A tiny framework for easily manipulate the tty and create fake binaries.

How it works?

The framework has three main functions, tas_execv, tas_forkpty, and tas_tty_loop.

  • tas_execv: It is a function similar to execv, but it doesn’t re-execute the current binary, something very useful for creating fake binaries.

  • tas_forkpty: Is the same as forkpty, but it fills a custom structure, check forkpty man page for more details.

  • tas_tty_loop: here is where the manipulation of the tty happen, you can set a hook function for the input and output, so it is possible to store the keys typed by the user or manipulate the terminal output. (see leet-shell).

This is a superficial overview, check the codes in tas/fakebins/fun folders to understand how it really works.


Microsoft Application Inspector is a software source code analysis tool that helps identify and surface well-known features and other interesting characteristics of source code to aid in determining what the software is or what it does. It has received attention on ZDNet, SecurityWeek, CSOOnline, Linux.com/news, HelpNetSecurity, Twitter and more and was first featured on Microsoft.com.


Welcome to 0x1.gitlab.io my personal blog to share my knowledge
Cyber Security, Ethical Hacking, Web & Network Auditing, Reverse Engineering and Cryptography
Website semi-configured to use with No-Script. No ADS and No use analytics tracking.


Forum : @0x1

© 0x1 | Cyber Security Consulting - Copyright All Rights Reserved