The Backdoor Factory (BDF) – Patch Binaries With Shellcode


The Backdoor Factory or BDF is a tool which enables you to patch binaries with shellcode and continue normal execution exactly as the executable binary would have in its’ pre-patched state.

The Backdoor Factory (BDF) - Patch Binaries With Shellcode


Some executables have built in protection, as such this tool will not work on all binaries. It is advisable that you test target binaries before deploying them to clients or using them in exercises.

There’s a couple of somewhat related tools you can also check out:

peinjector – MITM PE File Injector
PEiD – Detect PE Packers, Cryptors & Compilers

Features of Backdoor Factory

Overall BDF Features

The user can:

  • Provide custom shellcode.
  • Patch a directory of executables/dlls.
  • Select x32 or x64 binaries to patch only.
  • Include BDF is other python projects see pebin.py and elfbin.py

PE File Related Backdoor-Factory Features

  • Can find all codecaves in an EXE/DLL.
  • By default, clears the pointer to the PE certificate table, thereby unsigning a binary.
  • Can inject shellcode into code caves or into a new section.
  • Can find if a PE binary needs to run with elevated privileges.
  • When selecting code caves, you can use the following commands:
    • Jump (j), for code cave jumping
    • Single (s), for patching all your shellcode into one cave
    • Append (a), for creating a code cave
    • Ignore (i or q), nevermind, ignore this binary
  • Can ignore DLLs
  • Import Table Patching
  • AutoPatching (-m automtic)
  • Onionduke (-m onionduke)

ELF Files Backdoor Feature

Extends 1000 bytes (in bytes) to the TEXT SEGMENT and injects shellcode into that section of code.

Mach-O Files

Pre-Text Section patching and signature removal


The Backdoor Factory Usage

You can download Backdoor Factory here:

the-backdoor-factory-3.4.2.zip

Or read more here.

Posted in: Hacking Tools


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


Comments are closed.