Shiva, a Linux micropatching system for ELF was developed with funding from the Defense Advanced Research Projects Agency (DARPA) AMP program (Assured Micro Patching) https://www.darpa.mil/program/assured-micropatching. Shiva aims to advance the state of binary patching in Linux and emerged into the AMP program with aggressive goals, all of which have come into fruition. Shiva is still in early development, and requires extensive work on various components and ports to other architectures. Shiva (forked from https://github.com/elfmaster/shiva) was tailored to meet the needs of NASA, and has full support for Linux (AArch64 and X86_64). Tested on Ubuntu Linux 18, 20, 22, 24.

Shiva is a custom ELF runtime linker; a JIT (Just in time) binary re-writing engine. And, although young in it’s development, it already demonstrates advanced ELF patching capabilities as a tool-chain that plans to adopt the conventions and traditions of the existing ELF ABI tool-chain: “/bin/gcc”, “/bin/ld”, “/lib/ld-linux.so”, etc. The philosophy of Shiva is to allow developers to write their patches freely in C with little to no reverse engineering knowledge. Shiva is symbol and relocation driven like traditional linkers, but extends on the machinery of ELF relocations and linking to achieve more complex program transformations such as function splicing. Furthermore Shiva is a Chief patching solution on the DARPA EBOSS project supporting a continued development effort to integrate powerful high-resolution DWARF support for symbolic access to local variables and function parameters, as well as the ability to patch an ELF binary by source-line-number. To simply nerd out for a moment, imagine the concept of code-relocations that resolve to register numbers and stack-offsets based on DWARF location meta-data allowing function-splice patches to symbolically access stack variables and function parameters by name. Precision level binary patching with enhanced relocatable code using DWARF extensions... this is where Shiva is heading. Binary patching has never been so easy, so flexible, so scalable. It no longer requires a Reverse Engineer or an ELF Guru to perform impossible Linux binary patching techniques, all done within high-level C code with natural programming expressions.

Although still in an early phase of development, Shiva has nonetheless invented groundbreaking concepts such as “Linker chaining”, and “ELF transforms” that revolutionize ELF binary patching capabilities. The Shiva code-base is expanding quickly, and intends to continue innovating powerful solutions while adapting to new architectures. See branch x86_64_port for the X86_64 support, it will soon be merged into main. Follow the links below for the Github repository and a DEFCON 31 talk "Revolutionizing ELF binary patching with Shiva". elfmaster at arcana-research.io