This goal of this program is to code a program which will have the task to encrypt a program passed as a parameter.
A new "woody" program will then be generated at the end of the execution of the program. When this new program (woody) is executed, it will have to be deciphered to be able to get started. Its execution will be identical in all respects with the first program passed as a parameter in the previous step.
Formats supported:
- ELF64
- ELF
If you're not on a Linux machine:
docker build -t woody .
docker run -ti -v "$(pwd)":/woody_woodpacker woody
cd woody_woodpacker
You have two possible ways to launch the program:
make run [FILE_TO_CRYPT]
or:
make
./woody_woodpacker [FILE_TO_CRYPT]
-
Parse the ELF
-
Find zones to crypt and caves
-
Different injections methods
-
Get infos:LIB
- choper la zone a crypter
- Trouver la zone ou s'inserer
- Recuperer notre code a injecter
-
Do things
- Entry Point
- Obtenir le true entry point: Soustraire l'entry point a l'adresse virtuelle
- Changer le jump final dans la zone que l'on insere vers l'ancien entry point
- Crypter la section .text
- Ajouter notre packer
- Entry Point
-
Check header (elf ? x64 ? executable ? etc.)
-
Make binary tree:
- segments bt contain section bt (Is in a holding struct)
- solve available space after in holding struct (can be done just for segement)
-
Find loadable segments
- crypt them and keep track of their associated zones
-
find loadable + executable zones
- Solve where to insert code if possible, or print error.
- insert the code
- entry point
- uncrypt
- write woody
- jump to hold entry point
- Chang segment + section size to include injection
-
Save the woody