diff --git a/Arguments/Arguments.go b/Arguments/Arguments.go index 3852ec8..f1e1888 100644 --- a/Arguments/Arguments.go +++ b/Arguments/Arguments.go @@ -19,7 +19,7 @@ func ArgumentLength(versionFlag bool) { // If arguments are more than 2 } else if len(os.Args) > 2 { // if versionFlag is enabled - if versionFlag != false { + if versionFlag { logger.Fatal("You cannot use the -version flag in conjunction with other arguments.") } } @@ -30,7 +30,7 @@ func ShowVersion(version string, versionFlag bool) { // if arguments are 2 if len(os.Args) == 2 { // if versionFlag is enabled - if versionFlag != false { + if versionFlag { fmt.Printf("[+] Current version: " + version + "\n\n") os.Exit(0) } else { @@ -49,9 +49,7 @@ func ArgumentEmpty(statement string, option int) { case 1: logger.Fatal("Please provide a path to a file containing raw 64-bit shellcode.") case 2: - logger.Fatal("Please provide a valid value for the programming language (e.g., C++, CSharp, Rust, Nim, Go).") - case 3: - logger.Fatal("Please provide a valid value for the encryption (e.g., ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20).") + logger.Fatal("Please provide a valid value for the programming language (e.g., C, CSharp, Rust, Nim, Go, Python).") default: logger.Fatal("Invalid option specified for ArgumentEmpty function.") } @@ -60,27 +58,40 @@ func ArgumentEmpty(statement string, option int) { // ValidateArgument function func ValidateArgument(argName string, argValue string, validValues []string) string { + if strings.ToLower(argValue) == "golang" { + argValue = "Go" + } + for _, valid := range validValues { - if strings.ToLower(argValue) == strings.ToLower(valid) { + if strings.EqualFold(strings.ToLower(argValue), strings.ToLower(valid)) { valid = strings.ToLower(valid) return valid } } + fmt.Printf("[!] Invalid value '%s' for argument '%s'. Valid values are: %v\n", argValue, argName, validValues) os.Exit(1) return "" } // ValidateKeySize function -func ValidateKeySize(key int, encryption string) { +func ValidateKeySize(key int, encryption string) int { logger := log.New(os.Stderr, "[!] ", 0) if key <= 0 { logger.Fatal("Please provide a valid key value for the size...\n") } - if encryption == "aes" { - if key > 1 { - logger.Fatal("The AES cipher does not require a separate 'key' argument. It employs a standard key length of 32-byte. Please remove it...\n") + if strings.ToLower(encryption) == "aes" || strings.ToLower(encryption) == "b64aes" { + switch key { + case 128, 16: + key = 16 + case 192, 24: + key = 24 + case 256, 32: + key = 32 + default: + logger.Fatal("Provide a valid AES key:\n\nFor AES-128-CBC:\n\n-k 128 or -k 16\n\nFor AES-192-CBC:\n\n-k 192 or -k 24\n\nFor AES-256-CBC:\n\n-k 256 or -k 32\n\n") } } + return key } diff --git a/Converters/Converters.go b/Converters/Converters.go index f2cc2ae..dec9462 100644 --- a/Converters/Converters.go +++ b/Converters/Converters.go @@ -18,14 +18,21 @@ func ConvertShellcode2Hex(shellcode string, language string) (string, int) { var builder strings.Builder - // Format and add "0x" in front of each pair of hex characters - for i := 0; i < len(hexValues); i += 2 { - builder.WriteString("0x") - builder.WriteString(hexValues[i]) - builder.WriteString(hexValues[i+1]) - - if i < len(hexValues)-2 { - builder.WriteString(", ") + if language == "python" { + for i := 0; i < len(hexValues); i += 2 { + builder.WriteString("\\x") + builder.WriteString(hexValues[i]) + builder.WriteString(hexValues[i+1]) + } + } else { + // Format and add "0x" in front of each pair of hex characters + for i := 0; i < len(hexValues); i += 2 { + builder.WriteString("0x") + builder.WriteString(hexValues[i]) + builder.WriteString(hexValues[i+1]) + if i < len(hexValues)-2 { + builder.WriteString(", ") + } } } @@ -53,8 +60,13 @@ func ConvertShellcode2Template(shellcode string, language string, length int, va template := fmt.Sprintf(`let %s: [u8; %d] = [%s];`, variable, length, shellcode) return template case "go": - template := fmt.Sprintf(`%s := []byte{%s}`, variable, shellcode) + template := fmt.Sprintf(`%s := []byte{%s};`, variable, shellcode) + return template + case "python": + template := fmt.Sprintf(`%s = b"%s"`, variable, shellcode) return template + case "raw": + return shellcode default: fmt.Println("[!] Unsupported programming language:", language) os.Exit(1) @@ -88,20 +100,31 @@ func FormatKeysToHex(byteArray []byte) string { } // FormatShellcode function -func FormatShellcode(encryptedShellcode []byte) string { +func FormatShellcode(encryptedShellcode []byte, language string) string { var formattedShellcode []string + var shellcodeFormatted string + for _, b := range encryptedShellcode { - formattedShellcode = append(formattedShellcode, fmt.Sprintf("0x%02x", b)) + if language == "python" { + formattedShellcode = append(formattedShellcode, fmt.Sprintf("\\x%02x", b)) + } else { + formattedShellcode = append(formattedShellcode, fmt.Sprintf("0x%02x", b)) + } } - shellcodeFormatted := strings.Join(formattedShellcode, ", ") + // Combine elements into a single string + if language == "python" { + shellcodeFormatted = strings.Join(formattedShellcode, "") + } else { + shellcodeFormatted = strings.Join(formattedShellcode, ", ") + } return shellcodeFormatted } // AddValues2Template function func AddValues2Template(operatingSystem string, template string) string { - if strings.ToLower(operatingSystem) == "linux" { + if strings.ToLower(operatingSystem) == "linux" || strings.ToLower(operatingSystem) == "windows" { template = "#include " + template } @@ -114,4 +137,4 @@ func CleanShellcodeString(s string) string { s = strings.ReplaceAll(s, "0x", "") s = strings.ReplaceAll(s, ",", "") return s -} \ No newline at end of file +} diff --git a/Decryptors/Decryptors.go b/Decryptors/Decryptors.go index f8845cd..3c43fb6 100644 --- a/Decryptors/Decryptors.go +++ b/Decryptors/Decryptors.go @@ -1,9 +1,7 @@ package Decryptors import ( - "Supernova/Converters" "Supernova/Output" - "Supernova/Utils" "fmt" "log" "os" @@ -142,34 +140,57 @@ fn main() { } ` -// go rot template +// golang rot template var __go_rot__ = ` -func CaesarEncryption(shellcode []byte, shift int) []byte { - encrypted := make([]byte, len(shellcode)) +package main + +import ( + "fmt" +) + +func caesarDecrypt(shellcode []byte, key byte) []byte { + decrypted := make([]byte, len(shellcode)) + for i, char := range shellcode { - // Apply Caesar cipher encryption - encrypted[i] = byte((int(char) - shift) %% 256) - //encryptedChar := char + byte(shift) - //encrypted[i] = encryptedChar + decrypted[i] = char - key } - return encrypted + + return decrypted } func main() { - %s := []byte{ %s } + %s := []byte{%s} + key := byte(%d) + decryptedShellcode := caesarDecrypt(%s, key) - decryptedShellcode := CaesarEncryption(%s, %d) + fmt.Printf("ROT Decrypted Payload:\n\n%s := %%#v\n", decryptedShellcode) +} +` - fmt.Print("ROT Decrypted Payload:\n") - for i, b := range decryptedShellcode { - fmt.Printf("0x%%02X", b) - if i < len(decryptedShellcode)-1 { - fmt.Print(", ") - } - } - fmt.Println() +// python rot template +var __python_rot__ = ` +def caesar_decrypt(shellcode, key): + decrypted = bytearray(len(shellcode)) + for i in range(len(shellcode)): + decrypted[i] = (shellcode[i] - key) & 0xFF + return decrypted -} +def format_shellcode(shellcode): + formatted = "\\x" + "\\x".join([format(byte, '02x') for byte in shellcode]) + return formatted + +def main(): + %s = bytearray(b"%s") + key = %d + decrypted_shellcode = caesar_decrypt(%s, key) + + formatted_shellcode = format_shellcode(decrypted_shellcode) + + print("ROT Decrypted Payload:\n\n") + print("%s = b\"" + formatted_shellcode + "\"") + +if __name__ == "__main__": + main() ` // csharp xor template @@ -217,7 +238,7 @@ namespace XORDecryption } } - Console.WriteLine("Multi-XOR Decrypted Payload:\n"); + Console.WriteLine("Multi-XOR Decrypted Payload:\n\n"); Console.WriteLine($"byte[] %s = new byte[{decryptedPayload.Length}] {{ {hex} }};\n\n"); } } @@ -298,7 +319,8 @@ fn main() { println!("];"); } ` -// go xor template + +// golang xor template var __go_xor__ = ` package main @@ -306,34 +328,61 @@ import ( "fmt" ) -func XOREncryption(shellcode []byte, key []byte) []byte { - encrypted := make([]byte, len(shellcode)) - keyLen := len(key) - - for i := 0; i < len(shellcode); i++ { - encrypted[i] = shellcode[i] ^ key[i%%keyLen] +func multiXORDecrypt(encryptedData, key []byte) []byte { + decrypted := make([]byte, len(encryptedData)) + for i := 0; i < len(encryptedData); i++ { + decrypted[i] = encryptedData[i] ^ key[i%%len(key)] } - - return encrypted + return decrypted } func main() { %s := []byte{%s} - key := []byte { %s } - decryptedShellcode := XOREncryption(%s, key) - fmt.Print("XOR Decrypted Payload:\n") - for i, b := range decryptedShellcode { - fmt.Printf("0x%%02X", b) - if i < len(decryptedShellcode)-1 { + multiXORKey := []byte{%s} + + decryptedPayload := multiXORDecrypt(%s, multiXORKey) + + // Print the decryptedPayload as a Go byte slice initialization + fmt.Println("Multi-XOR Decrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + fmt.Printf("0x%%02x", b) + if i < len(decryptedPayload)-1 { fmt.Print(", ") } } - fmt.Println() - + fmt.Println("};") } ` +// python xor template +var __python_xor__ = ` +def multi_xor_decrypt(encrypted_data, key): + decrypted = bytearray(len(encrypted_data)) + for i in range(len(encrypted_data)): + decrypted[i] = encrypted_data[i] ^ key[i %% len(key)] + return decrypted + +def format_shellcode(shellcode): + formatted = "\\x" + "\\x".join([format(byte, '02x') for byte in shellcode]) + return formatted + +def main(): + %s = bytearray(b"%s") + multi_xor_key = bytearray(b"%s") + + decrypted_payload = multi_xor_decrypt(%s, multi_xor_key) + + formatted_shellcode = format_shellcode(decrypted_payload) + + print("Multi-XOR Decrypted Payload:\n\n") + print(f"%s = b\"{formatted_shellcode}\"") + +if __name__ == "__main__": + main() +` + // csharp rc4 template var __csharp_rc4__ = ` using System; @@ -412,7 +461,7 @@ namespace RC4Dencryption } } - Console.WriteLine("RC4 Dencrypted Payload:\n"); + Console.WriteLine("RC4 Dencrypted Payload:\n\n"); Console.WriteLine($"byte[] %s = new byte[{dencryptedPayload.Length}] {{ {hex} }};\n\n"); } } @@ -556,63 +605,95 @@ fn main() { } ` +// golang rc4 template var __go_rc4__ = ` package main import ( - "fmt" + "crypto/rc4" + "fmt" ) -type Rc4Context struct { - i uint32 - j uint32 - s [256]uint8 -} - -func RC4Encryption(data []byte, key []byte) []byte { - var s [256]byte - for i := 0; i < 256; i++ { - s[i] = byte(i) - } - j := 0 - for i := 0; i < 256; i++ { - j = (j + int(s[i]) + int(key[i%%len(key)])) %% 256 - s[i], s[j] = s[j], s[i] - } - - encrypted := make([]byte, len(data)) - i, j := 0, 0 - for k := 0; k < len(data); k++ { - i = (i + 1) %% 256 - j = (j + int(s[i])) %% 256 - s[i], s[j] = s[j], s[i] - encrypted[k] = data[k] ^ s[(int(s[i])+int(s[j]))%%256] - } - - return encrypted +func rc4Decrypt(ciphertext, key []byte) ([]byte, error) { + cipher, err := rc4.NewCipher(key) + if err != nil { + return nil, err + } + plaintext := make([]byte, len(ciphertext)) + cipher.XORKeyStream(plaintext, ciphertext) + return plaintext, nil } func main() { - %s := []byte{%s} + %s := []byte{%s} + passphrase := "%s" - key := []byte("%s") - decryptedShellcode := RC4Encryption(%s, key) + key := []byte(passphrase) - fmt.Print("RC4 Decrypted Payload:\n") - for i, b := range decryptedShellcode { - fmt.Printf("0x%%02X", b) - if i < len(decryptedShellcode)-1 { - fmt.Print(", ") - } - } - fmt.Println() + decryptedPayload, err := rc4Decrypt(%s, key) + if err != nil { + fmt.Println("Error:", err) + return + } + // Print the decryptedPayload as a Go byte slice initialization + fmt.Println("RC4 Dencrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + fmt.Printf("0x%%02x", b) + if i < len(decryptedPayload)-1 { + fmt.Print(", ") + } + } + fmt.Println("}") } ` +// python rc4 template +var __python_rc4__ = ` +import sys + +def rc4(key, data): + S = list(range(256)) + j = 0 + out = [] + + # Key-scheduling algorithm + for i in range(256): + j = (j + S[i] + key[i %% len(key)]) %% 256 + S[i], S[j] = S[j], S[i] + + # Pseudo-random generation algorithm + i = j = 0 + for byte in data: + i = (i + 1) %% 256 + j = (j + S[i]) %% 256 + S[i], S[j] = S[j], S[i] + out.append(byte ^ S[(S[i] + S[j]) %% 256]) + + return bytes(out) + +def main(): + passphrase = b'%s' + %s = b"%s" + + try: + decrypted_shellcode = rc4(passphrase, %s) + shellcode_hex = ''.join([f'\\x{byte:02x}' for byte in decrypted_shellcode]) + print("RC4 Decrypted Shellcode:\n\n") + print(f'%s = b"{shellcode_hex}"') + except Exception as e: + print(f"Error: {str(e)}") + sys.exit(1) + +if __name__ == "__main__": + main() +` + // csharp aes template var __csharp_aes__ = ` using System; +using System,IO; using System.Security.Cryptography; using System.Text; @@ -649,7 +730,7 @@ namespace AESDecryption static void Main(string[] args) { byte[] %s = new byte[%d] {%s}; - byte[] aesKey = new byte[32] {%s}; + byte[] aesKey = new byte[%d] {%s}; byte[] aesIV = new byte[16] {%s}; byte[] decryptedPayload = AESDecrypt(%s, aesKey, aesIV); @@ -693,7 +774,7 @@ int AESDecrypt(const uint8_t* encryptedData, size_t encryptedDataLength, const u int decryptedLength = 0; ctx = EVP_CIPHER_CTX_new(); - EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key, iv); + EVP_DecryptInit_ex(ctx, EVP_aes_%d_cbc(), NULL, key, iv); EVP_DecryptUpdate(ctx, decryptedData, &len, encryptedData, encryptedDataLength); decryptedLength += len; EVP_DecryptFinal_ex(ctx, decryptedData + len, &len); @@ -745,7 +826,7 @@ use openssl::error::ErrorStack; use std::io::Write; fn aes_decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result, ErrorStack> { - let cipher = Cipher::aes_256_cbc(); + let cipher = Cipher::aes_%d_cbc(); let mut decrypter = Crypter::new(cipher, Mode::Decrypt, key, Some(iv))?; let mut decrypted_data = vec![0; encrypted_data.len() + cipher.block_size()]; @@ -761,7 +842,7 @@ fn aes_decrypt(encrypted_data: &[u8], key: &[u8], iv: &[u8]) -> Result, fn main() -> Result<(), Box> { let %s: [u8; %d] = [%s]; - let aes_key: [u8; 32] = [%s]; + let aes_key: [u8; %d] = [%s]; let aes_iv: [u8; 16] = [%s]; @@ -787,67 +868,335 @@ fn main() -> Result<(), Box> { } ` +// go aes template var __go_aes__ = ` package main import ( - "crypto/aes" - "crypto/cipher" + "crypto/aes" + "crypto/cipher" + "fmt" +) + +func AESDecrypt(encryptedData []byte, key []byte, iv []byte) []byte { + block, err := aes.NewCipher(key) + if err != nil { + fmt.Println("Error creating AES cipher:", err) + return nil + } + + decrypter := cipher.NewCBCDecrypter(block, iv) + + decrypted := make([]byte, len(encryptedData)) + decrypter.CryptBlocks(decrypted, encryptedData) + + // Remove PKCS7 padding (assuming it was used) + padding := decrypted[len(decrypted)-1] + decrypted = decrypted[:len(decrypted)-int(padding)] + + return decrypted +} + +func main() { + %s := []byte{%s} + + aesKey := []byte{%s} + aesIV := []byte{%s} + + decryptedPayload := AESDecrypt(%s, aesKey, aesIV) + + fmt.Println("AES Decrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + if i == len(decryptedPayload)-1 { + fmt.Printf("0x%%02x", b) + } else { + fmt.Printf("0x%%02x, ", b) + } + } + fmt.Println("}") +} +` + +// python aes template +var __python_aes__ = ` +from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes +from cryptography.hazmat.primitives import padding + +def decrypt_aes_cbc(key, iv, ciphertext): + cipher = Cipher(algorithms.AES(key), modes.CBC(iv)) + decryptor = cipher.decryptor() + padded_data = decryptor.update(ciphertext) + decryptor.finalize() + unpadder = padding.PKCS7(128).unpadder() + plaintext = unpadder.update(padded_data) + unpadder.finalize() + return plaintext + +def format_shellcode(shellcode): + formatted = "\\x" + "\\x".join([format(byte, '02x') for byte in shellcode]) + return formatted + +def main(): + key = b"%s" + iv = b"%s" + + %s = b"%s" + plaintext = decrypt_aes_cbc(key, iv, %s) + + formatted_shellcode = format_shellcode(plaintext) + + print("AES Decrypted Shellcode:\n\n") + print(f"%s = b\"{formatted_shellcode}\"") + +if __name__ == "__main__": + main() +` + +// golang b64xor template +var __go_b64xor__ = ` +package main + +import ( + "encoding/base64" "fmt" ) -// PKCS7Unpadding function -func PKCS7Unpadding(data []byte) ([]byte, error) { - length := len(data) - unpadding := int(data[length-1]) - if unpadding > length { - return nil, fmt.Errorf("Invalid padding") +func multiXORDecrypt(encryptedData, key []byte) []byte { + decrypted := make([]byte, len(encryptedData)) + for i := 0; i < len(encryptedData); i++ { + decrypted[i] = encryptedData[i] ^ key[i%%len(key)] } - return data[:length-unpadding], nil + return decrypted } -// AESDecryption function -func AESDecryption(key []byte, iv []byte, ciphertext []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err +func main() { + %s := []byte{%s} + + multiXORKey := []byte{%s} + + decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) + decryptedPayload := multiXORDecrypt(decryptedShellcodeBase64, multiXORKey) + + // Print the decryptedPayload as a Go byte slice initialization + fmt.Println("B64Multi-XOR Decrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + fmt.Printf("0x%%02x", b) + if i < len(decryptedPayload)-1 { + fmt.Print(", ") + } + } + fmt.Println("}") +} +` + +// golang b64rc4 template +var __go_b64rc4__ = ` +package main + +import ( + "crypto/rc4" + "encoding/base64" + "fmt" +) + +func rc4Decrypt(ciphertext, key []byte) ([]byte, error) { + cipher, err := rc4.NewCipher(key) + if err != nil { + return nil, err + } + plaintext := make([]byte, len(ciphertext)) + cipher.XORKeyStream(plaintext, ciphertext) + return plaintext, nil +} + +func main() { + %s := []byte{%s} + passphrase := "%s" + + key := []byte(passphrase) + + decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) + decryptedPayload, err := rc4Decrypt(decryptedShellcodeBase64, key) + if err != nil { + fmt.Println("Error:", err) + return + } + + // Print the decryptedPayload as a Go byte slice initialization + fmt.Println("B64RC4 Dencrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + fmt.Printf("0x%%02x", b) + if i < len(decryptedPayload)-1 { + fmt.Print(", ") + } + } + fmt.Println("}") +} +` + +// go b64aes template +var __go_b64aes__ = ` +package main + +import ( + "crypto/aes" + "crypto/cipher" + "encoding/base64" + "fmt" +) + +func AESDecrypt(encryptedData []byte, key []byte, iv []byte) []byte { + block, err := aes.NewCipher(key) + if err != nil { + fmt.Println("Error creating AES cipher:", err) + return nil + } + + decrypter := cipher.NewCBCDecrypter(block, iv) + + decrypted := make([]byte, len(encryptedData)) + decrypter.CryptBlocks(decrypted, encryptedData) + + // Remove PKCS7 padding (assuming it was used) + padding := decrypted[len(decrypted)-1] + decrypted = decrypted[:len(decrypted)-int(padding)] + + return decrypted +} + +func main() { + %s := []byte{%s} + + aesKey := []byte{%s} + aesIV := []byte{%s} + + decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) + decryptedPayload := AESDecrypt(decryptedShellcodeBase64, aesKey, aesIV) + + fmt.Println("AES Decrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + if i == len(decryptedPayload)-1 { + fmt.Printf("0x%%02x", b) + } else { + fmt.Printf("0x%%02x, ", b) + } } + fmt.Println("}") +} +` + +// go chacha20 +var __go_chacha20__ = ` +package main + +import ( + "golang.org/x/crypto/chacha20poly1305" + "fmt" +) - // Create a new CBC mode decrypter - mode := cipher.NewCBCDecrypter(block, iv) +func Chacha20Decrypt(data []byte, key []byte) ([]byte) { + aead, err := chacha20poly1305.NewX(key) - // Decrypt the ciphertext - decrypted := make([]byte, len(ciphertext)) - mode.CryptBlocks(decrypted, ciphertext) - // Remove PKCS7 padding - unpaddedData, err := PKCS7Unpadding(decrypted) + nonceSize := aead.NonceSize() + + if len(data) < nonceSize { + return nil + } + + // Split nonce and ciphertext. + nonce, ciphertext := data[:nonceSize], data[nonceSize:] + + // Decrypt the message and check it wasn't tampered with. + plaintext, err := aead.Open(nil, nonce, ciphertext, nil) if err != nil { - return nil, err + if err.Error() == "chacha20poly1305: message authentication failed" { + return nil + } + + return nil } - return unpaddedData, nil + return plaintext } + func main() { - %s := []byte{%s} - key := []byte{%s} - iv := []byte{%s} + %s := []byte{ %s } + key := []byte { %s } + + decryptedPayload := Chacha20Decrypt(%s, key) - // Decryption - decrypted, err := AESDecryption(key, iv, %s) + fmt.Print("CHACHA20 Decrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + if i == len(decryptedPayload)-1 { + fmt.Printf("0x%%02x", b) + } else { + fmt.Printf("0x%%02x, ", b) + } + } + fmt.Println("}") +} +` + +// go b64chacha20 +var __go_b64chacha20__ = ` +package main + +import ( + "golang.org/x/crypto/chacha20poly1305" + "encoding/base64" + + "fmt" +) + +func Chacha20Decrypt(data []byte, key []byte) ([]byte) { + aead, err := chacha20poly1305.NewX(key) + + + nonceSize := aead.NonceSize() + + if len(data) < nonceSize { + return nil + } + + // Split nonce and ciphertext. + nonce, ciphertext := data[:nonceSize], data[nonceSize:] + + // Decrypt the message and check it wasn't tampered with. + plaintext, err := aead.Open(nil, nonce, ciphertext, nil) if err != nil { - panic(err) + if err.Error() == "chacha20poly1305: message authentication failed" { + return nil + } + + return nil } - fmt.Print("AES Decrypted Payload:\n") - for i, b := range decrypted { - fmt.Printf("0x%%02X", b) - if i < len(decrypted)-1 { - fmt.Print(", ") + return plaintext +} + + +func main() { + %s := []byte{ %s } + key := []byte { %s } + + decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) + decryptedPayload := Chacha20Decrypt(decryptedShellcodeBase64, key) + + fmt.Print("B64CHACHA20 Decrypted Payload:\n\n") + fmt.Print("%s := []byte{") + for i, b := range decryptedPayload { + if i == len(decryptedPayload)-1 { + fmt.Printf("0x%%02x", b) + } else { + fmt.Printf("0x%%02x, ", b) } } - fmt.Println() + fmt.Println("}") } ` @@ -882,8 +1231,6 @@ func SetDecryptionFile(extension string) string { // DecryptorsTemplates function func DecryptorsTemplates(language string, cipher string, variable string, key int, payloadSize int, encryptedShellcode string, byteKey []byte, passphrase string, iv []byte) { - // Call function named HostIdentifier - operatingSystem := Utils.HostIdentifier() // Set logger for errors logger := log.New(os.Stderr, "[!] ", 0) @@ -907,7 +1254,7 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in SaveTamplate2File(foundFilename, __csharp_rot__, cipher) case "xor": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Config dynamic variable __csharp_xor__ = fmt.Sprintf(__csharp_xor__, variable, payloadSize, encryptedShellcode, formattedKey, variable, variable) @@ -922,16 +1269,18 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in SaveTamplate2File(foundFilename, __csharp_rc4__, cipher) case "aes": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Call function named KeyDetailsFormatter - formattedIv := Output.KeyDetailsFormatter(iv) + formattedIv := Output.KeyDetailsFormatter(iv, language) // Config dynamic variable - __csharp_aes__ = fmt.Sprintf(__csharp_aes__, variable, payloadSize, encryptedShellcode, formattedKey, formattedIv, variable, variable) + __csharp_aes__ = fmt.Sprintf(__csharp_aes__, variable, payloadSize, encryptedShellcode, key, formattedKey, formattedIv, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __csharp_aes__, cipher) + default: + fmt.Printf("[!] Guide mode does not support the %s in CSharp language, yet!\n\n", cipher) } case "c": extension := "c" @@ -941,9 +1290,6 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in switch strings.ToLower(cipher) { case "rot": - // Call function named AddValues2Template - __c_rot__ = Converters.AddValues2Template(operatingSystem, __c_rot__) - // Config dynamic variable __c_rot__ = fmt.Sprintf(__c_rot__, variable, encryptedShellcode, key, variable, variable) @@ -951,10 +1297,7 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in SaveTamplate2File(foundFilename, __c_rot__, cipher) case "xor": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) - - // Call function named AddValues2Template - __c_xor__ = Converters.AddValues2Template(operatingSystem, __c_xor__) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Config dynamic variable __c_xor__ = fmt.Sprintf(__c_xor__, variable, encryptedShellcode, variable, formattedKey, variable, variable) @@ -962,9 +1305,6 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __c_xor__, cipher) case "rc4": - // Call function named AddValues2Template - __c_rc4__ = Converters.AddValues2Template(operatingSystem, __c_rc4__) - // Config dynamic variable __c_rc4__ = fmt.Sprintf(__c_rc4__, passphrase, variable, encryptedShellcode, variable, variable, variable) @@ -972,19 +1312,21 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in SaveTamplate2File(foundFilename, __c_rc4__, cipher) case "aes": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Call function named KeyDetailsFormatter - formattedIv := Output.KeyDetailsFormatter(iv) + formattedIv := Output.KeyDetailsFormatter(iv, language) - // Call function named AddValues2Template - __c_aes__ = Converters.AddValues2Template(operatingSystem, __c_aes__) + // Call function named DetectNotification + keyNotification := Output.DetectNotification(key) // Config dynamic variable - __c_aes__ = fmt.Sprintf(__c_aes__, variable, encryptedShellcode, variable, formattedKey, formattedIv, variable, variable) + __c_aes__ = fmt.Sprintf(__c_aes__, keyNotification, variable, encryptedShellcode, variable, formattedKey, formattedIv, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __c_aes__, cipher) + default: + fmt.Printf("[!] Guide mode does not support the %s in C language, yet!\n\n", cipher) } case "rust": extension := "rs" @@ -1001,7 +1343,7 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in SaveTamplate2File(foundFilename, __rust_rot__, cipher) case "xor": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Config dynamic variable __rust_xor__ = fmt.Sprintf(__rust_xor__, variable, payloadSize, encryptedShellcode, key, formattedKey, variable, variable, payloadSize) @@ -1016,21 +1358,25 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in SaveTamplate2File(foundFilename, __rust_rc4__, cipher) case "aes": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Call function named KeyDetailsFormatter - formattedIv := Output.KeyDetailsFormatter(iv) + formattedIv := Output.KeyDetailsFormatter(iv, language) - // Call function named AddValues2Template - __rust_aes__ = Converters.AddValues2Template(operatingSystem, __rust_aes__) + // Call function named DetectNotification + keyNotification := Output.DetectNotification(key) // Config dynamic variable - __rust_aes__ = fmt.Sprintf(__rust_aes__, variable, payloadSize, encryptedShellcode, formattedKey, formattedIv, variable, variable) + __rust_aes__ = fmt.Sprintf(__rust_aes__, keyNotification, variable, payloadSize, encryptedShellcode, key, formattedKey, formattedIv, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __rust_aes__, cipher) + default: + fmt.Printf("[!] Guide mode does not support the %s in Rust language, yet!\n\n", cipher) } - case "go": + case "nim": + fmt.Printf("[!] Guide mode does not support Nim language, yet!\n\n") + case "go": extension := "go" // Call function named SetDecryptionFile @@ -1039,72 +1385,128 @@ func DecryptorsTemplates(language string, cipher string, variable string, key in switch strings.ToLower(cipher) { case "rot": // Config dynamic variable - __go_rot__ = fmt.Sprintf(__go_rot__, variable, encryptedShellcode, key, variable) + __go_rot__ = fmt.Sprintf(__go_rot__, variable, encryptedShellcode, key, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __go_rot__, cipher) case "xor": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Config dynamic variable - __go_xor__ = fmt.Sprintf(__go_xor__, variable, encryptedShellcode, formattedKey, variable) + __go_xor__ = fmt.Sprintf(__go_xor__, variable, encryptedShellcode, formattedKey, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __go_xor__, cipher) - case "b64xor": + case "b64xor": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Config dynamic variable - __go_b64xor__ = fmt.Sprintf(__go_b64xor__, variable, encryptedShellcode, formattedKey, variable) + __go_b64xor__ = fmt.Sprintf(__go_b64xor__, variable, encryptedShellcode, formattedKey, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __go_b64xor__, cipher) - case "chacha20": - // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + case "rc4": + // Config dynamic variable + __go_rc4__ = fmt.Sprintf(__go_rc4__, variable, encryptedShellcode, passphrase, variable, variable) + + // Call function named SaveTamplate2File + SaveTamplate2File(foundFilename, __go_rc4__, cipher) + case "b64rc4": + // Config dynamic variable + __go_b64rc4__ = fmt.Sprintf(__go_b64rc4__, variable, encryptedShellcode, passphrase, variable, variable) + + // Call function named SaveTamplate2File + SaveTamplate2File(foundFilename, __go_b64rc4__, cipher) + case "aes": + // Call function named KeyDetailsFormatter + formattedKey := Output.KeyDetailsFormatter(byteKey, language) + + // Call function named KeyDetailsFormatter + formattedIv := Output.KeyDetailsFormatter(iv, language) + + // Config dynamic variable + __go_aes__ = fmt.Sprintf(__go_aes__, variable, encryptedShellcode, formattedKey, formattedIv, variable, variable) + + // Call function named SaveTamplate2File + SaveTamplate2File(foundFilename, __go_aes__, cipher) + case "b64aes": + // Call function named KeyDetailsFormatter + formattedKey := Output.KeyDetailsFormatter(byteKey, language) + + // Call function named KeyDetailsFormatter + formattedIv := Output.KeyDetailsFormatter(iv, language) // Config dynamic variable - __go_chacha20__ = fmt.Sprintf(__go_chacha20__, variable, encryptedShellcode, formattedKey, variable) + __go_b64aes__ = fmt.Sprintf(__go_b64aes__, variable, encryptedShellcode, formattedKey, formattedIv, variable, variable) + + // Call function named SaveTamplate2File + SaveTamplate2File(foundFilename, __go_b64aes__, cipher) + case "chacha20": + // Call function named KeyDetailsFormatter + formattedKey := Output.KeyDetailsFormatter(byteKey, language) + + // Config dynamic variable + __go_chacha20__ = fmt.Sprintf(__go_chacha20__, variable, encryptedShellcode, formattedKey, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __go_chacha20__, cipher) - case "b64chacha20": - // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + case "b64chacha20": + // Call function named KeyDetailsFormatter + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Config dynamic variable - __go_b64chacha20__ = fmt.Sprintf(__go_b64chacha20__, variable, encryptedShellcode, formattedKey, variable) + __go_b64chacha20__ = fmt.Sprintf(__go_b64chacha20__, variable, encryptedShellcode, formattedKey, variable, variable) // Call function named SaveTamplate2File SaveTamplate2File(foundFilename, __go_b64chacha20__, cipher) + default: + fmt.Printf("[!] Guide mode does not support the %s in Go language, yet!\n\n", cipher) + } + case "python": + extension := "py" + + // Call function named SetDecryptionFile + foundFilename := SetDecryptionFile(extension) + + switch strings.ToLower(cipher) { + case "rot": + // Config dynamic variable + __python_rot__ = fmt.Sprintf(__python_rot__, variable, encryptedShellcode, key, variable, variable) + + // Call function named SaveTamplate2File + SaveTamplate2File(foundFilename, __python_rot__, cipher) + case "xor": + // Call function named KeyDetailsFormatter + formattedKey := Output.KeyDetailsFormatter(byteKey, language) + + // Config dynamic variable + __python_xor__ = fmt.Sprintf(__python_xor__, variable, encryptedShellcode, formattedKey, variable, variable) + + // Call function named SaveTamplate2File + SaveTamplate2File(foundFilename, __python_xor__, cipher) case "rc4": // Config dynamic variable - __go_rc4__ = fmt.Sprintf(__go_rc4__, variable, encryptedShellcode, passphrase, variable) + __python_rc4__ = fmt.Sprintf(__python_rc4__, passphrase, variable, encryptedShellcode, variable, variable) // Call function named SaveTamplate2File - SaveTamplate2File(foundFilename, __go_rc4__, cipher) + SaveTamplate2File(foundFilename, __python_rc4__, cipher) case "aes": // Call function named KeyDetailsFormatter - formattedKey := Output.KeyDetailsFormatter(byteKey) + formattedKey := Output.KeyDetailsFormatter(byteKey, language) // Call function named KeyDetailsFormatter - formattedIv := Output.KeyDetailsFormatter(iv) - - // Call function named AddValues2Template - __go_aes__ = Converters.AddValues2Template(operatingSystem, __go_aes__) + formattedIv := Output.KeyDetailsFormatter(iv, language) // Config dynamic variable - __go_aes__ = fmt.Sprintf(__go_aes__, variable, encryptedShellcode, formattedKey, formattedIv, variable) + __python_aes__ = fmt.Sprintf(__python_aes__, formattedKey, formattedIv, variable, encryptedShellcode, variable, variable) // Call function named SaveTamplate2File - SaveTamplate2File(foundFilename, __go_aes__, cipher) + SaveTamplate2File(foundFilename, __python_aes__, cipher) + default: + fmt.Printf("[!] Guide mode does not support the %s in Python language, yet!\n\n", cipher) } - case "nim": - fmt.Printf("[!] Guide mode does not support Nim language, yet!\n\n") - - default: logger.Fatal("Unsupported programming language") } diff --git a/Decryptors/GoDecryptors.go b/Decryptors/GoDecryptors.go deleted file mode 100644 index 05b7636..0000000 --- a/Decryptors/GoDecryptors.go +++ /dev/null @@ -1,276 +0,0 @@ -package Decryptors - -// go b64xor -var __go_b64xor__ = ` -package main - -import ( - "fmt" - "encoding/base64" -) - -func XOREncryption(shellcode []byte, key []byte) []byte { - encrypted := make([]byte, len(shellcode)) - keyLen := len(key) - - for i := 0; i < len(shellcode); i++ { - encrypted[i] = shellcode[i] ^ key[i%%keyLen] - } - - return encrypted -} - -func main() { - %s := []byte{%s} - key := []byte { %s } - - decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) - decryptedShellcode := XOREncryption(decryptedShellcodeBase64, key) - - fmt.Print("B64XOR Decrypted Payload:\n") - for i, b := range decryptedShellcode { - fmt.Printf("0x%%02X", b) - if i < len(decryptedShellcode)-1 { - fmt.Print(", ") - } - } - fmt.Println() - -} -` - -// go b64aes -var __go_b64aes__ = ` -package main - -import ( - "crypto/aes" - "crypto/cipher" - "encoding/base64" - "fmt" -) - -// PKCS7Unpadding function -func PKCS7Unpadding(data []byte) ([]byte, error) { - length := len(data) - unpadding := int(data[length-1]) - if unpadding > length { - return nil, fmt.Errorf("Invalid padding") - } - return data[:length-unpadding], nil -} - -// AESDecryption function -func AESDecryption(key []byte, iv []byte, ciphertext []byte) ([]byte, error) { - block, err := aes.NewCipher(key) - if err != nil { - return nil, err - } - - // Create a new CBC mode decrypter - mode := cipher.NewCBCDecrypter(block, iv) - - // Decrypt the ciphertext - decrypted := make([]byte, len(ciphertext)) - mode.CryptBlocks(decrypted, ciphertext) - - // Remove PKCS7 padding - unpaddedData, err := PKCS7Unpadding(decrypted) - if err != nil { - return nil, err - } - - return unpaddedData, nil -} - -func main() { - %s := []byte{%s} - key := []byte{%s} - iv := []byte{%s} - - // Decryption - decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) - decrypted, err := AESDecryption(key, iv, decryptedShellcodeBase64) - if err != nil { - panic(err) - } - - fmt.Print("B64aes Decrypted Payload:\n") - for i, b := range decrypted { - fmt.Printf("0x%%02X", b) - if i < len(decrypted)-1 { - fmt.Print(", ") - } - } - fmt.Println() -} -` - -// go b64rc4 -var __go_b64rc4__ = ` -package main - -import ( - "encoding/base64" - - "fmt" -) - -type Rc4Context struct { - i uint32 - j uint32 - s [256]uint8 -} - -func RC4Encryption(data []byte, key []byte) []byte { - var s [256]byte - for i := 0; i < 256; i++ { - s[i] = byte(i) - } - j := 0 - for i := 0; i < 256; i++ { - j = (j + int(s[i]) + int(key[i%%len(key)])) %% 256 - s[i], s[j] = s[j], s[i] - } - - encrypted := make([]byte, len(data)) - i, j := 0, 0 - for k := 0; k < len(data); k++ { - i = (i + 1) %% 256 - j = (j + int(s[i])) %% 256 - s[i], s[j] = s[j], s[i] - encrypted[k] = data[k] ^ s[(int(s[i])+int(s[j]))%%256] - } - - return encrypted -} - -func main() { - %s := []byte{%s} - - key := []byte("%s") - decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) - decryptedShellcode := RC4Encryption(decryptedShellcodeBase64, key) - - fmt.Print("B64rc4 Decrypted Payload:\n") - for i, b := range decryptedShellcode { - fmt.Printf("0x%%02X", b) - if i < len(decryptedShellcode)-1 { - fmt.Print(", ") - } - } - fmt.Println() - -} -` - -// go chacha20 -var __go_chacha20__ = ` -package main - -import ( - "golang.org/x/crypto/chacha20poly1305" - "fmt" -) - -func Chacha20Decrypt(data []byte, key []byte) ([]byte) { - aead, err := chacha20poly1305.NewX(key) - - - nonceSize := aead.NonceSize() - - if len(data) < nonceSize { - return nil - } - - // Split nonce and ciphertext. - nonce, ciphertext := data[:nonceSize], data[nonceSize:] - - // Decrypt the message and check it wasn't tampered with. - plaintext, err := aead.Open(nil, nonce, ciphertext, nil) - if err != nil { - if err.Error() == "chacha20poly1305: message authentication failed" { - return nil - } - - return nil - } - - return plaintext -} - - -func main() { - %s := []byte{ %s } - key := []byte { %s } - - decryptedShellcode := Chacha20Decrypt(%s, key) - - fmt.Print("Chacha20 Decrypted Payload:\n") - for i, b := range decryptedShellcode { - fmt.Printf("0x%%02X", b) - if i < len(decryptedShellcode)-1 { - fmt.Print(", ") - } - } - fmt.Println() - -} -` - -// go b64chacha20 -var __go_b64chacha20__ = ` -package main - -import ( - "golang.org/x/crypto/chacha20poly1305" - "encoding/base64" - - "fmt" -) - -func Chacha20Decrypt(data []byte, key []byte) ([]byte) { - aead, err := chacha20poly1305.NewX(key) - - - nonceSize := aead.NonceSize() - - if len(data) < nonceSize { - return nil - } - - // Split nonce and ciphertext. - nonce, ciphertext := data[:nonceSize], data[nonceSize:] - - // Decrypt the message and check it wasn't tampered with. - plaintext, err := aead.Open(nil, nonce, ciphertext, nil) - if err != nil { - if err.Error() == "chacha20poly1305: message authentication failed" { - return nil - } - - return nil - } - - return plaintext -} - - -func main() { - %s := []byte{ %s } - key := []byte { %s } - - decryptedShellcodeBase64, _ := base64.StdEncoding.DecodeString(string(%s)) - decryptedShellcode := Chacha20Decrypt(decryptedShellcodeBase64, key) - - fmt.Print("B64chacha20 Decrypted Payload:\n") - for i, b := range decryptedShellcode { - fmt.Printf("0x%%02X", b) - if i < len(decryptedShellcode)-1 { - fmt.Print(", ") - } - } - fmt.Println() - -} -` \ No newline at end of file diff --git a/Encryptors/Encryptors.go b/Encryptors/Encryptors.go index 6d3e7aa..222474b 100644 --- a/Encryptors/Encryptors.go +++ b/Encryptors/Encryptors.go @@ -3,7 +3,6 @@ package Encryptors import ( "Supernova/Converters" "Supernova/Output" - "Supernova/Maldev/Crypto" "bytes" "crypto/aes" "crypto/cipher" @@ -14,22 +13,21 @@ import ( "math/big" "os" "strings" + + "golang.org/x/crypto/chacha20poly1305" ) // Rc4Context represents the state of the RC4 encryption algorithm. -type Rc4Context struct { - i uint32 - j uint32 - s [256]uint8 -} +//type Rc4Context struct { +// i uint32 +// j uint32 +// s [256]uint8 +//} const ( // chars defines the set of characters used to generate a random key and IV. chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+{}[]" - // keySize specifies the size (in bytes) of the encryption key. - keySize = 32 - // ivSize specifies the size (in bytes) of the initialization vector (IV). ivSize = 16 ) @@ -59,17 +57,6 @@ func AESEncryption(key []byte, iv []byte, plaintext []byte) ([]byte, error) { return ciphertext, nil } -// Chacha20Encryption function -func Chacha20Encryption(plaintext []byte, key []byte) ([]byte, error) { - - ciphertext, err := crypto.Chacha20Encrypt(plaintext, key) // Encrypt - if err != nil { - return nil, err - } - - return ciphertext, nil -} - // GenerateRandomBytes function func GenerateRandomBytes(length int) []byte { randomBytes := make([]byte, length) @@ -140,6 +127,32 @@ func RC4Encryption(data []byte, key []byte) []byte { return encrypted } +// Encrypt data using given key (32 bytes) +// https://github.com/alinz/crypto.go/blob/main/chacha20.go +func Chacha20Encryption(data []byte, key []byte) ([]byte, error) { + if len(key) != 32 { + logger := log.New(os.Stderr, "[!] ", 0) + logger.Fatal("Bad key length, expected 32 bytes\n") + } + + aead, err := chacha20poly1305.NewX(key) + if err != nil { + return nil, err + } + + nonceSize := aead.NonceSize() + // Select a random nonce, and leave capacity for the ciphertext. + nonce := make([]byte, nonceSize, nonceSize+len(data)+aead.Overhead()) + + _, err = rand.Read(nonce) + if err != nil { + return nil, err + } + + // Encrypt the message and append the ciphertext to the nonce. + return aead.Seal(nonce, nonce, data, nil), nil +} + // CaesarEncryption function implements the Caesar encryption algorithm func CaesarEncryption(shellcode []byte, shift int) []byte { encrypted := make([]byte, len(shellcode)) @@ -153,7 +166,7 @@ func CaesarEncryption(shellcode []byte, shift int) []byte { } // DetectEncryption function -func DetectEncryption(cipher string, shellcode string, key int) (string, int, []byte, string, []byte) { +func DetectEncryption(cipher string, shellcode string, key int, language string) (string, int, []byte, string, []byte) { // Set logger for errors logger := log.New(os.Stderr, "[!] ", 0) @@ -167,55 +180,11 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] shift := key switch cipher { - case "chacha20": - // Call function named GenerateRandomBytes - chacha20Key := GenerateRandomBytes(32) - - // Print generated Chacha2 key - fmt.Printf("[+] Generated Chacha20 key: ") - - // Call function named PrintKeyDetails - Output.PrintKeyDetails(chacha20Key) - - // Call function named Chacha20Encryption - encryptedShellcode, err := Chacha20Encryption(shellcodeInBytes, chacha20Key) - if err != nil { - panic(err) - } - - // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode) - - return shellcodeFormatted, len(encryptedShellcode), chacha20Key, "", nil - case "b64chacha20": - // Call function named GenerateRandomBytes - chacha20Key := GenerateRandomBytes(32) - - // Print generated Chacha2 key - fmt.Printf("[+] Generated Chacha20 key: ") - - // Call function named PrintKeyDetails - Output.PrintKeyDetails(chacha20Key) - - // Call function named Chacha20Encryption - encryptedShellcode, err := Chacha20Encryption(shellcodeInBytes, chacha20Key) - if err != nil { - panic(err) - } - - // Convert encryptedShellcode to Base64 - encryptedShellcodeBase64 := base64.StdEncoding.EncodeToString(encryptedShellcode) - - // Convert Base64 string to []byte - encryptedShellcodeBytes := []byte(encryptedShellcodeBase64) - - // Print length changed notification - fmt.Printf("[+] New Payload size: %d bytes\n\n", len(encryptedShellcodeBytes)) - + case "raw": // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes) + shellcodeFormatted := Converters.FormatShellcode(shellcodeInBytes, language) - return shellcodeFormatted, len(encryptedShellcode), chacha20Key, "", nil + return shellcodeFormatted, len(shellcodeInBytes), nil, "", nil case "xor": // Call function named GenerateRandomBytes xorKey := GenerateRandomBytes(shift) @@ -230,7 +199,7 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] encryptedShellcode := XOREncryption(shellcodeInBytes, xorKey) // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode) + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode, language) return shellcodeFormatted, len(encryptedShellcode), xorKey, "", nil case "b64xor": @@ -256,27 +225,30 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] fmt.Printf("[+] New Payload size: %d bytes\n\n", len(encryptedShellcodeBytes)) // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes) + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes, language) return shellcodeFormatted, len(encryptedShellcode), xorKey, "", nil case "rot": // Print selected shift key fmt.Printf("[+] Selected Shift key: %d\n\n", shift) - // Call function named CaesarEncryption + // Call function named XOREncryption encryptedShellcode := CaesarEncryption(shellcodeInBytes, shift) // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode) + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode, language) return shellcodeFormatted, len(encryptedShellcode), nil, "", nil case "aes": - // Generate a random 32-byte key and a random 16-byte IV + // Set key from argument key + keySize := key + + // Generate a random key-byte key and a random 16-byte IV key := GenerateRandomBytes(keySize) iv := GenerateRandomBytes(ivSize) // Print generated key - fmt.Printf("[+] Generated key (32-byte): ") + fmt.Printf("[+] Generated key (%d-byte): ", keySize) // Call function named PrintKeyDetails Output.PrintKeyDetails(key) @@ -287,8 +259,11 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] // Call function named PrintKeyDetails Output.PrintKeyDetails(iv) - // Print AES-256-CBC notification - fmt.Printf("[+] Using AES-256-CBC encryption\n\n") + // Call function named DetectNotification + keyNotification := Output.DetectNotification(keySize) + + // Print AES--CBC notification + fmt.Printf("[+] Using AES-%d-CBC encryption\n\n", keyNotification) // Encrypt the shellcode using AES-256-CBC encryptedShellcode, err := AESEncryption(key, iv, shellcodeInBytes) @@ -300,10 +275,13 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] fmt.Printf("[+] New Payload size: %d bytes\n\n", len(encryptedShellcode)) // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode) + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode, language) return shellcodeFormatted, len(encryptedShellcode), key, "", iv case "b64aes": + // Set key from argument key + keySize := key + // Generate a random 32-byte key and a random 16-byte IV key := GenerateRandomBytes(keySize) iv := GenerateRandomBytes(ivSize) @@ -320,8 +298,11 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] // Call function named PrintKeyDetails Output.PrintKeyDetails(iv) - // Print AES-256-CBC notification - fmt.Printf("[+] Using AES-256-CBC encryption\n\n") + // Call function named DetectNotification + keyNotification := Output.DetectNotification(keySize) + + // Print AES--CBC notification + fmt.Printf("[+] Using AES-%d-CBC encryption\n\n", keyNotification) // Encrypt the shellcode using AES-256-CBC encryptedShellcode, err := AESEncryption(key, iv, shellcodeInBytes) @@ -342,7 +323,7 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] fmt.Printf("[+] New Payload size: %d bytes\n\n", len(encryptedShellcodeBytes)) // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes) + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes, language) return shellcodeFormatted, len(encryptedShellcode), key, "", iv case "rc4": @@ -359,7 +340,7 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] encryptedShellcode := RC4Encryption(shellcodeInBytes, rc4Key) // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode) + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode, language) return shellcodeFormatted, len(encryptedShellcode), rc4Key, randomPassphrase, nil case "b64rc4": @@ -377,7 +358,7 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] // Convert encryptedShellcode to Base64 encryptedShellcodeBase64 := base64.StdEncoding.EncodeToString(encryptedShellcode) - + // Convert Base64 string to []byte encryptedShellcodeBytes := []byte(encryptedShellcodeBase64) @@ -385,9 +366,55 @@ func DetectEncryption(cipher string, shellcode string, key int) (string, int, [] fmt.Printf("[+] New Payload size: %d bytes\n\n", len(encryptedShellcodeBytes)) // Call function named FormatShellcode - shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes) + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes, language) return shellcodeFormatted, len(encryptedShellcode), rc4Key, randomPassphrase, nil + case "chacha20": + // Call function named GenerateRandomBytes + chacha20Key := GenerateRandomBytes(32) + + // Print generated Chacha2 key + fmt.Printf("[+] Generated Chacha20 key: ") + + // Call function named PrintKeyDetails + Output.PrintKeyDetails(chacha20Key) + + // Call function named Chacha20Encryption + encryptedShellcode, _ := Chacha20Encryption(shellcodeInBytes, chacha20Key) + + // Call function named FormatShellcode + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcode, language) + + return shellcodeFormatted, len(encryptedShellcode), chacha20Key, "", nil + case "b64chacha20": + // Call function named GenerateRandomBytes + chacha20Key := GenerateRandomBytes(32) + + // Print generated Chacha2 key + fmt.Printf("[+] Generated Chacha20 key: ") + + // Call function named PrintKeyDetails + Output.PrintKeyDetails(chacha20Key) + + // Call function named Chacha20Encryption + encryptedShellcode, err := Chacha20Encryption(shellcodeInBytes, chacha20Key) + if err != nil { + panic(err) + } + + // Convert encryptedShellcode to Base64 + encryptedShellcodeBase64 := base64.StdEncoding.EncodeToString(encryptedShellcode) + + // Convert Base64 string to []byte + encryptedShellcodeBytes := []byte(encryptedShellcodeBase64) + + // Print length changed notification + fmt.Printf("[+] New Payload size: %d bytes\n\n", len(encryptedShellcodeBytes)) + + // Call function named FormatShellcode + shellcodeFormatted := Converters.FormatShellcode(encryptedShellcodeBytes, language) + + return shellcodeFormatted, len(encryptedShellcode), chacha20Key, "", nil default: logger.Fatal("Unsupported encryption cipher") return "", 0, nil, "", nil diff --git a/Maldev/Crypto/b32.go b/Maldev/Crypto/b32.go deleted file mode 100644 index c25a3fb..0000000 --- a/Maldev/Crypto/b32.go +++ /dev/null @@ -1,19 +0,0 @@ -package crypto - -import ( - "encoding/base32" - "log" -) - -func B32E(plaintext string) string { - return base32.StdEncoding.EncodeToString([]byte(plaintext)) -} - -func B32D(ciphertext string) string { - dec, err := base32.StdEncoding.DecodeString(ciphertext) - if err != nil { - log.Fatal(err) - } - - return string(dec) -} diff --git a/Maldev/Crypto/b64.go b/Maldev/Crypto/b64.go deleted file mode 100644 index 71cf356..0000000 --- a/Maldev/Crypto/b64.go +++ /dev/null @@ -1,18 +0,0 @@ -package crypto - -import ( - "encoding/base64" - "log" -) - -func B64E(plaintext string) string { - return base64.StdEncoding.EncodeToString([]byte(plaintext)) -} - -func B64D(ciphertext string) string { - dec, err := base64.StdEncoding.DecodeString(ciphertext) - if err != nil { - log.Fatal(err) - } - return string(dec) -} diff --git a/Maldev/Crypto/chacha20.go b/Maldev/Crypto/chacha20.go deleted file mode 100644 index 438999d..0000000 --- a/Maldev/Crypto/chacha20.go +++ /dev/null @@ -1,63 +0,0 @@ -package crypto - -// https://github.com/alinz/crypto.go/blob/main/chacha20.go - -import ( - "crypto/rand" - "errors" - - "golang.org/x/crypto/chacha20poly1305" -) - -// Encrypt data using given key (32 bytes) -func Chacha20Encrypt(data []byte, key []byte) ([]byte, error) { - if len(key) != 32 { - return nil, errors.New("bad key length, expected 32 bytes") - } - - aead, err := chacha20poly1305.NewX(key) - if err != nil { - return nil, err - } - - nonceSize := aead.NonceSize() - // Select a random nonce, and leave capacity for the ciphertext. - nonce := make([]byte, nonceSize, nonceSize+len(data)+aead.Overhead()) - - _, err = rand.Read(nonce) - if err != nil { - return nil, err - } - - // Encrypt the message and append the ciphertext to the nonce. - return aead.Seal(nonce, nonce, data, nil), nil -} - -// Decrypt data using given key (32 bytes) -func Chacha20Decrypt(data []byte, key []byte) ([]byte, error) { - aead, err := chacha20poly1305.NewX(key) - if err != nil { - return nil, err - } - - nonceSize := aead.NonceSize() - - if len(data) < nonceSize { - return nil, errors.New("ciphertext too short") - } - - // Split nonce and ciphertext. - nonce, ciphertext := data[:nonceSize], data[nonceSize:] - - // Decrypt the message and check it wasn't tampered with. - plaintext, err := aead.Open(nil, nonce, ciphertext, nil) - if err != nil { - if err.Error() == "chacha20poly1305: message authentication failed" { - return nil, errors.New("wrong key") - } - - return nil, err - } - - return plaintext, nil -} diff --git a/Output/Output.go b/Output/Output.go index f0e2cdd..a2c0599 100644 --- a/Output/Output.go +++ b/Output/Output.go @@ -1,10 +1,11 @@ package Output import ( - "Supernova/Utils" "Supernova/Converters" + "Supernova/Utils" "encoding/hex" "fmt" + "log" "os" ) @@ -39,7 +40,6 @@ func PrintKeyDetails(key []byte) { for i, b := range key { // decimalValue := int(b) hexValue := fmt.Sprintf("%02x", b) - // fmt.Printf("byte(0x%s) => %d", hexValue, decimalValue) fmt.Printf("0x%s", hexValue) if i < len(key)-1 { fmt.Printf(", ") @@ -50,18 +50,41 @@ func PrintKeyDetails(key []byte) { } // KeyDetailsFormatter function -func KeyDetailsFormatter(key []byte) string { +func KeyDetailsFormatter(key []byte, language string) string { var formattedKey string for i, b := range key { - hexValue := fmt.Sprintf("%02x", b) - formattedKey += "0x" + hexValue - if i < len(key)-1 { - formattedKey += ", " + if language == "python" { + hexValue := fmt.Sprintf("%02x", b) + formattedKey += "\\x" + hexValue + } else { + hexValue := fmt.Sprintf("%02x", b) + formattedKey += "0x" + hexValue + if i < len(key)-1 { + formattedKey += ", " + } } } return formattedKey } +// DetectNotification function +func DetectNotification(key int) int { + logger := log.New(os.Stderr, "[!] ", 0) + keyNotification := 0 + switch key { + case 16: + keyNotification = 128 + case 24: + keyNotification = 192 + case 32: + keyNotification = 256 + default: + logger.Fatal("Initial Error, valid AES key not found\n") + } + + return keyNotification +} + // SaveShellcodeToFile function func SaveShellcodeToFile(shellcode, filename string) error { // Removes Spaces and the "0x" prefix from the string @@ -70,18 +93,21 @@ func SaveShellcodeToFile(shellcode, filename string) error { // Decodes shellcode string into byte array data, err := hex.DecodeString(shellcode) if err != nil { - return fmt.Errorf("Error decoding shellcode: %v", err) + fmt.Println("Error decoding shellcode: ", err) + return err } file, err := os.Create(filename) if err != nil { - return fmt.Errorf("Error creating file: %v", err) + fmt.Println("Error creating file: ", err) + return err } defer file.Close() _, err = file.Write(data) if err != nil { - return fmt.Errorf("Error writing to file: %v", err) + fmt.Println("Error writing to file: ", err) + return err } absolutePath, err := Utils.GetAbsolutePath(filename) @@ -90,6 +116,6 @@ func SaveShellcodeToFile(shellcode, filename string) error { return err } - fmt.Printf("[+] Save encrypted shellcode file to " + absolutePath + "\n\n") + fmt.Printf("[+] 加密后的文件已保存到 " + absolutePath + "\n\n") return nil -} \ No newline at end of file +} diff --git a/Pictures/AES-128-C.png b/Pictures/AES-128-C.png new file mode 100644 index 0000000..623d9a8 Binary files /dev/null and b/Pictures/AES-128-C.png differ diff --git a/Pictures/AES-192-Rust.png b/Pictures/AES-192-Rust.png new file mode 100644 index 0000000..596f9e0 Binary files /dev/null and b/Pictures/AES-192-Rust.png differ diff --git a/Pictures/AES-256-Csharp.png b/Pictures/AES-256-Csharp.png new file mode 100644 index 0000000..5c12fae Binary files /dev/null and b/Pictures/AES-256-Csharp.png differ diff --git a/Supernova.go b/Supernova.go index 78ceaae..fa0f6c9 100644 --- a/Supernova.go +++ b/Supernova.go @@ -9,6 +9,8 @@ import ( "Supernova/Utils" "flag" "fmt" + "log" + "os" "strings" ) @@ -18,7 +20,7 @@ type FlagOptions struct { inputFile string language string encryption string - //obfuscation string + // obfuscation string variable string key int debug bool @@ -28,12 +30,12 @@ type FlagOptions struct { // global variables var ( - __version__ = "1.0.0" - __license__ = "MIT" - __author__ = "@nickvourd" - __original_github__ = "https://github.com/nickvourd/Supernova" - __github__ = "https://github.com/yutianqaq/Supernova_CN" - __coauthors__ = [3]string{"@yutianqaq", "@Papadope9", "@0xvm"} + __version__ = "1.1.0" + __license__ = "MIT" + __author__ = "@nickvourd" + __original_github__ = "https://github.com/nickvourd/Supernova" + __github__ = "https://github.com/yutianqaq/Supernova_CN" + __coauthors__ = [3]string{"@yutianqaq", "@Papadope9", "@0xvm"} ) var __ascii__ = ` @@ -55,15 +57,16 @@ Supernova是一个开源工具,受%s许可证保护。 // Options function func Options() *FlagOptions { - inputFile := flag.String("i", "", "64位原始格式 Shellcode 的路径") + inputFile := flag.String("i", "", "64 位原始格式 Shellcode 的路径") encryption := flag.String("enc", "", "Shellcode加密方式 (例如, ROT, XOR, RC4, AES, CHACHA20, B64XOR, B64RC4, B64AES, B64CHACHA20)") - language := flag.String("lang", "", "转换(Nim, Rust, C, CSharp, Go)格式的Shellcode") + language := flag.String("lang", "", "转换(Raw, Nim, Rust, C, CSharp, Go)格式的 Shellcode") outFile := flag.String("o", "", "输出到文件") variable := flag.String("v", "shellcode", "Shellcode 的变量名称") debug := flag.Bool("d", false, "开启 Debug 模式") key := flag.Int("k", 1, "加密的密钥长度") version := flag.Bool("version", false, "展示 Supernova 当前的版本") - guide := flag.Bool("guide", false, "开启引导模式") + guide := flag.Bool("guide", false, "开启引导模式(输出解密代码)") + // obfuscation := flag.String("obf", "", "Shellcode obfuscation (i.e., IPv4, IPv6, MAC, UUID)") flag.Parse() return &FlagOptions{outFile: *outFile, inputFile: *inputFile, language: *language, encryption: *encryption, variable: *variable, debug: *debug, key: *key, version: *version, guide: *guide} @@ -99,52 +102,62 @@ func main() { // Call function named ArgumentEmpty Arguments.ArgumentEmpty(options.language, 2) - // Call function named ArgumentEmpty - Arguments.ArgumentEmpty(options.encryption, 3) - - // Call function ValidateKeySize - Arguments.ValidateKeySize(options.key, options.encryption) - // Check for valid values of language argument - foundLanguage := Arguments.ValidateArgument("lang", options.language, []string{"Nim", "Rust", "C", "CSharp", "Go"}) + foundLanguage := Arguments.ValidateArgument("lang", options.language, []string{"Nim", "Rust", "C", "CSharp", "Go", "Python", "RAW"}) + + // Check if the encryption or obfuscation option is not used + if options.encryption == "" { + // && options.obfuscation == "" + logger := log.New(os.Stderr, "[!] ", 0) + logger.Fatal("请先选择加密选项!\n") + // logger.Fatal("Please choose either the encryption option or the obfuscation option to proceed!\n") + } + + // Check if encryption and obfuscation are used together + // if options.encryption != "" && options.obfuscation != "" { + // logger := log.New(os.Stderr, "[!] ", 0) + // logger.Fatal("You cannot choose both the encryption and obfuscation options; please select only one!\n") + //} // Call function named ConvertShellcode2Hex convertedShellcode, payloadLength := Converters.ConvertShellcode2Hex(rawShellcode, foundLanguage) - // Print payload size and choosen language - fmt.Printf("[+] Payload size: %d bytes\n\n[+] Converted payload to %s language\n\n", payloadLength, foundLanguage) + // Print payload size and chosen language + fmt.Printf("[+] Payload大小:%d bytes\n\n[+] 已将Payload转换为 %s 语言\n\n", payloadLength, foundLanguage) if options.debug { // Call function named ConvertShellcode2Template template := Converters.ConvertShellcode2Template(convertedShellcode, foundLanguage, payloadLength, options.variable) // Print original template - fmt.Printf("[+] The original payload:\n\n%s\n\n", template) + fmt.Printf("[+] 原始Payload:\n\n%s\n\n", template) } // Encryption option is enable if options.encryption != "" { // Call function named ValidateArgument Arguments.ValidateArgument("enc", options.encryption, []string{ - "XOR", "RC4", "AES", "ROT", "CHACHA20", + "RAW", "XOR", "RC4", "AES", "ROT", "CHACHA20", "B64XOR", "B64RC4", "B64AES", "B64CHACHA20", }) + // Call function ValidateKeySize + options.key = Arguments.ValidateKeySize(options.key, options.encryption) + // Call function named DetectEncryption - encryptedShellcode, encryptedLength, key, passphrase, iv := Encryptors.DetectEncryption(options.encryption, rawShellcode, options.key) + encryptedShellcode, encryptedLength, key, passphrase, iv := Encryptors.DetectEncryption(options.encryption, rawShellcode, options.key, foundLanguage) // Call function named ConvertShellcode2Template template := Converters.ConvertShellcode2Template(encryptedShellcode, foundLanguage, encryptedLength, options.variable) // Print encrypted template - encryptionType := strings.ToLower(options.encryption) - if options.outFile == "" && encryptedLength > 100000 { - fmt.Printf("[!] Encrypted payload (%s) is too large for console display.\n\n"+ - "[!] Size: %d\n\n[!] Save the output to a file using: -o filename\n\n", encryptionType, encryptedLength) - } else if options.outFile != "" { - fmt.Printf("[+] Encrypted payload with %s\n\n", encryptionType) + if encryptedLength < 500 && options.outFile == "" { + fmt.Printf("[+] Payload 加密后 %s:\n\n%s\n\n", strings.ToUpper(options.encryption), template) + } else if encryptedLength > 500 && options.outFile == "" { + fmt.Printf("[+] Payload 加密后 %s(%d): \n\n", strings.ToUpper(options.encryption), encryptedLength) + fmt.Printf("[!] Payload 尺寸太长,请使用 -o filename!\n") } else { - fmt.Printf("[+] Encrypted payload with %s\n\n%s\n\n", encryptionType, template) + fmt.Printf("[+] Payload 加密后 %s(%d bytes): \n\n", strings.ToUpper(options.encryption), encryptedLength) } // Guide option is enable @@ -154,11 +167,26 @@ func main() { // Outfile option is enable if options.outFile != "" { - err := Output.SaveShellcodeToFile(encryptedShellcode, options.outFile) - if err != nil { - fmt.Println("Error:", err) - return + language := strings.ToLower(options.language) + if language == "raw" { + err := Output.SaveShellcodeToFile(template, options.outFile) + if err != nil { + fmt.Println("Error:", err) + return + } + } else { + err := Output.SaveOutputToFile(template, options.outFile) + if err != nil { + fmt.Println("Error:", err) + return + } } } } + + // Obfuscation option is enable + // if options.obfuscation != "" { + // Call function named ValidateArgument + // Arguments.ValidateArgument("obf", options.obfuscation, []string{"IPv4", "IPv6", "MAC", "UUID"}) + // } }