Skip to content
/ simpvir Public

Self-replicating binary infecting Mach-O files

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

spipm/simpvir

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
screenshot
screenshot
 
 
testing
testing
 
 
README.md
README.md
 
 
simp.c
simp.c
 
 
simpvir.asm
simpvir.asm
 
 

Repository files navigation

Self-replicating binary infecting Mach-O files

Description

This is a simple binary that searches for two binary files - simp and sAmp - and tries to infect them with itself ("virus").

Functionality

  • Searches the two files in the current directory
  • Checks if they are 'marked' with a signature
  • If not, gets LC_MAIN offset
  • Adds bytecode above other binary, changes offset
  • Mark file
  • Now the other binary is infected and will run the virus code first and then continue with the original code
  • When virus code is run, it waits for a UDP packet on port 31337, and passes the content to execve if it contains a triggerword

Action

Replicating binary

Resources used

Virus basics

https://cranklin.wordpress.com/2016/12/26/how-to-create-a-virus-using-the-assembly-language/

NASM

http://cs.lmu.edu/~ray/notes/nasmtutorial/

Syscalls

https://opensource.apple.com/source/xnu/xnu-1504.3.12/bsd/kern/syscalls.master

Assembly optimization

https://modexp.wordpress.com/2016/04/03/x64-shellcodes-bsd/

Mach-o file format

https://lowlevelbits.org/parsing-mach-o-files/

https://github.com/aidansteele/osx-abi-macho-file-format-reference

About

Self-replicating binary infecting Mach-O files

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages