Get the latest tech news

Polymorphic Shellcode (2023)

shellcode As part of my emulator explorations I went down a curiosity rabbit hole about polymorphic shellcode and learned about something fun I'd like to share with you! The world of exploits is pretty sophisticated and if you're not into it it can be hard to follow. (I recently saw some Twitter poll go by that was like "does anyone actually understand any posts from the Project Zero blog?") I personally love reading about it — my earliest computer wizard friends came from the hacking scene — but in this post I aim to be high level enough that an interested reader who isn't as into it could follow.

I personally love reading about it — my earliest computer wizard friends came from the hacking scene — but in this post I aim to be high level enough that an interested reader who isn't as into it could follow. For some examples, the SGN encoder can use different registers for the various variables, it can write addition as subtracting a negative, and it can do the code++ earlier and adjust the math in other expressions to accommodate for it. And further, it represents the steps of the code (the initialization logic, which is more complex than sketched out here) in a dependency graph such that it can reorder parts that aren't interdependent.

Get the Android app