airborne/README.md

# Shellcode reflective DLL injection in Rust

Reflective DLL injection demo for fun and education. In practical applications, there's significant scope for enhancing build sizes, obfuscation, and delivery logic.

[A blog post describing the technicalities of sRDI.](https://golfed.xyz/blog/understanding-srdi/)

### Project Structure

```shell
.
├── generator           # Shellcode generator (ties together bootstrap, loader, payload, and user data)
├── injector            # PoC injector
├── payload             # PoC payload (DllMain and PrintMessage)
└── reflective_loader   # sRDI implementation
```

### Features

- Compact filesize (~14 kB)
- Hashed import names & indirect function calls
- Randomized payload export iteration & IAT patching
- XOR encryption for shellcode (shellcode generation specific keys)

Check out [Alcatraz](https://github.com/weak1337/Alcatraz/) for additional obfuscation for the shellcode/injector.

### Usage

The following command compiles the DLLs and executables into `target`:

```shell
$ cargo build --release
```

1. Generate shellcode containing the loader and the payload
2. Inject the created shellcode into target

### Disclaimer

Information and code provided on this repository are for educational purposes only. The creator is in no way responsible for any direct or indirect damage caused due to the misuse of the information.

### Credits

- Stephen Fewer ([@stephenfewer](https://github.com/stephenfewer)) for reflective DLL injection
- Nick Landers ([@monoxgas](https://github.com/monoxgas)) for shellcode generator
- [@memN0ps](https://github.com/memN0ps) for bootstrap shellcode
tested builds w/o loader-level obfuscation 2024-02-11 21:52:08 +01:00			`# Shellcode reflective DLL injection in Rust`
initial readme skeleton 2024-01-02 22:05:29 +01:00
include features & disclaimer to readme 2024-01-05 20:15:45 +01:00			`Reflective DLL injection demo for fun and education. In practical applications, there's significant scope for enhancing build sizes, obfuscation, and delivery logic.`

include blog post link 2024-01-05 20:57:22 +01:00			`[A blog post describing the technicalities of sRDI.](https://golfed.xyz/blog/understanding-srdi/)`

include features & disclaimer to readme 2024-01-05 20:15:45 +01:00			`### Project Structure`

build size optimizations, streamlining 2024-01-04 19:00:24 +01:00			```shell
			`.`
			`├── generator # Shellcode generator (ties together bootstrap, loader, payload, and user data)`
			`├── injector # PoC injector`
tested builds w/o loader-level obfuscation 2024-02-11 21:52:08 +01:00			`├── payload # PoC payload (DllMain and PrintMessage)`
			`└── reflective_loader # sRDI implementation`
build size optimizations, streamlining 2024-01-04 19:00:24 +01:00			```
initial readme skeleton 2024-01-02 22:05:29 +01:00
			`### Features`

tested builds w/o loader-level obfuscation 2024-02-11 21:52:08 +01:00			`- Compact filesize (~14 kB)`
include features & disclaimer to readme 2024-01-05 20:15:45 +01:00			`- Hashed import names & indirect function calls`
tested builds w/o loader-level obfuscation 2024-02-11 21:52:08 +01:00			`- Randomized payload export iteration & IAT patching`
			`- XOR encryption for shellcode (shellcode generation specific keys)`
initial readme skeleton 2024-01-02 22:05:29 +01:00
fix alcatraz link 2024-01-03 20:02:20 +01:00			`Check out [Alcatraz](https://github.com/weak1337/Alcatraz/) for additional obfuscation for the shellcode/injector.`
initial readme skeleton 2024-01-02 22:05:29 +01:00
build size optimizations, streamlining 2024-01-04 19:00:24 +01:00			`### Usage`

tested builds w/o loader-level obfuscation 2024-02-11 21:52:08 +01:00			The following command compiles the DLLs and executables into `target`:

			```shell
			`$ cargo build --release`
			```

			`1. Generate shellcode containing the loader and the payload`
			`2. Inject the created shellcode into target`
build size optimizations, streamlining 2024-01-04 19:00:24 +01:00
include features & disclaimer to readme 2024-01-05 20:15:45 +01:00			`### Disclaimer`

			`Information and code provided on this repository are for educational purposes only. The creator is in no way responsible for any direct or indirect damage caused due to the misuse of the information.`

initial readme skeleton 2024-01-02 22:05:29 +01:00			`### Credits`

			`- Stephen Fewer ([@stephenfewer](https://github.com/stephenfewer)) for reflective DLL injection`
			`- Nick Landers ([@monoxgas](https://github.com/monoxgas)) for shellcode generator`
initial shellcode generator version (untested) 2024-01-03 20:01:26 +01:00			`- [@memN0ps](https://github.com/memN0ps) for bootstrap shellcode`