![]() To solve this problem we will implement two distinct method: Encrypt() and Decrypt():įirst method will first "sign" plain text, encrypt and return content + the plain-text signature. The main issue is the lack of decryption control, how to be sure our payload was successfully decrypted? for example in the case our passphrase was wrong. PLAIN rc4 KEY = CIPHERED_MESSAGE rc4 KEY = PLAIN In classic RC4 cipher, both Encryption and Decryption process is using the same method. This will be required by our crypter for brute-forcing key (seen later in this paper). We need to take care of that before calling KSA method.įinally, in our future Delphi RC4 cipher object, we must take care of updating passphrase. ![]() The key string is called a passphrase and requires to be translated to byte array before getting used by our RC4 cipher. We could generate random keys as byte array directly but instead initial key format will be string. In above example, the key is defined as a byte array. The PRGA method will return for each payload byte a new pseudo random number we will use to xor with the current payload byte to encrypt. PRGA (Pseudo-random generation algorithm)īefore doing payload encryption, we first need to call our KSA method to initialize our RC4 cipher then we can call our PRGA method for each payload bytes. Quoted from Wikipedia for i from 0 to 255 To implement RC4 to Delphi, we need to translate two main methods: KSA (Key-scheduling algorithm) We will implement RC4 specifications in a Delphi object to be more convenient. RC4 specifications is well explained on Wikipedia. This cipher strength is far enough for our needs and is sufficiently easy to implement. We will use the RC4 cipher to encrypt and decrypt our payload. Most of the crypter code will be in Delphi except a small part in Assembly. You can install Lazarus on Ubuntu with aptitude using the following command sudo apt install lazarus ![]() We will use Delphi compiled with Freepascal (Lazarus IDE). We will use an uncommon language to create our Linux x86-32 crypter. Creating our custom Crypter Programming Language Used Each time a stub is generated, the encrypted payload will look completely different, it is a good solution to beat signature based detection systems.īecause of their complexity, crypters are often coded with higher level language such as C/C++, Delphi. Sometimes execution flow is not redirected but instead a new thread or a new process is created to host the payload execution.Ĭonversely to encoders, crypters uses complexes encryptions schema (RC4, AES, Blowfish, Camelia etc.) to keep the payload obfuscated. The payload is encrypted and embedded inside a host program often called a stub, when the stub is executed, it will decrypt the encrypted payload and redirect execution flow at decrypted payload address. It is a tiny application designed to encrypt a payload and decrypt the payload at runtime. Create a custom crypter like the one shown in the "crypters" videoįree to use any existing encryption schemaĪ crypter is very close to encoders.
0 Comments
Leave a Reply. |