Challenge: Shellcode with unique bytes

Question

Is it possible to have a (small) shellcode with unique bytes only?

So far I noticed the smallest shellcode I can find online is 19 bytes for Linux x86, but it does repeat bytes, especially the "/" from "/bin/sh" and even some opcodes contain repeating bytes. Noticed a nice trick on x86_64 where you can

mov rax, 0xFF978CD091969DD1 ; garbage at first look
neg rax                     ; rax = /bin/sh

But still some bytes from the opcodes repeat. Does anyone know a solution for either x86 or x86_64?

score 1 · Accepted Answer · answered Nov 07 '17 at 15:34

1

Came up with this in the mean time which respects the conditions and is quite short:

mov rbx, 0x68732f6e696221
or r8b, 0xe
add rbx, r8
push rbx    
push rsp
pop rdi
mov al, 0x3b
Syscall

answered Nov 07 '17 at 15:34

Alex

131
3

Challenge: Shellcode with unique bytes

1 Answers1