/ELFcrypt

Simple ELF crypter. Uses RC4 encryption against a section of an ELF file.

Primary LanguageCOtherNOASSERTION

ELFcrypt

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMMMMMMMNNNNNNNNNNNNNNNNNNMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMMMMMMNNmdhso///+o++osyyhdmNNNNNNNNNNMMMMMMMMMMMMMMMMMMMMM
MMMMMMMMMNmmhs/:...`````..........:ohmNNNNNNNNNNNNMMMMMMMMMMMMMMMM
MMMMMMMNmds:..````````...............:sdmmNNNNNNNNNNNNMMMMMMMMMMMM
MMMMNNNNm+.`.....````.............------odmmmmNNNNNNNNNNNMMMMMMMMM
MNNNNNNdo......`````..........-------:---:ymmmmmmmNNNNNNNNNMMMMMMM
NNNNNNdy.......```.....-------::::::::::--:odmmmmmmmmNNNNNNNNMMMMM
NNNNNmh:...........---::::::::::::::::::----odmmmmmmmmmmNNNNNNNMMM
NNNmmdo......-...---:::::::----::::::------.-odddmmmmmmmmNNNNNNNNM
Nmmmms.....----.------:::::::::::::----::--.-:odddddmmmmmmmNNNNNNN
mmmmd:....---------:-..-------:::--..-oso/::///hdddddmmmmmmmmNNNNN
mmmmy-..---::---.-++++/:----://++///+oo+oooyhs/sdddddddmmmmmmmNNNN
mmmdy-.---:///--.:++osyhsosyhyo/::oyhso//ooyhyo+dddddddddmmmmmmmNN
mmddy.-syysoo+-..:++//+osdhys+:/oooyys+/++::sso+hddddddddddmmmmmmN
mddds.:ohydhhs:..-/+/:/oyy+/::/dddy/oyss+/+so//ohddddddddddmmmmmmm
ddddy.-:syddhso--::/+osss////+hdyydhossyhddysoo+hddddddddddddmmmmm
ddddh/--/hhsyyhyo/+shyssys+:o+hho+hyosdmmmdysssohdddddddddddddmmmm
dddddh:-:+sssosyyydmmmmdho::+/+/+sso+oshmmmhysooddddddddddddddmmmm
dddddh/--/oysyhdhyyhmmdhs+:::---:+--:++shddhyo+sdddddddddddddddmmm
dddddho/::/oyhdddssyhhhoso::-://+ooshhyoyhhsosyhdddddddddddddddmmm
ddddddyo/::+syyhdsssssysddyssydhhhdmNmdooyysyhddddddddddddddddddmm
ddddddho+///oosyhssssossoooohhsyydhsyy+/ohhyhddddddddddddddddddmmm
dddddddy+/:/+o+syhhyysoosso+++::+ssosssssyyydddddddddddddddddddmmm
dddddddh//::/o+o+ydddhssooooos+oyhhhhddh+sshddddddddddddddddddddmm
ddddddhho::::/++/-ydddhyyso++//oyyssyhysoosddddddddddddddddddddmmm
ddddddhhs----://:-+yhhyhddyo+/+ssyydmmddhsdddddddddddddddddddddmmm
dddddhhy+---.-:-:os/shyydmmmdyhddmmmdhmmssdddddddddddddddddddddmmm
dddddddh/---.--ohyhy:-/oyhhdmddmmmd+-.sNdosyhhddddddddddddddddmmmm
dddddddy:+----:hs+hdh+.`..-/shdmmy:..-dNNhhsoooosyhdddddddddddmmmm
dddddddy:+/---:ss:/yddh+-.---/yds.```./hNNdmmdddyyyhdmNNNmmmmmmmmm
mdddddds//:-:-:+ys:-+hmdhyso/--+-.--::/omNmmdmNNNdyyyhmmmhhmNNNNNN
mmddddy+//::+///ohh/.-+omNNNmdsyddmmmmmmNNNNNmdmmdhhddydmyyhNdNNNN
mmmdyo+++o+++///oymmo..oNNNNNNNmdyysyyhhhNNdhhyssydhddsmsddmdyNNNN
dhyssyyyhhss+/++symNNy-+mNmNNmds:-----::+mdyyyyyssymmdmNhdNNsyNNNN
yyyyysyydhhd++osydNNNNd/smmdy/--......--:hmhhyhhysydNNdymNmyyNNNNN
yyhddhhmNNmhsssyhNNNNNNms//:-..........--oNdhhddddmNNNmdymhhhNNNNN
hshdNdmNmNhsyohmNNNNNNNNNy...........`..-:mmmmddNNhNmmNNddmNmNNNNm
ssmNNNsNyNsdshmNNNNNNNNNNNo..........``.--yNNNmdNNoNmNNNNNsmNNNNNm
shydmm+NomymyNddNNNNNNNNNNNo.......-....--sNNNNdNmyhdmdNNNsNNNNNNN
hhh+mhhyssNNddhsdhNNNNNNNNNNy............-sNNmNmmNNNdshyNNmmddmNNN
+yhyNdyhyhNNmNyhydmNNNNNNNNNNy-.......`..-/mNNmNdNyNsydmNNNmmmNNNN
hsNddNdMMNMNmhdmmNdNNNNNNNNNNNs-......``..-yNNNNdmmhoNNNNNmmNNNNNN

How to Use

Quickstart:

% make
gcc -Wall -o ELFcrypt ELFcrypt.c
gcc -Wall -o example example.c
% ./ELFcrypt example
ELFcrypt by @dmfroberson

Crypting .crypted section of example, outputting to crypted

Enter passphrase: harharhar
Confirm passphrase: harharhar
% ./crypted
Enter passphrase: harharhar
Confirm passphrase: harharhar
This function was crypted

To use this in future projects, include ELFcrypt.h, add a call to ELFdecrypt() to main(), and prefix your functions that you'd like to protect with CRYPTED. After this make-believe C program is compiled, run ELFcrypt against it with whatever password you desire and it will be encrypted with RC4. See example.c for more details.

This also will attempt to read the ELFCRYPT environment variable as input for the password:

% ELFCRYPT="harharhar" ./crypted
This function was crypted

objdump before/after

Before:

% objdump -dj .crypted example 

example:     file format elf64-x86-64


Disassembly of section .crypted:

0000000000401022 <crypted_main>:
  401022:	55                   	push   %rbp
  401023:	48 89 e5             	mov    %rsp,%rbp
  401026:	48 83 ec 10          	sub    $0x10,%rsp
  40102a:	89 7d fc             	mov    %edi,-0x4(%rbp)
  40102d:	48 89 75 f0          	mov    %rsi,-0x10(%rbp)
  401031:	bf ec 10 40 00       	mov    $0x4010ec,%edi
  401036:	e8 b5 f7 ff ff       	callq  4007f0 <puts@plt>
  40103b:	b8 64 00 00 00       	mov    $0x64,%eax
  401040:	c9                   	leaveq 
  401041:	c3                   	retq

After:

% objdump -dj .crypted crypted

crypted:     file format elf64-x86-64


Disassembly of section .crypted:

0000000000401022 <crypted_main>:
  401022:	68 ac 6c f3 e5       	pushq  $0xffffffffe5f36cac
  401027:	6d                   	insl   (%dx),%es:(%rdi)
  401028:	91                   	xchg   %eax,%ecx
  401029:	59                   	pop    %rcx
  40102a:	d2 7b 05             	sarb   %cl,0x5(%rbx)
  40102d:	6e                   	outsb  %ds:(%rsi),(%dx)
  40102e:	20 3c 38             	and    %bh,(%rax,%rdi,1)
  401031:	74 05                	je     401038 <crypted_main+0x16>
  401033:	54                   	push   %rsp
  401034:	13 d6                	adc    %esi,%edx
  401036:	2c 31                	sub    $0x31,%al
  401038:	18 99 4c 46 5f 38    	sbb    %bl,0x385f464c(%rcx)
  40103e:	ad                   	lods   %ds:(%rsi),%eax
  40103f:	e3 bb                	jrcxz  400ffc <__libc_csu_init+0x4c>
	...

As you can see, the second binary contains a bunch of nonsensical rubbish instead of readable assembler in the .crypted section.