Yes, you can use Janus with asymmetric or symmetric encryption. You don't have to use the OpenSSL library, I used OpenSSL and RSA out of familiarity. The primary function you will need to modify if you want to implement your own obfuscation method within Janus is "ScrambleA"
Janus is a pre-build event that performs string obfuscation during compile time. This project is based off the CIA's Marble Framework.
JFK (1991)
Bill: We're talking about our government here!
Jim: No, we're talking about a crime, Bill, pure and simple. Y'all better start thinking on a different level, like the CIA does. Now, we're through the looking glass here, people. White is black and black is white.
This quote is in reference to the CIA having had been in possession of an illegitimate Kaspersky certificate.
Janus is designed to allow for string obfuscation when developing tools. Janus utilizes pre-build and post-build execution steps to apply obfuscation to the tool. If the tool breaks the build, the post-build will always be able to repair it. The pre-build execution step will store clean copies of the code before making modifications. The post-build execution step restores the file to a clean-copy state.
Janus utilizes the OpenSSL library to perform RSA encryption and Base64 encoding to store the encrypted string/data output within your project in a base64 encoded format. Due to the utilization of RSA, you will be limited in the amount of characters you can encrypt. This is based off the RSA key size. Janus uses a 2048-bit key with OAEP padding, USE YOUR OWN KEY PAIR. A 2048-bit key can encrypt up to 214 bytes; (2048/8) – 42 = 256 – 42 = 214 bytes. If you want to encrypt more bytes you will need to use a larger key size. Click here to read a blog post discussing how much data you can encrypt with RSA keys.
The public and private key are never stored within the binary (at least they shouldn't be). The JanusTester includes the private key as a POC to prove that Janus functions properly. The intended use is to use Janus to encrypt and encode the strings\data and then during runtime retrieve the private key from a server.
Janus currently only supports CHAR data type. (No WCHAR or UNICODE support)
I will make a YouTube video discussing Janus, Vault 7, and Joshua Schulte next week and will update this README.md with the link. If you are interested in that, make sure to come back and check in if you want to see the video.
Janus: Janus is the utility that does the encryption, encoding, and altering of source files. Janus scans the project folder looking for any files that contain source, looking for strings and data to scramble. Janus keeps a clean copy of the original source and replaces it with the scrambled versions of strings/data. The source should compile after Janus modifies source.
Elyashib: Elyashib restores the source files to their original state. If for any reason, Janus fails or breaks the code, Elyashib can always restore the state to its original.
It is recommended to include some form of anti-sandbox techniques to determine if your binary is being analyzed\reverse-engineered in order to withhold the key being retrieved from the server.
It is important that the pre-build event be run before any projects are built and the post-build event is ran after all projects are built.
Step 1: Compile Janus and Elyashib
Step 2: Add the Janus files to your project (Janus.cpp\Janus.h) located in the JanusTester project. These files will have to be slightly modified because they are currently configured to only work with the JanusTester. (I will make an official header file and update the repository soon).
Step 3: Add Janus to the pre-build event of your project
Step 4: Add Elyashib to the post-build event of your project
Step 5: All the best to you
Janus.Demo.mp4
JanusTester.mp4
- Replace OpenSSL with wolfSSL (this will significantly decrease the final size of the binary)
- Add different encryption\encoding methods
- Add detection for comments (comments should be ignored in the future)
- Add Unicode support
- Add receipt and validator (will be added soon hopefully)
If you found anything of value from this, feel free to share this project, I would greatly appreciate it.
If you have any questions you can add me on Discord: Default#9365
You can donate to my BTC wallet here: 34WFzRRRvscorHsVnLX656rGK4DBWqRKyi