Hugo shared a class he coded up earlier this month which he gave to the group
and while searching for information regarding an idea I came up with about self
decrypting stubs using Crypto++, which I needed for my own project I found his
thread. I was actually able to code up a little function which I added to the
class to load keys using
CryptoPP::ArraySource as opposed to LoadFile. For my project I needed to be
able to generate stubs on the fly which would handle all of the decryption. I'm
also currently writing up some code that will actually add two extra layers of
protection to both keys inside the executable to avoid reverse code engineering
from dumping keys in memory We simply store our keys in the stub.
If we add stub + *.enc file to SFX we can have our stub do all the work for us.
:)
I would suggest to anyone storing keys inside a binary to compress the
executable using something other than UPX or ASPack. ;-) keys get gen all the
time so it's best to use something with tons of instructions for
anti-debugging, strip TLS, exports, and CRC protection and aPlib for
compression.
Dillon's code reading from CryptoPP::ArraySource as opposed to
CryptoPP::FileSource
void stubClass::LoadKey(const char *bufferPub, const char *bufferPri) {
CryptoPP::ArraySource(bufferPub, true,
new CryptoPP::StringSink(pubString));
CryptoPP::ArraySource(bufferPri, true,
new CryptoPP::StringSink(priString));
}
Hugo's class using CryptoPP::FileSource
/*
void stubClass::LoadKey(const char *pubFilename, const char *privFilename) {
CryptoPP::FileSource (pubFilename, true,
new CryptoPP::StringSink(pubString));
CryptoPP::FileSource (privFilename, true,
new CryptoPP::StringSink(priString));
}
*/
We can store our keys in bufferPub and bufferPri and call this from the main()
in our stub.
const char bufferPri[]="308..."
const char bufferPub[]="308..."
int main() {
char EFile[]="dob.enc";
char DFile[]="dec.exe";
stubClass stubDecrypt;
// grab our keys from memory.
stubDecrypt.LoadKey(bufferPub,bufferPri);
// decrypt our file
stubDecrypt.AES_CTR_Decrypt(EFile, DFile);
return 0;
}
thanks Hugo!
linked back to the original thread where Hugo posted his class.
http://groups.google.com/group/cryptopp-users/browse_thread/thread/4882c26abf0d95ff/2984401e5f57954c?lnk=gst&q=AES+encrypt+file#2984401e5f57954c
regards,
Dillon Beresford
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [email protected].
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
#include <iostream>
#include <windows.h>
#include "cryptinc.h"
#include "stubClass.h"
using namespace std;
using namespace CryptoPP;
const char bufferPri[]=
"308204BA020100300D06092A864886F70D01010105000"
"48204A4308204A00201000282010100D9C23A52468C90" "AB408F4A518EB321E97590A3135552D3B29E1DB091F09" "A98412CE0F2CD35700B2EB077A7A3AD7F1A2051648BE7" "3F3BAD254C840F5403D19410C11F7F5C44C87322041D0"
"A71DEDCA0DB5BDF4C2D3AA517B22D3E336CFEBFCB6773"
"F9E850B285235077791FB15E765984F28F4DF67BFE44F"
"8AC05173BD73A63B15A6D92D845658414374C00310929"
"E64B145D172140AD5EDBE67D420E0E2E9A69641C5B0F9"
"209F62B6BBE39BEFFF7F576A6FAF82BB714847F5E0162"
"93D7F00B7588A88F0FF889DF3492504469798F1F7AFF9"
"875D162DF8A0CE09D9FFB10B68AD770CE925BFB10635C"
"9202626867F6D5D28CBBD36743E17C1B8DF47A383B25E"
"C87020111028201002005F98491E77EAFC5BAB81B0D74"
"B229DC9545287D7D1F21CBF54EAC0CCB70BE4A5D50E1F"
"1452ED22902899811FC1A6E2A1650CF2EF2300D03B911"
"501EADE11185CFED15192C8966E27CBDC57398EA7A9C9"
"1C7701027564EE88925AE25768EDA81FF1AA2749B1BC8"
"1191CFF46FC61C3932BAB8A43F692842AFE2A188CCD3E"
"17BB11FF292E059A196DDF308FD7B852566E3133CB721"
"933BA1555E66D664DD954EADEF689AE32DBB05F156638"
"3DD0AFD35A8969A90D921AD0636715C323DA6B4286B98"
"869E5B3A59A4C3161218661E0C3E6DB874ECCA4AE5E6C"
"611311F61E875F8E99929FA5069BA15E74692C8110359"
"F2334057A5C4B3595DAE24754A1536AE5D02818100DD7"
"98956B1C7B78DC9A1EDFCF343A161E4179420D0CFF16E"
"72D928B4D94E0ED205831313F3A48332DF9FBDF00B936"
"9289FDA294A9FF39C15C70B454C946C238C73BF78D4E8"
"982DCDCD3FB85065C56D6D7D6E45C68F1A5473E62B4AA"
"2CA7ED088E6FD0DD61B3969639D2ACE9205E886AA1879"
"FCA469EFB567E2921F24CEBA7C1D02818100FBB464CE0"
"46F81B7BB9BD5120129ACFA5B5C4C898B8DD7F12F222A"
"DA86FDC780597080AB2F2E7B36896CA3E7E219D27ABFE"
"D80A1B908B63F57F343F1A049853C9FA8B6063D31B639"
"967A77732A3091FE9810AE8D742E4D77B797074FAC716"
"4E522266712F03B3BCA69C47A85EE5DEB864AF2B5F539"
"FB009D0B373D820F5E01F302818027157296D4142F735"
"FD1481D94573A98CDE60B14D98E1B8BF626527A44772F"
"CAB5ADB8129468536354A3B81B4D563FBBDFF95294B2D"
"0A312E6E3DF0D839A9CDC8CE58DCB381ADAE815295CC2"
"E4C87CB8F80466AA91B95A329207A3C25FF842EAFB961"
"18022EC038A0CAD33832E3817C3A9F768D1B8577A5DA0"
"74239D156C34050281801D9CC090B53A4B7F0703463E5"
"A7D5FA4FBB0817997F291E023A9AAB04C1DDB3C46C1F1"
"05149C0E7EE2FDB8EE1A99A04AAD2B001306B5BB1682D"
"153499A63009DB86E3388436F429D5CFF5958D7C97A96"
"6C3E32A73AD8455960E49772C8FE481AF4F57589C1E8D"
"9DB93F8FF5B0CFBFD97541C8DE09D68D2E54C9D164B89"
"565A9502818060AE73B5473D4B9B1723E98814066DD9B"
"6FE885823A4E6CE34C4CD0E5E8994B6AFAD930C11740E"
"32F254BBAD1B8F20EC8F6559316DB963048DE79DD990D"
"F8C78E04797BE186EB6F9427E5818C5AD802952848F3F"
"394B36DFBCEBD7D8D39FA362BC06A81F2B106BAEBFDAE"
"8938BE5072FD05A8D694AC270E20BF8527CCD71EBCC";
const char bufferPub[]=
"30820120300D06092A864886F70D01010105000382010"
"D00308201080282010100D9C23A52468C90AB408F4A51"
"8EB321E97590A3135552D3B29E1DB091F09A98412CE0F"
"2CD35700B2EB077A7A3AD7F1A2051648BE73F3BAD254C"
"840F5403D19410C11F7F5C44C87322041D0A71DEDCA0D"
"B5BDF4C2D3AA517B22D3E336CFEBFCB6773F9E850B285"
"235077791FB15E765984F28F4DF67BFE44F8AC05173BD"
"73A63B15A6D92D845658414374C00310929E64B145D17"
"2140AD5EDBE67D420E0E2E9A69641C5B0F9209F62B6BB"
"E39BEFFF7F576A6FAF82BB714847F5E016293D7F00B75"
"88A88F0FF889DF3492504469798F1F7AFF9875D162DF8"
"A0CE09D9FFB10B68AD770CE925BFB10635C9202626867"
"F6D5D28CBBD36743E17C1B8DF47A383B25EC87020111";
int main() {
char EFile[]="dob.enc";
char DFile[]="dec.exe";
stubClass stubDecrypt;
stubDecrypt.LoadKey(bufferPub,bufferPri);
stubDecrypt.AES_CTR_Decrypt(EFile, DFile);
return 0;
}
#include "stubClass.h"
#include "cryptinc.h"
using namespace std;
string stubClass::RSADecryptString(const char *ciphertext) {
CryptoPP::StringSource privStr(priString, true, new
CryptoPP::HexDecoder);
CryptoPP::RSAES_OAEP_SHA_Decryptor priv(privStr);
CryptoPP::AutoSeededX917RNG<CryptoPP::DES_EDE3> rng;
string result;
CryptoPP::StringSource(ciphertext, true,
new CryptoPP::HexDecoder(
new CryptoPP::PK_DecryptorFilter(rng, priv,
new CryptoPP::StringSink(result))));
return result;
}
void stubClass::LoadKey(const char *bufferPub, const char *bufferPri) {
CryptoPP::ArraySource(bufferPub, true,
new CryptoPP::StringSink(pubString));
CryptoPP::ArraySource(bufferPri, true,
new CryptoPP::StringSink(priString));
}
/*
void stubClass::LoadKey(const char *pubFilename, const char *privFilename) {
CryptoPP::FileSource (pubFilename, true,
new CryptoPP::StringSink(pubString));
CryptoPP::FileSource (privFilename, true,
new CryptoPP::StringSink(priString));
}
*/
void stubClass::AES_CTR_Decrypt(const char *infile, const char *outfile)
{
try
{
ifstream file( infile, ios::binary );
byte keyAES[ CryptoPP::AES::MAX_KEYLENGTH ];
byte ivAES[ CryptoPP::AES::BLOCKSIZE ];
char Key[512];
file.read(Key,512);
CryptoPP::StringSource privStr(priString, true,
new CryptoPP::HexDecoder);
CryptoPP::RSAES_OAEP_SHA_Decryptor priv(privStr);
CryptoPP::AutoSeededX917RNG<CryptoPP::DES_EDE3> rng;
string AesKeyUnCrypt;
CryptoPP::StringSource(Key, true,
new CryptoPP::HexDecoder(
new CryptoPP::PK_DecryptorFilter(rng, priv,
new CryptoPP::StringSink(AesKeyUnCrypt))));
memcpy(keyAES,AesKeyUnCrypt.data(),CryptoPP::AES::MAX_KEYLENGTH);
memcpy(ivAES,AesKeyUnCrypt.data()+ CryptoPP::AES::MAX_KEYLENGTH, CryptoPP::AES::BLOCKSIZE);
CryptoPP::AES::Decryption aesDecryption( keyAES, CryptoPP::AES::MAX_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcDecryption( aesDecryption, ivAES );
CryptoPP::FileSource(file, true,
new CryptoPP::StreamTransformationFilter(cbcDecryption,
new CryptoPP::FileSink(outfile)));
}
catch(CryptoPP::Exception &e)
{
std::cout << "CryptoPP::Exception caught: " << e.what() << endl;
}
}
#pragma once
#include <iostream>
#include "cryptinc.h"
using std::string;
class stubClass
{
public:
stubClass(void)
{
}
virtual ~stubClass(void)
{
}
void LoadKey(const char *pubFilename, const char *privFilename);
string RSADecryptString(const char *ciphertext);
void AES_CTR_Decrypt(const char *infile, const char *outfile);
private:
string priString;
string pubString;
};
