Skip to content
metame is a metamorphic code engine for arbitrary executables
Branch: master
Clone or download
Latest commit 41db1ad Jan 17, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
metame Initial commit Aug 7, 2016
screens Initial commit Aug 7, 2016
scripts Initial commit Aug 7, 2016
.gitignore Initial commit Aug 7, 2016
Dockerfile Added Dockerfile Jan 17, 2019
LICENSE Initial commit Aug 7, 2016
README.md Initial commit Aug 7, 2016
setup.cfg
setup.py Initial commit Aug 7, 2016

README.md

metame

metame is a simple metamorphic code engine for arbitrary executables.

From Wikipedia:

Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software.

metame implementation works this way:

  1. Open a given binary and analyze the code
  2. Randomly replace instructions with equivalences in logic and size
  3. Copy and patch the original binary to generate a mutated variant

It currently supports the following architectures:

  • x86 32 bits
  • x86 64 bits

Also, it supports a variety of file formats, as radare2 is used for file parsing and code analysis.

Example of code before and after mutation:

alt text

Hint: Two instructions have been replaced in this snippet.

Here another example on how it can mutate a NOP sled into equivalent code:

alt text

Installation

pip install metame

This should also install the requirements.

You will also need radare2. Refer to the official website for installation instructions.

simplejson is also a "nice to have" for a small performance boost:

pip install simplejson

Usage

metame -i original.exe -o mutation.exe -d

Use metame -h for help.

License

This project is released under the terms of the MIT license.

You can’t perform that action at this time.