From 86ee77ffb045cb52290ea91f2d955a137cd1c3a5 Mon Sep 17 00:00:00 2001
From: Tim <timrlw@gmail.com>
Date: Thu, 31 Aug 2017 18:33:09 +0800
Subject: [PATCH] add aarch64 nops and fix aarch64 cmdstager

---
 lib/msf/util/exe.rb            |  8 +++++++
 modules/nops/aarch64/simple.rb | 43 ++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 modules/nops/aarch64/simple.rb

diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 7be5510b23..84f211c961 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -165,6 +165,14 @@ require 'msf/core/exe/segment_appender'
       # XXX: Add remaining ARMLE systems here
     end
 
+    if arch.index(ARCH_AARCH64)
+      if plat.index(Msf::Module::Platform::Linux)
+        return to_linux_aarch64_elf(framework, code)
+      end
+
+      # XXX: Add remaining AARCH64 systems here
+    end
+
     if arch.index(ARCH_PPC)
       if plat.index(Msf::Module::Platform::OSX)
         return to_osx_ppc_macho(framework, code)
diff --git a/modules/nops/aarch64/simple.rb b/modules/nops/aarch64/simple.rb
new file mode 100644
index 0000000000..29a0244d80
--- /dev/null
+++ b/modules/nops/aarch64/simple.rb
@@ -0,0 +1,43 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+###
+#
+# SingleByte
+# ----------
+#
+# This class implements simple NOP generator for AARCH64
+#
+###
+class MetasploitModule < Msf::Nop
+
+  def initialize
+    super(
+      'Name'        => 'Simple',
+      'Alias'       => 'armle_simple',
+      'Description' => 'Simple NOP generator',
+      'License'     => MSF_LICENSE,
+      'Arch'        => ARCH_AARCH64)
+    register_advanced_options(
+      [
+        OptBool.new('RandomNops', [ false, "Generate a random NOP sled", true ])
+      ])
+  end
+
+  def generate_sled(length, opts)
+    random   = opts['Random']   || datastore['RandomNops']
+    nops = [
+      0xd503201f,          #  nop
+      0xaa0103e1,          #  mov	x1, x1
+      0xaa0203e2,          #  mov	x2, x2
+      0x2a0303e3,          #  mov	w3, w3
+      0x2a0403e4,          #  mov	w4, w4
+    ]
+    if random
+      return ([nops[rand(nops.length)]].pack("V*") * (length/4))
+    end
+    return ([nops[0]].pack("V*") * (length/4))
+  end
+end
\ No newline at end of file