|
| 1 | +## Elliptic Curve Cryptography (ECC) Encryption and decryption. |
| 2 | + |
| 3 | +## Introduction |
| 4 | + |
| 5 | + |
| 6 | + |
| 7 | +Elliptic Curve Cryptography (ECC), which is typically used for secure communications due to its efficiency and high security with smaller keys. |
| 8 | + |
| 9 | +Jump to the code => [JMP](./src/main.rs) |
| 10 | + |
| 11 | +## Process of Implementation |
| 12 | + |
| 13 | +I implemented ECC in a way that could be useful for malware development by encrypting shellcode with a public key and then decrypting it using both the corresponding private key and an additional component called the R Point. This approach adds an extra layer of security, ensuring that only those with the correct private key and R Point can decrypt and execute the shellcode. |
| 14 | + |
| 15 | +> Note: Please go through the main function where i explained function features. |
| 16 | +
|
| 17 | +I generate random public and private keys then, |
| 18 | + |
| 19 | +I have converted Keys into bytes for ease of handling, then reconstruct these keys for use in encryption and decryption. The encryption process involves using the public key to encrypt the shellcode and generate an R Point, which is serialized into bytes. To decrypt, you need this R Point along with the private key, which together allow the shellcode to be recovered and executed. However, my method of executing the shellcode is basic and could potentially be detected by security software, so more sophisticated execution methods would be necessary for real-world scenarios. |
| 20 | + |
| 21 | +This Proof of Concept shows how ECC can be adapted for stealthy malware operations by leveraging its inherent security properties. |
| 22 | + |
| 23 | + |
| 24 | +## Small Snippet to encrypt and decrypt Messages |
| 25 | + |
| 26 | +Write the Encrypt and decrypt function |
| 27 | + |
| 28 | +``` |
| 29 | +// #![allow(deprecated)] |
| 30 | +pub use k256::{elliptic_curve::{sec1::FromEncodedPoint, AffinePoint, Field}, EncodedPoint, ProjectivePoint, Scalar, Secp256k1}; |
| 31 | +pub use sha2::{Digest, Sha256}; |
| 32 | +pub use rand::rngs::OsRng; |
| 33 | +pub use k256::elliptic_curve::group::GroupEncoding; |
| 34 | +pub use k256::ecdsa::VerifyingKey; |
| 35 | +
|
| 36 | +fn encode_shellcode( |
| 37 | + shellcode: &[u8], |
| 38 | + public_key: &AffinePoint<Secp256k1>, |
| 39 | +) -> (EncodedPoint, Vec<u8>) { |
| 40 | + let mut rng = OsRng; |
| 41 | +
|
| 42 | + // generate the ephemeral keypair |
| 43 | + let k = Scalar::random(&mut rng); |
| 44 | + let r = (ProjectivePoint::generator() * k).to_affine(); |
| 45 | +
|
| 46 | + // compute shared secret |
| 47 | + let shared_secret = *public_key * k; |
| 48 | + let shared_secret_bytes = shared_secret.to_bytes(); |
| 49 | +
|
| 50 | + // derive encryption key from shared secret |
| 51 | + let mut hasher = Sha256::new(); |
| 52 | + hasher.update(shared_secret_bytes); |
| 53 | + let encryption_key = hasher.finalize(); |
| 54 | +
|
| 55 | + // Encrypt shellcode |
| 56 | + let encrypted_shellcode: Vec<u8> = shellcode |
| 57 | + .iter() |
| 58 | + .zip(encryption_key.iter().cycle()) |
| 59 | + .map(|(&byte, &key)| byte ^ key) |
| 60 | + .collect(); |
| 61 | +
|
| 62 | + (EncodedPoint::from(&r), encrypted_shellcode) |
| 63 | +} |
| 64 | +
|
| 65 | +fn decode_shellcode( |
| 66 | + encrypted_shellcode: &[u8], |
| 67 | + r: &EncodedPoint, |
| 68 | + private_key: &Scalar, |
| 69 | +) -> Vec<u8> { |
| 70 | + // Compute shared secret |
| 71 | + let r_point = ProjectivePoint::from_encoded_point(r).expect("Invalid R point"); |
| 72 | + let shared_secret = r_point * private_key; |
| 73 | + let shared_secret_bytes = shared_secret.to_bytes(); |
| 74 | +
|
| 75 | + // derive decryption key from shared secret |
| 76 | + let mut hasher = Sha256::new(); |
| 77 | + hasher.update(shared_secret_bytes); |
| 78 | + let decryption_key = hasher.finalize(); |
| 79 | +
|
| 80 | + // Decrypt shellcode |
| 81 | + encrypted_shellcode |
| 82 | + .iter() |
| 83 | + .zip(decryption_key.iter().cycle()) |
| 84 | + .map(|(&byte, &key)| byte ^ key) |
| 85 | + .collect() |
| 86 | +} |
| 87 | +``` |
| 88 | + |
| 89 | +Write the main function for operation |
| 90 | + |
| 91 | +``` |
| 92 | +
|
| 93 | +fn main() { |
| 94 | + // Example string => lets name it as shellcode ie (placeholder) |
| 95 | + let shellcode: &[u8] = b;"Hello, World!" |
| 96 | +
|
| 97 | + // Generate ECC key pair |
| 98 | + let private_key = Scalar::random(&mut OsRng); |
| 99 | + let public_key = (ProjectivePoint::generator() * private_key).to_affine(); |
| 100 | +
|
| 101 | + println!("Private Key: {:?}", private_key); |
| 102 | + println!("Public Key: {:?}", public_key); |
| 103 | +
|
| 104 | + // Convert AffinePoint to VerifyingKey (or PublicKey) |
| 105 | + VerifyingKey::from_encoded_point(&EncodedPoint::from(public_key)) |
| 106 | + .expect("Invalid public key"); |
| 107 | +
|
| 108 | + let (r, encrypted_shellcode) = encode_shellcode(shellcode, &public_key); |
| 109 | +
|
| 110 | + println!("Encrypted Shellcode: {:?}", encrypted_shellcode); |
| 111 | +
|
| 112 | + // Decode the shellcode |
| 113 | + let decrypted_shellcode = decode_shellcode(&encrypted_shellcode, &r, &private_key); |
| 114 | +
|
| 115 | + println!( |
| 116 | + "Decrypted Shellcode: {:?}", |
| 117 | + String::from_utf8(decrypted_shellcode).unwrap() |
| 118 | + ); |
| 119 | +} |
| 120 | +``` |
| 121 | + |
| 122 | +## Resource Used |
| 123 | + |
| 124 | +* https://github.com/nakov/practical-cryptography-for-developers-book/blob/master/asymmetric-key-ciphers/elliptic-curve-cryptography-ecc.md |
| 125 | +* https://github.com/nakov/Practical-Cryptography-for-Developers-Book/blob/master/asymmetric-key-ciphers/ecc-encryption-decryption.md |
| 126 | +## Authors |
| 127 | + |
| 128 | +By [Smukx.E](https://x.com/5mukx) |
0 commit comments