The Backdoor Factory (BDF) – Patch Binaries With Shellcode


The Backdoor Factory or BDF is a tool which enables you to patch binaries with shellcode and continue normal execution exactly as the executable binary would have in its’ pre-patched state.

The Backdoor Factory (BDF) - Patch Binaries With Shellcode


Some executables have built in protection, as such this tool will not work on all binaries. It is advisable that you test target binaries before deploying them to clients or using them in exercises.

There’s a couple of somewhat related tools you can also check out:

peinjector – MITM PE File Injector
PEiD – Detect PE Packers, Cryptors & Compilers

Features of Backdoor Factory

Overall BDF Features

The user can:

  • Provide custom shellcode.
  • Patch a directory of executables/dlls.
  • Select x32 or x64 binaries to patch only.
  • Include BDF is other python projects see pebin.py and elfbin.py

PE File Related Backdoor-Factory Features

  • Can find all codecaves in an EXE/DLL.
  • By default, clears the pointer to the PE certificate table, thereby unsigning a binary.
  • Can inject shellcode into code caves or into a new section.
  • Can find if a PE binary needs to run with elevated privileges.
  • When selecting code caves, you can use the following commands:
    • Jump (j), for code cave jumping
    • Single (s), for patching all your shellcode into one cave
    • Append (a), for creating a code cave
    • Ignore (i or q), nevermind, ignore this binary
  • Can ignore DLLs
  • Import Table Patching
  • AutoPatching (-m automtic)
  • Onionduke (-m onionduke)

ELF Files Backdoor Feature

Extends 1000 bytes (in bytes) to the TEXT SEGMENT and injects shellcode into that section of code.

Mach-O Files

Pre-Text Section patching and signature removal


The Backdoor Factory Usage

You can download Backdoor Factory here:

the-backdoor-factory-3.4.2.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


dSploit APK Download - Hacking & Security Toolkit For Android dSploit APK Download – Hacking & Security Toolkit For Android
dSploit APK Download is a Hacking & Security Toolkit For Android which can conduct network analysis and penetration testing activities.
Scallion - GPU Based Onion Hash Generator Scallion – GPU Based Onion Hash Generator
Scallion is a GPU-driven Onion Hash Generator written in C#, it lets you create vanity GPG keys and .onion addresses (for Tor's hidden services).
WiFi-Dumper - Dump WiFi Profiles and Cleartext Passwords WiFi-Dumper – Dump WiFi Profiles and Cleartext Passwords
WiFi-Dumper is an open-source Python-based tool to dump WiFi profiles and cleartext passwords of the connected access points on a Windows machine.
truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.


Comments are closed.