Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
en:it-security:blog:obfuscation_polymorphic_in_memory_decoder [2024/09/23 11:03] psycoreen:it-security:blog:obfuscation_polymorphic_in_memory_decoder [2024/10/15 21:30] (current) psycore
Line 143: Line 143:
  
 <code python> <code python>
-python shencode.py extract -calc.o -o calc.raw -fb 60 -lb 311+python shencode.py extract -calc.o -o calc.raw -fb 60 -lb 311
 ... ...
-python shencode.py encode -calc.raw -o calc.xor -x -xk 63+python shencode.py xorencode -calc.raw -o calc.xor -63
 ... ...
-python shencode.py output -calc.xor -s cs+python shencode.py formatout -calc.xor -s cs
 [*] processing shellcode format... [*] processing shellcode format...
 0x6a,0x77,0xb6, 0x6a,0x77,0xb6,
Line 188: Line 188:
  
 <code python> <code python>
-python shencode.py output -xor-decoder.o -s inspect+python shencode.py formatout -xor-decoder.o -s inspect
  
 0x00000048: 00 00 00 00 00 00 00 00 0x00000048: 00 00 00 00 00 00 00 00
Line 198: Line 198:
 0x00000336: 00 00 00 00 00 fe ff 00 0x00000336: 00 00 00 00 00 fe ff 00
  
-python shencode.py extract -xor-decoder.o -o xor-decoder.stub -fb 60 -lb 329+python shencode.py extract -xor-decoder.o -o xor-decoder.stub -fb 60 -lb 329
  
 [*] try to open file [*] try to open file
Line 206: Line 206:
 [+] DONE! [+] DONE!
  
-python shencode.py output -xor-decoder.stub -s c+python shencode.py formatout -xor-decoder.stub -s c
  
 [*] processing shellcode format... [*] processing shellcode format...
Line 263: Line 263:
  
 <code python> <code python>
-python shencode.py encode -input.raw -o xor.out --xor --xorkey 63 +python shencode.py xorencode -input.raw -o xor.out --key 63 
-python shencode.py create --xor-stub --xor-filename xor.out --xor-outputfile stub.raw --xor-key 63+python shencode.py xorpoly -xor.out -stub.raw --key 63
 </code> </code>