jory/AES-Encrypter-Rust
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
27 Commits 1 Branch 0 Tags 200 MiB
C++ 81.9%
Shell 10.2%
Rust 7.9%
7d724677bc
Go to file
JorySeverijnse 7d724677bc Implement secure AES-CBC encryption with external C++ decryption 
- Replace weak ECB encryption with AES-128-CBC + PKCS7 padding
- Implement secure key derivation: SHA256(password + salt)
- Add cryptographically secure random IV generation
- Create standalone C++ decryptor for external binary decryption
- Update stub to require external decryption workflow
- Maintain cross-platform compatibility (Linux/Windows)
- Add proper error handling and padding validation

Security improvements:
- AES-128-CBC instead of ECB (prevents pattern analysis)
- Random IVs prevent identical plaintext producing identical ciphertext
- Password-based key derivation with salt
- PKCS7 padding with validation
- External decryption prevents embedded keys
2025-12-14 12:40:55 +01:00
batch_output Added batch processing 2025-09-24 18:41:36 -05:00
crypt Implement secure AES-CBC encryption with external C++ decryption 2025-12-14 12:40:55 +01:00
stub Implement secure AES-CBC encryption with external C++ decryption 2025-12-14 12:40:55 +01:00
.gitignore Adding the ability to pass the EXE name as a commandline argument. I like this better than having a hardcoded exe name 2024-07-15 10:43:28 -05:00
decryptor.cpp Implement secure AES-CBC encryption with external C++ decryption 2025-12-14 12:40:55 +01:00
LICENSE Initial commit 2023-05-17 00:32:30 +01:00
README.md Update README.md 2025-09-24 18:49:32 -05:00
simple_batch.sh Added batch processing 2025-09-24 18:41:36 -05:00

README.md

Rust Crypter

x86-64 Malware Crypter built in Rust for Windows with Anti-VM, powered by memexec

Usage

Single File

  1. Put your .exe in /crypt/
  2. cd crypt && cargo run <filename.exe>
  3. mv encrypted_Input.bin key.txt ../stub/src/
  4. cd ../stub && cargo build --target x86_64-pc-windows-gnu --release
  5. Your encrypted exe is in stub/target/x86_64-pc-windows-gnu/release/stub.exe

Batch Processing (Multiple Files)

./simple_batch.sh /path/to/folder/with/exe/files

Output: batch_output/ folder with {filename}_encrypted.exe files

Supported targets

  • Windows x86-64
  • Windows x86

Limitations

  • .NET not supported
  • Files over 600MB not supported

TODO

  • File dialogue choose file instead of renaming code strings/executable names
  • Automatically move encrypted bytes and key into stub for compiling
  • GUI
  • Obfuscated Strings

Disclaimer

This is a tool used to test the Static + Dynamic detection capabilites of AV and EDR, use of this project is at your own risk

MITRE TTPs (Indicators)

  • User Execution: Malicious File T1204.002
  • Deobfuscate/Decode Files or Information T1140
  • Embedded Payloads T1027.009
  • System Checks T1497.001
  • Reflective Code Loading T1620
  • Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder T1547.001

References

https://crates.io/crates/memexec https://crates.io/crates/inside-vm