simple compiler based on mingw to build uncrackable windows application against analysis tools
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
puzzCode
resources
LICENSE
README.md
_config.yml Set theme jekyll-theme-hacker Dec 20, 2017
index.html
puzzCode.sln

README.md

puzzCode(Puzzle Code)

螢幕快照 2017-12-21 上午6.21.38.png

Description

puzzCode is a simple compiler based on mingw, written in C# to build windows applications in such a way that they can’t be analysed by standard analysis tools (e.g. IDA, Ollydbg, x64dbg, Snowman Decompiler, etc.)

puzzCode is based on MinGW to compile C/C++ source code to assembly language while also obfuscating every instruction. puzzCode transforms each original instruction into obfuscated code by breaking each function into countless pieces.

The most important thing is that the executable (exe) file, once compiled by puzzCode will be undetectable by antivirus as it effectively will create a completely new application.

Example

void play(void) {
    int code = rand() % 3;
    switch (code)
    {
      case 0:
        MessageBoxA(0, "hello", "info", 0);
        break;
      case 1:
        MessageBoxA(0, "hola", "info", 0);
        break;
      default:
        MessageBoxA(0, ":/ ...", "info", 0);
        break;
    }
}   

Normal Graph Overview (IDA)

It's pretty easy to understand, right?

螢幕快照 2017-12-21 上午5.44.18.png

Graph Overview, Compiled via puzzCode (IDA)

... How about now? :)

螢幕快照 2017-12-21 上午6.16.17.png

x64dbg (32bit Mode)

Snowman Plug-in

Quick Run

puzzCode only support 32bit Windows PE compiling currently.

  1. Install MinGW on your windows environment: https://sourceforge.net/projects/mingw/files/Installer

  2. Download from Release Page, or clone this project, compile it with Visual C# 2017, you'll get puzzCode software.

Usage

螢幕快照 2017-12-21 上午5.36.29.png

You have to set the MinGW path on your Windows environment the first time you run puzzCode and enter compiler arguments, linker arguments, and obfuscated degree (from 0 to 100).

螢幕快照 2017-12-21 上午6.17.08.png 螢幕快照 2017-12-21 上午6.26.18.png

After you setup the configuration, you are able to freely code in puzzCode. Simply hit the "Compile" button and the .exe file will be generated at the same path of your source code file.

Snippet

螢幕快照 2017-12-21 上午6.27.23.png

Some backdoors and programs are really useful but what if you don't have that source code? That's Ok, your can use the Snippet > RunPE feature.

螢幕快照 2017-12-21 上午6.29.06.png

puzzCode packs the program you selected, and generates the source code. Just compile, and get a new undetectable Backdoooooor!!

RunPE refer: https://github.com/Zer0Mem0ry/RunPE/blob/master/RunPE.cpp