defuse / defuse.ca

The source code to my defuse.ca website.
67 stars 18 forks source link

Online assembler tool issue #27

Open mdziczkowski opened 1 year ago

mdziczkowski commented 1 year ago

Hello. I tryed to do a simple assembler code in your tool and after entering the example code:

SECTION .text
   GLOBAL _start

_start:
  MOV ecx,msg
  MOV ebx,1
  MOV eax,4
  INT 0x80
  MOV eax,1
  INT 0x80

SECTION .data
  MSG DB 'First code', 0xa

I had recieved an error:

Sorry, your input is too big or contains unsafe directives! 
The period (.) character must not appear anywhere in your source code.

Please correct the code on website to make it wotk

defuse commented 1 year ago

The way it's written it only supports raw assembly instructions, one per line. You can enter this:

MOV ecx,msg
MOV ebx,1
MOV eax,4
INT 0x80
MOV eax,1
INT 0x80

And get the assembly:

Raw Hex (zero bytes in bold):

8B0D00000000BB01000000B804000000CD80B801000000CD80   

String Literal:

"\x8B\x0D\x00\x00\x00\x00\xBB\x01\x00\x00\x00\xB8\x04\x00\x00\x00\xCD\x80\xB8\x01\x00\x00\x00\xCD\x80"

Array Literal:

{ 0x8B, 0x0D, 0x00, 0x00, 0x00, 0x00, 0xBB, 0x01, 0x00, 0x00, 0x00, 0xB8, 0x04, 0x00, 0x00, 0x00, 0xCD, 0x80, 0xB8, 0x01, 0x00, 0x00, 0x00, 0xCD, 0x80 }
Disassembly:

0:  8b 0d 00 00 00 00       mov    ecx,DWORD PTR ds:0x0
6:  bb 01 00 00 00          mov    ebx,0x1
b:  b8 04 00 00 00          mov    eax,0x4
10: cd 80                   int    0x80
12: b8 01 00 00 00          mov    eax,0x1
17: cd 80                   int    0x80

Commands (like .byte, etc.) are unsupported because some of them would allow executing code on the web server.

I could re-architect it so that each invocation gets safely run in a sandbox that gets blown away after every request, supporting everything that gcc can do, but I probably won't have time do that. It's mainly intended to be useful for shellcode development, where you need to be able to rapidly see what short sequences of instructions assemble to. Thanks for the feature request!

mdziczkowski commented 1 year ago

hello. Could the tool become edited that the tool would run the code in a sandboxed environment on the server, allowing a multi-line code?

It would be helpfull if sone one would like to test code, but doesn't has needed environment on his/her hardware