Skip to content
/ slimpack Public

Toolkit for building encrypted file loaders for single source file NASM projects (uses AES-NI instructions)

3 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

linuxthor/slimpack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

33 Commits
README.md
README.md
 
 
control.inc
control.inc
 
 
enc.asm
enc.asm
 
 
key.inc
key.inc
 
 
key_file.inc
key_file.inc
 
 
key_file_vars.inc
key_file_vars.inc
 
 
key_fixed.inc
key_fixed.inc
 
 
key_stdin.inc
key_stdin.inc
 
 
loader.asm
loader.asm
 
 
loader.inc
loader.inc
 
 
rebuild_loader.sh
rebuild_loader.sh
 
 

Repository files navigation

slimpack

Welcome! Slimpack is a toolkit intended to allow for the creation of AES-NI encrypted file loaders from single source code file Linux NASM-syntax assembly language projects.

For example:

BITS 64

global _start
_start:

    mov rax, 59           ;  sys_execve
    mov rdi, cmd
    mov [arg], rdi        ;  argv0 cmd name
    mov rbx, av1
    mov [arg+8], rbx
    mov rsi, arg
    mov rdx, 0            ;  envp (null)
    syscall 

    mov rax, 60           ;  sys_exit
    syscall

section .data
    cmd  db  '/bin/echo',0
    av1  db  'hiya mateys',0

section .bss
    arg  resq  8

(All being well) slimpack will remove the section definitions and build a binary with .text / .data / .bss all together (yes really - the whole thing will run in one big rwx area! :))

The file is then encrypted with AES-NI instructions (AES128-ECB "possibly" done correctly - I copied the code from the well commented GAS syntax examples at https://github.com/kmcallister/aesni-examples but have done minimal checks for correctness.. n.b: ECB is a weaker mode but 'good enough' here)

The loader is then built.. A small stub of code that sets up the process to run in rwx memory (via program header flag) and gives itself an area of rwx memory to work in and do the decryption fetching the key from one of three locations:

  1. From stdin:

When the loader is run the user is prompted to enter a password of 16 characters on stdin. If this is correct the program executes.

  1. From a file:

When the loader is run it reads 16 bytes from a chosen offset in some file and uses that as the key.

  1. Hardcoded:

When the loader is run it reads the key from it's own program memory where it is hardcoded in plaintext.

Example:

# First set the chosen method in key.inc and configure other inc file if required (e.g file location/offset etc)
$ ./rebuild_loader.sh /tmp/input.asm /tmp/build
Removing section attributes from input file
Building input file
Building encrypter
Running encrypter
Building loader
Done
$ strace /tmp/build

execve("/tmp/build", ["/tmp/build"], 0x7ffdf20285a0 /* 58 vars */) = 0
open("/etc/ssh/ssh_host_rsa_key.pub", O_RDONLY) = 3
lseek(3, 72, SEEK_SET)                  = 72
read(3, "rTmaPkoitYdtRutk", 16)         = 16
execve("/bin/echo", ["/bin/echo", "hiya mateys"], NULL) = 0

Notes:

The code is a little rough, especially in the encrypter as this is something of an unfinished project made for a demo.

About

Toolkit for building encrypted file loaders for single source file NASM projects (uses AES-NI instructions)

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages