├── README.MD ├── azazelkiller.pl └── remove.s /README.MD: -------------------------------------------------------------------------------- 1 | LD PRELOAD utilities 2 | -------------------------------------------------------------------------------- /azazelkiller.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | use strict; 3 | use warnings; 4 | local $/ = undef; 5 | my $key; 6 | 7 | #here be dragons 8 | sub main () 9 | { 10 | &unpackxor(&readin(&arguments)); 11 | #lol 12 | exit(); 13 | } 14 | 15 | sub arguments () 16 | { 17 | if (@ARGV == 1 || @ARGV == 2) { 18 | if (-f $ARGV[0]) { 19 | $key = $ARGV[1]; 20 | if (@ARGV == 1) { 21 | $key = "0xfe"; 22 | } 23 | return $ARGV[0]; 24 | } 25 | else { 26 | print ("The file specified doesn't exist.\n"); 27 | exit (); 28 | } 29 | } 30 | else { 31 | print "Supply an absolute path to a file and optionally an 0x XOR key.\nThanks.\n"; 32 | exit(); 33 | } 34 | } 35 | 36 | sub readin () 37 | { 38 | open FILE, $_[0] or die("File exists, but we can't read it. Dying"); 39 | binmode FILE; 40 | my $t = unpack("H*",); 41 | close FILE; 42 | if ($t eq "") { 43 | print "Empty file.\n"; 44 | exit(); 45 | } 46 | return $t; 47 | } 48 | 49 | sub unpackxor () 50 | { 51 | my ($bbb) = $_[0] =~ m/73696e2e00(.*?)ffff/; 52 | if ($bbb eq "") { 53 | print "This isn't azazel!\n"; 54 | exit(); 55 | } 56 | my @baa = split(/00/, $bbb); 57 | foreach my $baa(@baa) { 58 | my @hex = unpack("(A2)*",$baa); 59 | foreach my $hex(@hex) 60 | { 61 | $hex = chr(hex($hex) ^ hex($key)); 62 | if ($hex =~ m/[a-zA-Z0-9]/ || $hex eq "=" || $hex eq "."|| $hex eq "/" || $hex eq "_" ) { 63 | print "$hex"; 64 | } 65 | } 66 | print "\n"; 67 | } 68 | } 69 | 70 | &main (); 71 | -------------------------------------------------------------------------------- /remove.s: -------------------------------------------------------------------------------- 1 | BITS 32 2 | 3 | org 0x08048000 4 | 5 | ehdr: ; Elf32_Ehdr 6 | db 0x7F, "ELF", 1, 1, 1, 0 ; e_ident 7 | times 8 db 0 8 | dw 2 ; e_type 9 | dw 3 ; e_machine 10 | dd 1 ; e_version 11 | dd _start ; e_entry 12 | dd phdr - $$ ; e_phoff 13 | dd 0 ; e_shoff 14 | dd 0 ; e_flags 15 | dw ehdrsize ; e_ehsize 16 | dw phdrsize ; e_phentsize 17 | dw 1 ; e_phnum 18 | dw 0 ; e_shentsize 19 | dw 0 ; e_shnum 20 | dw 0 ; e_shstrndx 21 | 22 | ehdrsize equ $ - ehdr 23 | 24 | phdr: ; Elf32_Phdr 25 | dd 1 ; p_type 26 | dd 0 ; p_offset 27 | dd $$ ; p_vaddr 28 | dd $$ ; p_paddr 29 | dd filesize ; p_filesz 30 | dd filesize ; p_memsz 31 | dd 5 ; p_flags 32 | dd 0x1000 ; p_align 33 | 34 | phdrsize equ $ - phdr 35 | 36 | 37 | global _start 38 | section .text 39 | _start: 40 | mov eax, 10 41 | mov ebx, file 42 | int 0x80 43 | mov ebx, eax 44 | mov eax,1 45 | int 0x80 46 | 47 | section .data 48 | file DB '/etc/ld.so.preload' 49 | 50 | filesize equ $ - $$ 51 | --------------------------------------------------------------------------------