Example Linux based packer for ELF binaries that uses ZLib to compress and then XOR cipher single byte key the payload while creating a self unpacking binary. In the example code you can use an GCC compiled edition of a C hello world source and have that executed in a "packed" version as a wrapper using the above mechanisms.
For educational purposes only. No expressed warranty.
- Lower the entropy value by using simple encodings
- Include in the build positive keywords or known metadata
- Keep the size large enough usually >=1MB
- Dont strip out symbols or flags --- sure, you can try to stop the RE work but you don't want it to trigger to start with, right?
I wrote one just because I wanted to figure out what the best mechanism of self-execution would be to prepend the executable after which is the harder part. We can take inspiration from my last obfuscation pet project generating python payload. The name is the abbreviated for "RW for Robin Williams" the late actor because it's just clowning around on this project (his role in Patch Adams)
Recreated similar template of my "py-obfuscation-payloadgen" project by letting it create a skeleton. Add in the requirement for compression and encryption with a static key to produce a Python edition payload (again). Then I cheated, and used Claude 3.5 Gen AI to port the Python 3.x to a Go 1.18 compatible equivalent because I hate Go syntax so that's why I used Claude. Go was used because it can operate as a script and as a compiled version of itself. I modified it to use a standard shell sub process call to "build" itself and then pump out the binary to disk.
Python code written for Claude to interpret and translate into Go stuff later:
Claude 3.5 refactored version and the only difference really just subprocess calling itself to compile a binary instead of just a script-wrapper. Then I check the entropy level before and after:
