked with rabin2 and it is relocatable, so it can be used to inject it on any remote process. This feature is conceptually based on shellforge4, but only linux/osx x86-32/64 platforms are supported.
 .Sh DIRECTIVES
 .Pp
 The rr2 (ragg2) configuration file accepts the following directives, described as key=value entries and comments defined as lines starting with '#'.
@ -106,15 +104,31 @@ output in C string syntax
  $ ./hi
  hi!
 .Pp
-.Pp
+  # With C file :
  $ cat hi.c
  main() {
-    write(1, "Hello\n", 6);
+    write(1, "Hello\\n", 6);
    exit(0);
  }
-  $ ragg2 hi.c
-  $ ./hi.c.bin
+  $ ragg2 -O -F hi.c
+.Pp
+  $ ./hi
  Hello
+.Pp
+  # Linked into a tiny binary. This is 165 bytes
+  $ wc \-c < hi
+    165
+.Pp
+  # The compiled shellcode has zeroes
+  $ ragg2 hi.c | tail -1
+  eb0748656c6c6f0a00bf01000000488d35edffffffba06000000b8010
+  000000f0531ffb83c0000000f0531c0c3
+.Pp
+  # Use a xor encoder with key 64 to bypass
+  $ ragg2 \-e xor \-c key=64 \-B $(ragg2 hi.c | tail -1)
+  6a2d596a405be8ffffffffc15e4883c60d301e48ffc6e2f9ab4708252
+  c2c2f4a40ff4140404008cd75adbfbfbffa46404040f8414040404f45
+  71bff87c4040404f45718083
 .Sh SEE ALSO
 .Pp
 .Xr radare2(1) ,
--- a/sys/shellcheck.sh
+++ b/sys/shellcheck.sh
@ -1,7 +1,6 @@
 #!/bin/sh
 fileslist=(
 ./autogen.sh
-./binr/ragg2/ragg2-cc
 ./binr/rax2/test-rax2.sh
 ./binr/r2pm/r2pm
 ./configure