This project demonstrates how to encrypt shellcode using XOR, format it as MAC addresses for obfuscation, and then decrypt and execute it in a Windows environment using Nim.
The process involves two main steps:
- Encryption: A Python script reads a binary shellcode file, encrypts it using XOR, and formats the encrypted data as MAC addresses.
- Decryption and Execution: A Nim script reads the encrypted MAC addresses, decrypts the data using XOR, and executes the shellcode using Windows fibers.
- encrypt_shellcode.py: The Python script that encrypts shellcode and outputs it in MAC address format.
- macinject2.nim: The Nim script that decrypts the MAC address formatted shellcode and executes it.
- Python 3.x
encrypt_shellcode.pydoes not require any external libraries.
- Nim 1.x or higher
- The
winimNim package for Windows API functions.
First, use the Python script to encrypt your shellcode and format it as MAC addresses.
python encrypt_shellcode.py shellcode.binReplace shellcode.bin with the path to your binary shellcode file. The script will output the encrypted shellcode in MAC address format.
Copy the output from the Python script and replace the encryptedMAC array in macinject2.nim with the generated MAC addresses.
Finally, compile and run the Nim script to execute the decrypted shellcode.
nim c -r macinject2.nimCompile and run the Nim script:
nim c -r macinject2.nimEnsure that the XOR key used in both the Python and Nim scripts is the same. The project is intended for educational purposes and should be used responsibly.