I was a bit bored of switching between metasm_shell and nasm_shell every time I had to play with assembly instructions and opcodes during exploit development or reversing code.

Also, switching between x86 and x64 wasn’t possible. Since I was already playing with the triforce Keystone, Capstone and Unicorn Python bindings, in a different project, I decided to write a small interactive assembly/disassembly shell for various architectures powered by Keystone/Capstone.

It’s extremely easy to use, and install. To install just type:

pip3 install kcshell

You may be wondering, pip3? Yes, I wrote it in Python3 and I really didn’t care about Python2. Why? Well, Python2 will be unsuported in more or less 3 years, so I decided to use Python3.


By default kcshell starts in ‘assembler’ mode (x86 32 bits). You can change modes with ‘setmode’.

$ kcshell
-=[ kcshell 0.0.1 ]=-
Default Assembler architecture is x86 (32 bits)
asm> lsmodes
disasm, asm
asm> setmode disasm
Default Disassembler architecture is x86 (32 bits)

You can also change the default architecture for both the ‘assembler’ and ‘disassembler’ with ‘setarch’.

disasm> lsarchs
x86, mips32, arm_t, x64, arm, x16, arm64, mips64
disasm> setarch x64
Disassembler architecture is now x64

To assemble instructions just type the instructions in the command line.

asm> jmp esp
asm> xor eax, eax
asm> jmp -500
asm> add esp,-1500
asm> xor ecx,ecx ; mov ch, 0xc8 ; mov esi, edi ; mov edi, esp ; rep movsb
asm> setarch x64
Assembler architecture is now x64
asm> inc rax

To go from opcodes to instructions just type them in the command line.

disasm> \xff\xe4
0x00400000:     jmp     esp
disasm> \x31\xc0
0x00400000:     xor     eax, eax
disasm> \x31\xc9\xb5\xc8\x89\xfe\x89\xe7\xf3\xa4
0x00400000:     xor     ecx, ecx
0x00400002:     mov     ch, 0xc8
0x00400004:     mov     esi, edi
0x00400006:     mov     edi, esp
0x00400008:     rep movsb       byte ptr es:[edi], byte ptr [esi]
disasm> setarch x64
Disassembler architecture is now x64
disasm> \x48\xff\xc0
0x00400000:     inc     rax

For help just use ‘?’ or ‘help ’.

asm> ?

Documented commands (type help <topic>):
EOF  exit  help  lsarchs  lsmodes  quit  setarch  setmode

asm> help lsmodes
Lists current operational modes available.
asm> help lsarchs
List supported Assembler architectures.
asm> help setarch
Set Assembler architecture. To list available options type 'lsarchs'.
asm> help setmode
Sets 'kcshell' operational mode. For available options run 'lsmodes'.
asm> lsarchs
systemz, hexagon, arm, arm64, ppc32, mips32, sparc, x64, x16, sparc64, arm_t, x86, mips64, ppc64

To list all the supported architectures just go to the desired mode and use ‘lsarchs’.

asm> lsarchs
mips64, sparc64, sparc, arm_t, x64, x16, arm64, hexagon, systemz, mips32, ppc64, x86, arm, ppc32
asm> lsmodes
asm, disasm
asm> setmode disasm
Default Disassembler architecture is x86 (32 bits)
disasm> lsarchs
mips64, x16, arm64, mips32, arm_t, x86, arm, x64


I plan to implement a feature to read assembly instructions or opcodes from files soon. So if you find kcshell useful just keep an eye on github. In the meantime, have fun.