version 0.2.0
Ftring: Flag-Based String Generator, a c++ string obfuscator.
Ftring is an obfuscator which generates a string based on cpu flags including
- CF (Carry Flag)
- OF (Overflow Flag)
- SF (Sign Flag)
- ZF (Zero Flag)
- AF (Auxiliary Carry Flag)
- PF (Parity Flag)
A string consists of one/multiple char(s). A char is a byte. A byte consists of 8 bits. In Ftring, each bit will be generated by cpu flags.
- There is no need to use enc/dec routine to hide strings
- There is no embedded string in output exe file
- The embedded string extraction tools such as Strings cannot find any string
- Overwrite the memory of variable whenever there is no need to use it anymore
> Ftring.py --version
Ftring v0.2.0
> Ftring.py -h
usage: Ftring.py [-h] [--version] -r VAR -l VAL -t {s,d}
Flag-Based String Generator, a C++ string obfuscator.
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-r VAR, --var VAR varable name
-l VAL, --val VAL a string would be assigned to the variable
-t {s,d}, --type {s,d}
type of variable: static array or dynamic arrayHere is a sample C++ code of a static array:
#include "pch.h"
#include <iostream>
int main()
{
char static_array[8];
strncpy_s(static_array, "ABCDEFG", (sizeof(static_array) / sizeof(char)) - 1);
std::cout << static_array << std::endl;
return 0;
}Now, Fstring comes into play. In order to generate a static array of a string:
> python "Ftring.py" --var "static_array" --val "ABCDEFG" -t "s"Now it`s time to change the old assignment section to the new one like as follows:
#include "pch.h"
#include <iostream>
int main()
{
char static_array[8];
__asm
{
// *** Creating char 'A' ***
xor al, al
mov cl, 225
add cl, 9
setc bl
xor al, bl
shl al, 1
mov dl, 144
dec dl
lahf
test ah, 10h
jz RHpFexiD
xor al, 1
RHpFexiD:
shl al, 1
mov dh, 2
inc dh
setz bl
xor al, bl
shl al, 1
mov edx, 803704434
inc edx
setp bl
xor al, bl
shl al, 1
mov si, 27175
sub si, 20613
setz bl
xor al, bl
shl al, 1
mov bl, 149
add bl, 39
setp bl
xor al, bl
shl al, 1
mov dh, 59
sub dh, 218
lahf
test ah, 10h
jz IWsajNHQ
xor al, 1
IWsajNHQ:
shl al, 1
mov cx, 19329
add cx, 16579
setp bl
xor al, bl
// Writing char 'A' to memory
mov byte ptr[static_array + 0], al
// *** Creating char 'B' ***
xor al, al
mov bh, 231
dec bh
setp bl
xor al, bl
shl al, 1
mov si, 32665
inc si
setp bl
xor al, bl
shl al, 1
mov edx, 95790338
add edx, 3377626285
setc bl
xor al, bl
shl al, 1
mov esi, 2598286386
dec esi
setp bl
xor al, bl
shl al, 1
mov edx, 3426816507
sub edx, 1655163896
setc bl
xor al, bl
shl al, 1
mov bl, 1762553890
dec bl
setz bl
xor al, bl
shl al, 1
mov ebx, 336454216
add ebx, 3411391724
sets bl
xor al, bl
shl al, 1
mov dh, 182
inc dh
setz bl
xor al, bl
// Writing char 'B' to memory
mov byte ptr[static_array + 1], al
// *** Creating char 'C' ***
xor al, al
mov ch, 104
add ch, 140
setp bl
xor al, bl
shl al, 1
mov dl, 10
sub dl, 72
sets bl
xor al, bl
shl al, 1
mov dx, 39785
sub dx, 9596
sets bl
xor al, bl
shl al, 1
mov bh, 244
sub bh, 146
setp bl
xor al, bl
shl al, 1
mov ch, 90
sub ch, 168
setz bl
xor al, bl
shl al, 1
mov edi, 3938737555
sub edi, 2288317187
lahf
test ah, 10h
jz bFxbAGOk
xor al, 1
bFxbAGOk:
shl al, 1
mov dl, 1
sub dl, 1
setz bl
xor al, bl
shl al, 1
mov edx, 0
dec edx
sets bl
xor al, bl
// Writing char 'C' to memory
mov byte ptr[static_array + 2], al
// *** Creating char 'D' ***
xor al, al
mov bx, 46340
sub bx, 35770
setz bl
xor al, bl
shl al, 1
mov cl, 19
add cl, 254
lahf
test ah, 10h
jz SIOZAxwK
xor al, 1
SIOZAxwK:
shl al, 1
mov ch, 128
dec ch
sets bl
xor al, bl
shl al, 1
mov dl, 128
dec dl
sets bl
xor al, bl
shl al, 1
mov bh, 85
sub bh, 193
lahf
test ah, 10h
jz iJtOSNHj
xor al, 1
iJtOSNHj:
shl al, 1
mov ebx, 2124192713
add ebx, 3426582157
setp bl
xor al, bl
shl al, 1
clc
setc bl
xor al, bl
shl al, 1
mov dh, 2019837532
dec dh
setz bl
xor al, bl
// Writing char 'D' to memory
mov byte ptr[static_array + 3], al
// *** Creating char 'E' ***
xor al, al
mov edx, 2530793283
sub edx, 1153677674
setp bl
xor al, bl
shl al, 1
mov dh, 15
add dh, 192
setp bl
xor al, bl
shl al, 1
mov cl, 155
dec cl
lahf
test ah, 10h
jz zuNsYsfV
xor al, 1
zuNsYsfV:
shl al, 1
mov esi, 2898705489
inc esi
setz bl
xor al, bl
shl al, 1
mov bl, 133
add bl, 128
lahf
test ah, 10h
jz qDOkSUTB
xor al, 1
qDOkSUTB:
shl al, 1
mov ch, 0
dec ch
sets bl
xor al, bl
shl al, 1
mov ch, 255
inc ch
sets bl
xor al, bl
shl al, 1
stc
setc bl
xor al, bl
// Writing char 'E' to memory
mov byte ptr[static_array + 4], al
// *** Creating char 'F' ***
xor al, al
mov cl, 119
dec cl
setp bl
xor al, bl
shl al, 1
mov ch, 254
add ch, 177
setc bl
xor al, bl
shl al, 1
mov edi, 2204711093
add edi, 1510475662
setp bl
xor al, bl
shl al, 1
mov bl, 202
sub bl, 145
sets bl
xor al, bl
shl al, 1
mov cl, 71
inc cl
setz bl
xor al, bl
shl al, 1
mov bl, 209
add bl, 47
setz bl
xor al, bl
shl al, 1
mov bl, 197
sub bl, 89
lahf
test ah, 10h
jz jMVnHGUk
xor al, 1
jMVnHGUk:
shl al, 1
mov esi, 2221654487
dec esi
setz bl
xor al, bl
// Writing char 'F' to memory
mov byte ptr[static_array + 5], al
// *** Creating char 'G' ***
xor al, al
mov bl, 64
add bl, 203
setp bl
xor al, bl
shl al, 1
mov bh, 130
add bh, 126
setz bl
xor al, bl
shl al, 1
mov esi, 993301417
dec esi
setp bl
xor al, bl
shl al, 1
mov dl, 147
inc dl
setz bl
xor al, bl
shl al, 1
mov di, 1275706985
dec di
setz bl
xor al, bl
shl al, 1
mov dl, 30
sub dl, 254
setc bl
xor al, bl
shl al, 1
mov edi, 3901161328
dec edi
lahf
test ah, 10h
jz AnAGSdXb
xor al, 1
AnAGSdXb:
shl al, 1
mov esi, 1982766754
sub esi, 3973862322
setc bl
xor al, bl
// Writing char 'G' to memory
mov byte ptr[static_array + 6], al
// *** Creating char ' ' ***
xor al, al
mov bx, 18716
add bx, 56771
lahf
test ah, 10h
jz vgncyQEX
xor al, 1
vgncyQEX:
shl al, 1
mov ebx, 2147483648
dec ebx
sets bl
xor al, bl
shl al, 1
mov bl, 203
inc bl
lahf
test ah, 10h
jz eOQHmMCC
xor al, 1
eOQHmMCC:
shl al, 1
clc
setc bl
xor al, bl
shl al, 1
mov cx, 65535
inc cx
sets bl
xor al, bl
shl al, 1
mov dh, 0
inc dh
lahf
test ah, 10h
jz KqNtzWBa
xor al, 1
KqNtzWBa:
shl al, 1
mov edi, 2372219362
add edi, 994455071
setp bl
xor al, bl
shl al, 1
mov cl, 3990191501
dec cl
setz bl
xor al, bl
// Writing char ' ' to memory
mov byte ptr[static_array + 7], al
}
std::cout << static_array << std::endl;
return 0;
}
Here is a sample C++ code of a dynamic array:
#include "pch.h"
#include <iostream>
char *dynamic_array = new char[8];
int main()
{
strncpy_s(dynamic_array, 8, "ABCDEFG", 8);
std::cout << dynamic_array << std::endl;
return 0;
}Now, Fstring comes into play. In order to generate a dynamic array of a string:
> python "Ftring.py" --var "dynamic_var" --val "ABCDEFG" -t "d"Now it`s time to change the old assignment section to the new one like as follows:
#include "pch.h"
#include <iostream>
char *dynamic_array = new char[8];
int main()
{
__asm
{
// *** Creating char 'A' ***
xor al, al
mov di, 32768
dec di
sets bl
xor al, bl
shl al, 1
mov ch, 192
sub ch, 214
lahf
test ah, 10h
jz KHMYVAGH
xor al, 1
KHMYVAGH:
shl al, 1
mov dx, 64470
add dx, 128
setc bl
xor al, bl
shl al, 1
mov edx, 1860391589
sub edx, 1668870984
setz bl
xor al, bl
shl al, 1
mov edx, 2147483648
dec edx
sets bl
xor al, bl
shl al, 1
clc
setc bl
xor al, bl
shl al, 1
mov di, 44502
add di, 11812
setc bl
xor al, bl
shl al, 1
mov dl, 255
inc dl
setz bl
xor al, bl
// Writing char 'A' to memory
mov esi, dword ptr[dynamic_array]
mov byte ptr[esi + 0], al
// *** Creating char 'B' ***
xor al, al
mov cl, 194
inc cl
setz bl
xor al, bl
shl al, 1
mov cl, 199
sub cl, 26
lahf
test ah, 10h
jz yMBeSYPU
xor al, 1
yMBeSYPU:
shl al, 1
mov si, 65535
inc si
sets bl
xor al, bl
shl al, 1
mov dh, 1866711762
dec dh
setz bl
xor al, bl
shl al, 1
mov dl, 166
add dl, -74
sets bl
xor al, bl
shl al, 1
mov ch, 29
add ch, 81
lahf
test ah, 10h
jz vGmVaPuR
xor al, 1
vGmVaPuR:
shl al, 1
mov cx, 2423
sub cx, 51320
setc bl
xor al, bl
shl al, 1
mov ch, 55
sub ch, 226
setz bl
xor al, bl
// Writing char 'B' to memory
mov esi, dword ptr[dynamic_array]
mov byte ptr[esi + 1], al
// *** Creating char 'C' ***
xor al, al
mov cl, 248
dec cl
setp bl
xor al, bl
shl al, 1
mov cx, 14184
add cx, 30092
lahf
test ah, 10h
jz iouafHCH
xor al, 1
iouafHCH:
shl al, 1
mov di, 3891806791
dec di
setz bl
xor al, bl
shl al, 1
mov bh, 61
add bh, 41
setz bl
xor al, bl
shl al, 1
mov di, 2036
sub di, 319
setc bl
xor al, bl
shl al, 1
mov dh, 213
sub dh, 127
setc bl
xor al, bl
shl al, 1
mov edx, 1772343999
inc edx
lahf
test ah, 10h
jz Ndrdkhii
xor al, 1
Ndrdkhii:
shl al, 1
mov edi, 2113416391
add edi, 2181550905
setz bl
xor al, bl
// Writing char 'C' to memory
mov ebx, dword ptr[dynamic_array]
mov byte ptr[ebx + 2], al
// *** Creating char 'D' ***
xor al, al
mov esi, 205146773
sub esi, 338501444
lahf
test ah, 10h
jz RbYoRBTw
xor al, 1
RbYoRBTw:
shl al, 1
mov dh, 1
dec dh
setz bl
xor al, bl
shl al, 1
mov ch, 18
add ch, 235
setp bl
xor al, bl
shl al, 1
mov cl, 81
sub cl, 51
setc bl
xor al, bl
shl al, 1
mov cl, 188
add cl, -114
sets bl
xor al, bl
shl al, 1
mov cl, 159
inc cl
lahf
test ah, 10h
jz JomahUVN
xor al, 1
JomahUVN:
shl al, 1
mov dx, 53763
inc dx
setz bl
xor al, bl
shl al, 1
clc
setc bl
xor al, bl
// Writing char 'D' to memory
mov edx, dword ptr[dynamic_array]
mov byte ptr[edx + 3], al
// *** Creating char 'E' ***
xor al, al
mov dh, 228
add dh, 26
setp bl
xor al, bl
shl al, 1
mov ecx, 3860999396
add ecx, 3261983825
setc bl
xor al, bl
shl al, 1
mov bl, 239
add bl, 7
setc bl
xor al, bl
shl al, 1
mov bh, 255
inc bh
sets bl
xor al, bl
shl al, 1
mov bl, 38
dec bl
lahf
test ah, 10h
jz hOUhOreD
xor al, 1
hOUhOreD:
shl al, 1
mov dh, 1
dec dh
setz bl
xor al, bl
shl al, 1
mov cl, 128
dec cl
sets bl
xor al, bl
shl al, 1
mov ebx, 1907993546
sub ebx, 1907993546
setz bl
xor al, bl
// Writing char 'E' to memory
mov ebx, dword ptr[dynamic_array]
mov byte ptr[ebx + 4], al
// *** Creating char 'F' ***
xor al, al
mov dx, 60849
inc dx
lahf
test ah, 10h
jz ZozpLqME
xor al, 1
ZozpLqME:
shl al, 1
mov dl, 255
inc dl
setz bl
xor al, bl
shl al, 1
mov edi, 2424951073
sub edi, 1963506737
sets bl
xor al, bl
shl al, 1
mov di, 3716
add di, 61285
setp bl
xor al, bl
shl al, 1
mov bl, 230
sub bl, 161
lahf
test ah, 10h
jz WqtjquVT
xor al, 1
WqtjquVT:
shl al, 1
mov di, 5918
sub di, 5918
setz bl
xor al, bl
shl al, 1
mov bl, 55
dec bl
setp bl
xor al, bl
shl al, 1
clc
setc bl
xor al, bl
// Writing char 'F' to memory
mov ecx, dword ptr[dynamic_array]
mov byte ptr[ecx + 5], al
// *** Creating char 'G' ***
xor al, al
mov di, 39230
add di, 8484
setz bl
xor al, bl
shl al, 1
mov dl, 72
dec dl
setp bl
xor al, bl
shl al, 1
mov esi, 1313252980
add esi, 3874260087
lahf
test ah, 10h
jz MlNHZicY
xor al, 1
MlNHZicY:
shl al, 1
mov cx, 32768
dec cx
sets bl
xor al, bl
shl al, 1
mov dx, 36131
sub dx, 31088
setc bl
xor al, bl
shl al, 1
mov esi, 2023866991
sub esi, 2558314733
sets bl
xor al, bl
shl al, 1
mov edi, 577449973
add edi, 3675457510
sets bl
xor al, bl
shl al, 1
mov bl, 0
dec bl
sets bl
xor al, bl
// Writing char 'G' to memory
mov ecx, dword ptr[dynamic_array]
mov byte ptr[ecx + 6], al
// *** Creating char ' ' ***
xor al, al
mov ebx, 1648226363
sub ebx, 1892818039
setp bl
xor al, bl
shl al, 1
mov cl, 188
add cl, 176
lahf
test ah, 10h
jz lFKincTN
xor al, 1
lFKincTN:
shl al, 1
mov dx, 62720
inc dx
lahf
test ah, 10h
jz MljryqwJ
xor al, 1
MljryqwJ:
shl al, 1
mov dh, 255
inc dh
sets bl
xor al, bl
shl al, 1
mov cl, 228
sub cl, 235
setz bl
xor al, bl
shl al, 1
mov di, 40558
sub di, 17063
sets bl
xor al, bl
shl al, 1
mov esi, 3051469706
sub esi, 2716751261
sets bl
xor al, bl
shl al, 1
mov edx, 2665457733
add edx, 519460137
setc bl
xor al, bl
// Writing char ' ' to memory
mov ebx, dword ptr[dynamic_array]
mov byte ptr[ebx + 7], al
}
std::cout << dynamic_array << std::endl;
return 0;
}
- String generation based on carry flag
- Supports C++ static and dynamic arrays
- String generation based on A-Flag, P-Flag, S-Flag and Z-Flag.
- The core of Ftring is divided to multiple packages.
- String generation based on Overflow Flag.
- Add more methods to set or reset the aforementioned flags
- Generate a routine to overwrite the memory of variable whenever there is no need to use it anymore