XORChain
Description
A chained XOR encoder, with advanced evasion features.
- Initial key brute-forcing to avoid null bytes
- First byte will be encrypted with the initial key
- Every following byte will be encrypted with the plain previous one
- The stub will be generated with random registers and other evasion features
Command
shencode encoder xorchain [-h] [-i INPUT] [-o OUTPUT] [-v VARIABLE_PADDING] [--verbose]
XORChain - Encrypt each byte with the previous one
options:
-h, --help show this help message and exit
-i, --input Input file to use with xorchain
-o, --output Outputfile for xorchain
-v, --variable-padding
Inserts random NOPs to differ the padding
Additional:
--compile Compile with nasm
--verbose Verbose modeExample Output
shencode encoder xorchain -i calc.raw -o calc.cxo -v 5 --compile
[XOR-CHAiN]-[0.1.1]
[*] Bruteforcing XOR key
[+] Valid XOR key found: 0xbf
[*] Payload size: 251
[+] File dev\calc.raw loaded
[*] Size of shellcode 251 bytes
[*] Hash: 7c1bb19fe6606cfe29e750326db2972c4743e623
[*] ASM script generated with a size of 1003 bytes
[+] Encoded payload appended!
[+] File created in dev\calc.nasm
[*] Hash: 00e81499dc5b0aad9996c14791929cd6e8f40b50
[*] Try to compile object file
[+] File dev\calc.obj created
[*] Size of shellcode 648 bytes
[*] Hash: 8486d83bf725767c04a758b319ef2e94ca0f0aee
[*] Extract .text section from object file
[*] Final shellcode size: 293 bytes
[+] DONE!JSON Parameter
| Arguments | Values | Type |
|---|---|---|
| input | filename | str |
| compile | true, false | bool |
| ouput | filename | str |
| variable_padding | number of NOPs | int |
| verbose | true, false | bool |