ByteBert
Description
An advanced polymorphic encoder
ByteBert is based on ByteSwap but provides more advanced features like:
- no shellcode max size limit
- variable registers which will be used for decoding the shellcode
- variable instruction sets
- option to vary the padding with NOP
- automatic compile with
nasm.exe - extract shellcode from compiled object file
You have to provide nasm.exe in your shencode directory. Download your copy here.
Workflow
- Load the payload
- Encode the payload with ByteSwap
- Create the stub with random registers and instructions
- Append the encoded payload
- Conpile with nasm
- Extract the
.textsection as final shellcode
Command
shencode encoder bytebert [-h] [-i INPUT] [-o OUTPUT] [-v]
options:
--help show this help message and exit
--input INPUT Input file to use with byteswap stub
--output OUTPUT outputfile for byteswap stub
--variable-padding Inserts a random NOP to differ the padding
Example output
shencode encoder bytebert -i calc.raw -o bb.sc -v
[ByteBERT-ENC]-[0.2.3]
[*] Random key: 50 (0x32)
[*] Payload size: 251
[+] File calc.raw loaded
[*] Size of shellcode 251 bytes
[*] Hash: 7c1bb19fe6606cfe29e750326db2972c4743e623
[*] Stub generated with a size of 1898 bytes
[*] XORed payload added!
[+] File created in bb.sc
[*] Hash: e624e5d2f120dc2cf9a8bf8c515b39141f691a3d
[*] Try to compile object file
[+] File bb.o created
[*] Size of shellcode 722 bytes
[*] Hash: d744efe826d4646d1b0e5b6b49295200714193bf
[+] DONE!
JSON Parameter
| Arguments | Values | Type |
|---|---|---|
| input | filename | str |
| ouput | filename | str |
| variable_padding | true, false | bool |
| verbose | true, false | bool |