The encrypted binary does not work.

[akatheria]

I generated a payload from MERLIN-C2 for Linux amd64 unstripped and used kite shield to encrypt the payload. I get the verbose output and in the end, the tool tells me that the binary could be corrupt. I don't get segfaults but the program exits without printing anything.

[Steps to Reproduce]

1. Clone merlin-agent repository. https://github.com/Ne0nd0g/merlin-agent

2. Run the following command to generate a non stripped version of the payload.

   export GOOS=linux;export GOARCH=amd64;export GOARM=7;go build -trimpath -ldflags '-X "main.build=890d80f1e940c46a915e6a2d8abfd97b6655c78c" -X "github.com/Ne0nd0g/merlin-agent/agent.build=890d80f1e940c46a915e6a2d8abfd97b6655c78c" -X "main.protocol=h2" -X "main.url=https://127.0.0.1:443" -X "main.host=" -X "main.psk=merlin" -X "main.sleep=30s" -X "main.proxy=" -X "main.useragent=Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36" -X "main.headers=" -X "main.skew=3000" -X "main.padding=4096" -X "main.killdate=0" -X "main.maxretry=7" -X "main.parrot=" -buildid=' -gcflags=all=-trimpath= -asmflags=all=-trimpath= -o bin/v1.6.0/890d80f1e940c46a915e6a2d8abfd97b6655c78c/merlinAgent-Linux-amd-unstripped ./main.go

3. After that copy the binary to the kiteshield folder.

4. Run kite shield to see the following output -

   ./packer/kiteshield merlinAgent-Linux-amd-unstripped encryted-payload

   

5. Now when I execute the program I don't see any output-

   

6. The output before encryption -

   

Let me know how can I debug it. Also if I have an ARM64 binary can I encrypt that to get an ARM64 output encrypted binary?

Thanks.

[sheckandar]

Same here.

Tested on 3 different ELF files and none worked.

Without -n, I get this error: Bus error (core dumped)

Without -n, the prog just exits or hangs indefinitely.

using RedHat 8.10