The Witchcraft Compiler Collection by @endrazine

In case you missed Defcon 24 or were there and happened to miss this talk, this is some amazing stuff. It’s called the Witchcraft Compiler Collection (WCC) by my co-worker and friend, Jonathan Brossard.

Some things you can do with WCC:

  • Transforming ET_EXEC ELF executables into shared libraries (id est: transforming an executable into a shared library !) Demoed this by patching proftpd into a shared library and then calling functions in it from C.
  • Unlinking ELF binaries into relocatable object files, then relink them back using gcc and verify they still work !
  • Running OpenBSD binaries natively on linux by relinking it. 0 patching required !
  • Using ET_DYN executables as shared libraries (Used /usr/sbin/apache2 as a shared library ! Called internal functions from C code)
  • Prototyping exploits from symbolic execution partial traces (did a live exploit from an old version of Samba)
  • In memory JIT translation from ARM to Intel x86_64 + debugging : did a demo on running a ARM library natively on amd64 linux with inprocess JIT binary translation.

Abstract of the talk : https://defcon.org/html/defcon-24/dc-24-speakers.html#Brossard

The slides are available here : https://github.com/endrazine/wcc/blob/master/doc/presentations/Jonathan_Brossard_Witchract_Compiler_Collection_Defcon24_2016.pdf

The codebase is available here : https://github.com/endrazine/wcc under MIT License (proper open source).

The code for all the demos is available here : https://github.com/endrazine/wcc/tree/master/doc/presentations/demos_defcon24_2016

Check it out!

This entry was posted in Open Source, Security, Uncategorized. Bookmark the permalink.