seccomp tools v1.6 releases: Provide powerful tools for seccomp analysis
Provide powerful tools for seccomp analysis.
This project is targeted to (but not limited to) analyze seccomp sandbox in CTF pwn challenges. Some features might be CTF-specific, but still useful for analyzing seccomp in real-case.
- Dump – Automatically dump seccomp-bpf from execution file(s).
- Disasm – Convert bpf to human readable format.
- Simple decompile.
- Show syscall names.
- Asm – Write seccomp rules is so easy!
- Emu – Emulate seccomp rules.
- Support multi-architectures.
- Support dumping seccomp on s390x (#167), thanks to @iii-i !
- Add sasm.y as the backend of the new asm compiler (#206, #207)
- This change makes the syntax of asm be significantly more flexible
- disasm/asm: Support “arch.syscall” syntax (#212)
- Raise an error on jump distance > 255 (#245)
$ gem install seccomp-tools
Dump the seccomp bpf from an execution file. This work is done by the
NOTICE: beware of the execution file will be executed.
Disassemble the seccomp from raw bpf.
Assemble the seccomp rules into raw bytes. Very useful when one wants to write custom seccomp rules.
Supports labels for jumping and use syscall names directly. See example below.
Emulate seccomp given
Copyright (c) 2017 david942j