diff --git a/generator/generator.cpp b/generator/generator.cpp index 655c1e2..c9daa96 100644 --- a/generator/generator.cpp +++ b/generator/generator.cpp @@ -4,9 +4,9 @@ #include #include #include -#include #include "generator.hpp" +#include "../shared/crypto.hpp" int main(int argc, char **argv) { @@ -263,6 +263,11 @@ int main(int argc, char **argv) return 1; } + auto srcUuid = GenerateUuid(); + std::cout << "[+] AES key derivation UUID: " << srcUuid << std::endl; + + std::cout << "[+] " << std::endl; + return 0; } @@ -309,29 +314,6 @@ BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize return TRUE; } -DWORD CalculateHash(const std::string &source) -{ - auto dwHash = HASH_KEY; - - for (char ch : source) - { - if (ch == '\0') - { - continue; - } - - if (ch >= 'a' && ch <= 'z') - { - ch -= 0x20; - } - - // Casting might be unnecessary - dwHash = ((dwHash << 5) + dwHash) + static_cast(ch); - } - - return dwHash; -} - void PrintHelp(char **argv) { std::cout << "Usage: " << argv[0] << " [ARGUMENTS] [OPTIONS]" << std::endl; diff --git a/generator/generator.hpp b/generator/generator.hpp index a7e46ae..f0ddb6c 100644 --- a/generator/generator.hpp +++ b/generator/generator.hpp @@ -1,14 +1,12 @@ #pragma once #include -#include #include -#define HASH_KEY 5381 #define BOOTSTRAP_LEN 79 // Utils -void PrintHelp(char **argv); BOOL GetFileContents(std::string filePath, LPBYTE *fileContents, DWORD *fileSize); BOOL WriteFileContents(std::string filePath, LPBYTE fileContents, DWORD fileSize); -DWORD CalculateHash(const std::string &source); + +void PrintHelp(char **argv); \ No newline at end of file diff --git a/reflective_loader/loader.cpp b/reflective_loader/loader.cpp index 52da696..8075296 100644 --- a/reflective_loader/loader.cpp +++ b/reflective_loader/loader.cpp @@ -6,6 +6,7 @@ #include #include "loader.hpp" +#include "../shared/crypto.hpp" void Load(PBYTE pImage, DWORD dwFunctionHash, PVOID pvUserData, DWORD dwUserDataLen, DWORD dwFlags) { @@ -450,31 +451,3 @@ PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage) return pNtHeaders; } - -DWORD CalculateHash(const UNICODE_STRING &baseDllName) -{ - auto pwszBaseDllName = baseDllName.Buffer; - auto dwHash = HASH_KEY; - - char ch; - - for (auto i = 0; i < baseDllName.MaximumLength; i++) - { - ch = pwszBaseDllName[i]; - - if (ch == '\0') - { - continue; - } - - if (ch >= 'a' && ch <= 'z') - { - ch -= 0x20; - } - - // Casting might be unnecessary - dwHash = ((dwHash << 5) + dwHash) + static_cast(ch); - } - - return dwHash; -} diff --git a/reflective_loader/loader.hpp b/reflective_loader/loader.hpp index fdf6629..27e098e 100644 --- a/reflective_loader/loader.hpp +++ b/reflective_loader/loader.hpp @@ -6,7 +6,6 @@ constexpr auto MAX_IMPORT_DELAY_MS = 6 * 1000; constexpr auto OBFUSCATE_IMPORTS = 1; -constexpr auto HASH_KEY = 5381; constexpr DWORD KERNEL32_DLL_HASH = 0x6DDB9555; constexpr DWORD LOAD_LIBRARY_W_HASH = 0xB7072FF1; @@ -67,7 +66,6 @@ using PIMAGE_RELOC = _IMAGE_RELOC *; PBYTE GetModuleAddressFromHash(DWORD dwHash); HMODULE GetExportAddrFromHash(PBYTE pbModule, DWORD dwHash, std::mt19937 &eng); PIMAGE_NT_HEADERS64 GetNtHeaders(PBYTE pbImage); -DWORD CalculateHash(const UNICODE_STRING &baseDllName); // Loader functions void CopyHeadersAndSections(ULONG_PTR pNewImageBase, PBYTE pbImage, PIMAGE_NT_HEADERS64 pNtHeaders); diff --git a/shared/crypto.cpp b/shared/crypto.cpp new file mode 100644 index 0000000..7ffcb1a --- /dev/null +++ b/shared/crypto.cpp @@ -0,0 +1,90 @@ +#include +#include +#include + +#include "crypto.hpp" + +std::string GenerateUuid() +{ + // Source: https://stackoverflow.com/a/60198074/15310712 + + std::stringstream ss; + std::random_device rd; + std::mt19937 gen(rd()); + std::uniform_int_distribution<> dis(0, 15); + std::uniform_int_distribution<> dis2(8, 11); + + ss << std::hex; + + auto generateHex = [&](int count) + { + for (int i = 0; i < count; ++i) + { + ss << dis(gen); + } + }; + + generateHex(8); + ss << "-"; + generateHex(4); + ss << "-4"; + generateHex(3); + ss << "-"; + ss << dis2(gen); + generateHex(3); + ss << "-"; + generateHex(12); + + return ss.str(); +} + +DWORD CalculateHash(const std::string &source) +{ + auto dwHash = HASH_KEY; + + for (char ch : source) + { + if (ch == '\0') + { + continue; + } + + if (ch >= 'a' && ch <= 'z') + { + ch -= 0x20; + } + + // Casting might be unnecessary + dwHash = ((dwHash << 5) + dwHash) + static_cast(ch); + } + + return dwHash; +} + +DWORD CalculateHash(const UNICODE_STRING &baseDllName) +{ + auto pwszBaseDllName = baseDllName.Buffer; + auto dwHash = HASH_KEY; + + char ch; + + for (auto i = 0; i < baseDllName.MaximumLength; i++) + { + ch = pwszBaseDllName[i]; + + if (ch == '\0') + { + continue; + } + + if (ch >= 'a' && ch <= 'z') + { + ch -= 0x20; + } + + // Casting might be unnecessary + dwHash = ((dwHash << 5) + dwHash) + static_cast(ch); + } + + return dwHash; +} diff --git a/shared/crypto.hpp b/shared/crypto.hpp new file mode 100644 index 0000000..60bcf96 --- /dev/null +++ b/shared/crypto.hpp @@ -0,0 +1,10 @@ +#pragma once + +#include +#include + +constexpr auto HASH_KEY = 5381; + +std::string GenerateUuid(); +DWORD CalculateHash(const std::string &source); +DWORD CalculateHash(const UNICODE_STRING &baseDllName);