metasploit-framework/lib/rex/encoder/alpha2/unicode_mixed.rb

117 lines
3.7 KiB
Ruby

#!/usr/bin/env ruby
require 'rex/encoder/alpha2/generic'
module Rex
module Encoder
module Alpha2
class UnicodeMixed < Generic
def self.gen_base_set(max)
Rex::Text.shuffle_a(
[* ( (0..(max-1)).map { |i| i *= 0x10 } ) ]
)
end
def self.gen_second(block, base)
# unicode uses additive encoding
(block - base)
end
def self.gen_decoder_prefix(reg, offset)
if (offset > 28)
raise "Critical: Offset is greater than 28"
end
# offset untested for unicode :(
if (offset <= 14)
nop = 'CP' * offset
mod = 'IA' * (14 - offset) + nop # dec ecx,,, push ecx, pop edx
else
mod = 'AA' * (offset - 14) # inc ecx
nop = 'CP' * (14 - mod.length)
mod += nop
end
regprefix = { # nops ignored below
'EAX' => 'PPYA' + mod, # push eax, pop ecx
'ECX' => mod + "4444", # dec ecx
'EDX' => 'RRYA' + mod, # push edx, pop ecx
'EBX' => 'SSYA' + mod, # push ebx, pop ecx
'ESP' => 'TUYA' + mod, # push esp, pop ecx
'EBP' => 'UUYA' + mod, # push ebp, pop ecx
'ESI' => 'VVYA' + mod, # push esi, pop ecx
'EDI' => 'WWYA' + mod, # push edi, pop edi
}
return regprefix[reg]
end
def self.gen_decoder(reg, offset)
decoder =
gen_decoder_prefix(reg, offset) +
"j" + # push 0
"XA" + # pop eax, NOP
"QA" + # push ecx, NOP
"DA" + # inc esp, NOP
"ZA" + # pop edx, NOP
"BA" + # inc edx, NOP
"RA" + # push edx, NOP
"LA" + # dec esp, NOP
"YA" + # pop ecx, NOP
"IA" + # dec ecx, NOP
"QA" + # push ecx, NOP
"IA" + # dec ecx, NOP
"QA" + # push ecx, NOP
"IA" + # dec ecx, NOP
"hAAA" + # push 00410041, NOP
"Z" + # pop edx
"1A" + # add [ecx], dh NOP
"IA" + # dec ecx, NOP
"IA" + # dec ecx, NOP
"J" + # dec edx
"1" + # add [ecx], dh
"1A" + # add [ecx], dh NOP
"IA" + # dec ecx, NOP
"IA" + # dec ecx, NOP
"BA" + # inc edx, NOP
"BA" + # inc edx, NOP
"B" + # inc edx
"Q" + # add [ecx], dl
"I" + # dec ecx
"1A" + # add [ecx], dh NOP
"I" + # dec ecx
"Q" + # add [ecx], dl
"IA" + # dec ecx, NOP
"I" + # dec ecx
"Q" + # add [ecx], dh
"I" + # dec ecx
"1" + # add [ecx], dh
"1" + # add [ecx], dh
"1A" + # add [ecx], dh NOP
"IA" + # dec ecx, NOP
"J" + # dec edx
"Q" + # add [ecx], dl
"YA" + # pop ecx, NOP
"Z" + # pop edx
"B" + # add [edx], al
"A" + # inc ecx <-------
"B" + # add [edx], al |
"A" + # inc ecx |
"B" + # add [edx], al |
"A" + # inc ecx |
"B" + # add [edx], al |
"A" + # inc ecx |
"B" + # add [edx], al |
"kM" + # imul eax, [eax], 10 * |
"A" + # add [edx], al |
"G" + # inc edi |
"B" + # add [edx], al |
"9" + # cmp [eax], eax |
"u" + # jnz ------------------
"4JB"
return decoder
end
end end end end