The pitch
As a cybersecurity developer, I am sick and tired of writing assembly and shellcode. I would like prestaged payloads for all targets I touch on a regular basis to enable ethical security research.
What's in the box
- 13 architectures — x86_64, i686, aarch64, armv5 (ARM/Thumb), armv7, s390x, mipsel32, mipsbe32, sparcv8, powerpc, ppc64le, riscv64
- 3 operating systems — Linux, FreeBSD, Windows
- Freestanding C blobs compiled with
-ffreestanding -nostdlib -fPIC -Os - Python API for loading, extracting, introspecting, and assembling blobs
- CLI (
picblobs-cli) for inspecting, building, running, and verifying blobs - Cross-architecture testing via QEMU user-static
- Bazel 9 build system with automatic Bootlin toolchain provisioning
- Kernel toolkit for red team lab exercises
Start here
01 // Read
Introduction
What picblobs is, what it ships, and the verified status.
02 // Concept
How it works
Layperson tour of PIC extraction, with diagrams.
03 // Run
Getting started
Prerequisites, the quick-start loop, and the dev container.
04 // Build
Building
Bazel 9, platform configs, debug vs. release, staging.
// CLI
picblobs-cli
List, info, extract, run, verify, listing, test.
// Full
Guide index
Every chapter, in order.
Build it
source sourceme
./buildall
picblobs-cli verify