From 71b38a064c6fb8befe00d0c73b210155b0949efc Mon Sep 17 00:00:00 2001 From: Dobin Rutishauser Date: Mon, 10 Jun 2024 10:06:24 +0200 Subject: [PATCH] refactor: make decoy a plugin too --- data/source/carrier/alloc_rw_rwx/template.c | 2 ++ data/source/carrier/alloc_rw_rx/template.c | 2 +- data/source/carrier/decoy/none.c | 0 data/source/carrier/decoy/winexec.c | 1 + model/defs.py | 1 + model/settings.py | 4 +++- phases/templater.py | 16 +++++++++++----- supermega.py | 5 +++++ 8 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 data/source/carrier/decoy/none.c create mode 100644 data/source/carrier/decoy/winexec.c diff --git a/data/source/carrier/alloc_rw_rwx/template.c b/data/source/carrier/alloc_rw_rwx/template.c index e51b144..76cadac 100644 --- a/data/source/carrier/alloc_rw_rwx/template.c +++ b/data/source/carrier/alloc_rw_rwx/template.c @@ -36,6 +36,8 @@ int main() antiemulation(); // Decoy + {{plugin_decoy}} + //WinExec("C:\\windows\\system32\\notepad.exe", 1); // Allocate 1 diff --git a/data/source/carrier/alloc_rw_rx/template.c b/data/source/carrier/alloc_rw_rx/template.c index 8a6c2bd..5b95a5b 100644 --- a/data/source/carrier/alloc_rw_rx/template.c +++ b/data/source/carrier/alloc_rw_rx/template.c @@ -36,7 +36,7 @@ int main() antiemulation(); // Decoy - //WinExec("C:\\windows\\system32\\notepad.exe", 1); + {{plugin_decoy}} // Allocate 1 // char *dest = ... diff --git a/data/source/carrier/decoy/none.c b/data/source/carrier/decoy/none.c new file mode 100644 index 0000000..e69de29 diff --git a/data/source/carrier/decoy/winexec.c b/data/source/carrier/decoy/winexec.c new file mode 100644 index 0000000..2519f91 --- /dev/null +++ b/data/source/carrier/decoy/winexec.c @@ -0,0 +1 @@ +WinExec("C:\\windows\\system32\\notepad.exe", 1); \ No newline at end of file diff --git a/model/defs.py b/model/defs.py index c17e06c..386fc4e 100644 --- a/model/defs.py +++ b/model/defs.py @@ -16,6 +16,7 @@ PATH_PAYLOAD = "data/source/payload/" PATH_DECODER = "data/source/carrier/decoder/" PATH_ANTIEMULATION = "data/source/carrier/antiemulation/" +PATH_DECOY = "data/source/carrier/decoy/" PATH_WEB_PROJECT = "projects/" diff --git a/model/settings.py b/model/settings.py index 4bc4c99..201e3d4 100644 --- a/model/settings.py +++ b/model/settings.py @@ -13,7 +13,9 @@ class Settings(): self.carrier_name: str = "" self.decoder_style: DecoderStyle = DecoderStyle.XOR_1 self.short_call_patching: bool = False - self.antiemulation = "timeraw" + + self.plugin_antiemulation = "timeraw" + self.plugin_decoy = "none" self.dllfunc: str = "" # For DLL injection diff --git a/phases/templater.py b/phases/templater.py index 9596fb4..e23cb03 100644 --- a/phases/templater.py +++ b/phases/templater.py @@ -38,23 +38,29 @@ def create_c_from_template(settings: Settings, payload_len: int): 'XOR_KEY2': ascii_to_hex_bytes(config.xor_key2), }) - # Anti-Emulation + # Plugin: Anti-Emulation filepath_antiemulation = PATH_ANTIEMULATION + "{}.c".format( - settings.antiemulation) + settings.plugin_antiemulation) with open(filepath_antiemulation, "r", encoding='utf-8') as file: plugin_antiemualation = file.read() - # Choose correct template + # Plugin: Decoy + filepath_decoy = PATH_DECOY + "{}.c".format( + settings.plugin_decoy) + with open(filepath_decoy, "r", encoding='utf-8') as file: + plugin_decoy = file.read() + + # Choose template dirpath = PATH_CARRIER + settings.carrier_name + "/template.c" with open(dirpath, 'r', encoding='utf-8') as file: template_content = file.read() observer.add_text_file("main_c_template", template_content) - - # Render main template + # Render template template = Template(template_content) rendered_template = template.render({ 'plugin_decoder': plugin_decoder, 'plugin_antiemulation': plugin_antiemualation, + 'plugin_decoy': plugin_decoy, 'PAYLOAD_LEN': payload_len, }) with open(settings.main_c_path, "w", encoding='utf-8') as file: diff --git a/supermega.py b/supermega.py index a122c6d..84105e1 100644 --- a/supermega.py +++ b/supermega.py @@ -146,6 +146,11 @@ def start_real(settings: Settings): project.settings.decoder_style.value, project.settings.carrier_invoke_style.value)) + logger.info("---[ Plugins: AntiEmulation={} Decoy={}".format( + project.settings.plugin_antiemulation, + project.settings.plugin_decoy) + ) + # CREATE: Carrier C source files from template (C->C) phases.templater.create_c_from_template(settings, project.payload.len)