The seventh and last assignment is to create a custom crypter like the one shown in the “crypters” video. I’m free to use any existing encryption schema and I can use any programming language.
The assignment was written on an Ubuntu Linux 18.04, with a Linux kernel 4.15 version.
Choosing the encryption scheme
For this last assignment I want to use something quick and reliable to encrypt any evil payload. I started looking at TEA for its characteristics and implementations.
I choose to use XXTEA that it is an evolution of original algorithm to correct all weaknesses found.
This is a symmetric block cipher and the key must be 16 bytes long.
I will use python as programming language and the xxtea package that it is available with the following command:
pip install xxtea
The default behaviour is to select a 16 bytes long random key and use xxtea library facilities to encrypt the default shellcode that is the standard execve() shellcode used in assignment 4.
However, the crypter tool accepts also a custom encryption key and a custom shellcode to be used instead of the default one.
Here you can find the source code for the crypter script:
Decrypt and launch
The launcher script is responsible for decrypting a given payload using a given decryption key. It may be redundant to recall but, since XXTEA is a Symmetric Cryptography algorithm, the decryption key is the one used to crypt the shellcode.