Wonder how much does it takes to write a script to convert all HEX to Assembly Language code ? FIVE with help of Python and Capestone . You might require dissembling  HEX shellcode to Assembly in reverse engineering or exploit analysis or exploit development. There are other dissembling tools like Ollydbg or IDA Pro, but if you would like to use this small tool available as 5 lines of code, here it is how.

First if you dont already have Capestone installed , accquire and install it. It is preinstalled on few pentesting distros like Kali Linux .

On Debian Based Linux ( Ubuntu, Kali, Mint…..)

Open terminal and install using the following command.

 

On Windows

32 Bit Windows Systems

https://github.com/aquynh/capstone/releases/download/3.0.5-rc2/capstone-3.0.5-rc2-python-win32.msi

64 Bit Windows Systems

https://github.com/aquynh/capstone/releases/download/3.0.5-rc2/capstone-3.0.5-rc2-python-win64.msi

The example is a hex format of reverse TCP shellcode developed from msfvenom.

Explanation

  • md = Cs(CS_ARCH_X86, CS_MODE_32): Initialize the class and give two arguments (Hardware Architecure and Hardware mode)
  • for i in md.disasm(shellcode, 0x00): disasm dissambles the hex, its arguments are shellcode and the starting address.
  • print(“0x%x:\t%s\t%s” %(i.address, i.mnemonic, i.op_str)): Print out Address, Operation and Operand.

Result

Save the above code and execute, the following screenshot shows Hex to Assembly python script output

What Do You Think on This ? Say Here