* OT: A self-extracting executable tiny ELF32 payload
@ 2026-06-24 8:56 Roberto A. Foglietta
2026-06-29 17:03 ` Roberto A. Foglietta
0 siblings, 1 reply; 2+ messages in thread
From: Roberto A. Foglietta @ 2026-06-24 8:56 UTC (permalink / raw)
To: isar-users
# uzpexec
https://github.com/robang74/gzcmd.sh/blob/main/README.md#uzpexec
> [!NOTE]
>
> Suggested file extension: **`.uzp`**
Utility for executing an ELF binary directly from stdin pipe:
- it runs binary via SSH/wget
- it runs gzip compressed binary
- it self-extract and execute
without writing it on the remote/local systems (memfd_create).
```sh
make clean tests
```
The [uzpexec](uzpexec.asm) (micro gzip pipe exec, written in
Assembler) replaces the previous `upexec` comparison which offers as
extra the integrated support for `gzip` inflate on the standard input
pipe. Pre-compiled v0.68 elf32 available
[here](https://github.com/robang74/working-in-progress/raw/refs/heads/main/uchaosys.qemu/uzpexec).
#### USAGE
- `{ cat uzpexec; gzip -7c $elf; } > $elf.uzp`
- `cp uzpexec $elf.uzp; gzip -c $elf >> $elf.uzp`
- `wget $url/$elf[.gz] -O- | uzpexec [args]`
It works as a single block 512-bytes self-inflating executable payload
replacing also `gzcmd.sh` with the sole requirement of `/bin/zcat`
available.
---
### Quick customisations
Quick customisations by `sed` and other stings-based editor is supported:
- `{ cat uzpexec | sed 's/zcat\x00/xzcat/'; xz -7c $elf; } > $elf.uxp`
Alternative to `zcat` are `xzcat` for XZ compression, or `lzcat` for LZMA.
The alternatives that are natively compatible with `-f -` are fully supported.
```
; =====================================================================
; COMPACT DATA SECTION (Appended to code)
; =====================================================================
copy_vers: db "(c) 2026 robang74 l.MIT v0.68 git.new/ttRvFBu", 0
; filename can be changed by sed up to 7 chars + ending \0
; zcat -f is cat when input isn't gzip, options up to -6c\0
; /bin/zcat can be changed by sed up to 31 chars + ending \0
; - for example: /usr/local/bin/xzcat is 20 chars + ending \0
; eof_strng helps to find the EOF, and where \0 padding starts
filename: db "uzpexec", 0
zcat_path: db "/bin/zcat", 0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0
force_arg: db "-f", 0,0, 0,0,0,0
dash_arg: db "-", 0,0,0, 0,0,0,0
eof_strng: db "elf_eof", 0
; =====================================================================
; PADDING: Aligned exactly to 512 bytes (as per skip request)
; =====================================================================
file_end: ; Physical end of the binary file!
times (512 - ($ - $$)) db 0 ; Padding to 512 bytes for skip=1
```
Since `zcat` is a shell script, it can be changed to pair the input
with the proper decompressing tool. While a tiny `xcat` binary in ASM
would be much faster in properly pairing the matches.
Best regards,
--
Roberto A. Foglietta
+49.176.274.75.661
+39.349.33.30.697
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/CAJGKYO6ak7TT1OKcYHFmomJnRt_2ovEUfLENa5SOYPh0%2BNY6jg%40mail.gmail.com.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-06-29 17:04 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-24 8:56 OT: A self-extracting executable tiny ELF32 payload Roberto A. Foglietta
2026-06-29 17:03 ` Roberto A. Foglietta
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox