Skip to content

d-r-e/woody_woodpacker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

183 Commits
.devcontainer
.devcontainer
 
 
.vscode
.vscode
 
 
asm
asm
 
 
inc
inc
 
 
resources
resources
 
 
src
src
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
loop.sh
loop.sh
 
 
test.sh
test.sh
 
 

Repository files navigation

woody_woodpacker

“Packers” are tools that consist on compressing executable programs and encrypt them simultaneously. During execution, a program passing through a packer is loaded in memory, compressed and encrypted, then it will be decompressed (decrypted as well) and finally be executed. The creation of this kind of program is linked to the fact that antivirus programs generally analyse programs when they are loaded in memory, before they are executed. Thus, encryption and compression of a packer allow to bypass this behavior by obfuscating the content of an executable until it execution.

ELF Packer: Obfuscation

Woody_woodpacker encrypts an ELF binary passed as parameter and injects a decriptor on the executable, so its execution remains intact in memory. It injects the code finding an empty "code cave" in any PT_LOAD segment.

To begin

ELF Binary Encryption

Elfcrypt

Unix viruses

Elf Infection (in french)

Elf injector step by step

PIE Elf injector code example

Some curiosities

readelf -S bin

binwalk -W bin1 bin2 (-o 0x0ffset) | less

About

ELF binary packer - PIE compatible

Topics

packer binaries malware cybersecurity

Resources

Readme
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 1

1.0 Latest
Oct 19, 2021

Packages

No packages published

Languages