search

cryptolok / MorphAES

IDPS & SandBox & AntiVirus STEALTH KILLER. MorphAES is the world's first polymorphic shellcode engine, with metamorphic properties and capability to bypass sandboxes, which makes it undetectable for an IDPS, it's cross-platform as well and library-independent.
MIT License
310 stars 114 forks source link

Morpher ARM support #3

Open Bry-fi opened 7 years ago

Bry-fi commented 7 years ago

as AES.s -o AES.O AES.s: Assembler messages: AES.s:16: Error: bad instruction callq read' AES.s:17: Error: bad instructionmovaps %xmm0,%xmm5' AES.s:18: Error: bad instruction pxor %xmm2,%xmm2' AES.s:19: Error: bad instructionaeskeygenassist $1,%xmm0,%xmm1' AES.s:20: Error: bad instruction callq scheduling' AES.s:21: Error: bad instructionmovaps %xmm0,%xmm6' AES.s:23: Error: bad instruction aeskeygenassist $2,%xmm0,%xmm1' AES.s:24: Error: bad instructioncallq scheduling' AES.s:25: Error: bad instruction movaps %xmm0,%xmm7' AES.s:26: Error: bad instructionaeskeygenassist $8,%xmm0,%xmm1' AES.s:27: Error: bad instruction callq scheduling' AES.s:28: Error: bad instructionmovaps %xmm0,%xmm9' AES.s:29: Error: bad instruction aeskeygenassist $16,%xmm0,%xmm1' AES.s:30: Error: bad instructioncallq scheduling' AES.s:31: Error: bad instruction movaps %xmm0,%xmm10' AES.s:33: Error: bad instructionaeskeygenassist $64,%xmm0,%xmm1' AES.s:34: Error: bad instruction callq scheduling' AES.s:35: Error: bad instructionmovaps %xmm0,%xmm12' AES.s:36: Error: bad instruction aeskeygenassist $128,%xmm0,%xmm1' AES.s:37: Error: bad instructioncallq scheduling' AES.s:38: Error: bad instruction movaps %xmm0,%xmm13' AES.s:39: Error: bad instructionaeskeygenassist $27,%xmm0,%xmm1' AES.s:40: Error: bad instruction callq scheduling' AES.s:41: Error: bad instructionmovaps %xmm0,%xmm14' AES.s:42: Error: bad instruction aeskeygenassist $54,%xmm0,%xmm1' AES.s:43: Error: bad instructioncallq scheduling' AES.s:44: Error: bad instruction movaps %xmm0,%xmm15' AES.s:47: Error: bad instructioncallq read' AES.s:48: Error: ARM register expected -- cmp $16,%rax' AES.s:49: Error: bad instructionjl exit' AES.s:50: Error: bad instruction pxor %xmm5,%xmm0' AES.s:51: Error: bad instructionaesenc %xmm6,%xmm0' AES.s:52: Error: bad instruction aesenc %xmm7,%xmm0' AES.s:54: Error: bad instructionaesenc %xmm9,%xmm0' AES.s:55: Error: bad instruction aesenc %xmm10,%xmm0' AES.s:57: Error: bad instructionaesenc %xmm12,%xmm0' AES.s:58: Error: bad instruction aesenc %xmm13,%xmm0' AES.s:59: Error: bad instructionaesenc %xmm14,%xmm0' AES.s:60: Error: bad instruction aesenclast %xmm15,%xmm0' AES.s:61: Error: bad instructioncallq write' AES.s:62: Error: bad instruction jmp crypt' AES.s:66: Error: ARM register expected --mov $0x0,%rax' AES.s:67: Error: ARM register expected -- mov $0x0,%rdi' AES.s:68: Error: ARM register expected --mov $buffer,%rsi' AES.s:69: Error: ARM register expected -- mov $16,%rdx' AES.s:70: Error: bad instructionsyscall ' AES.s:71: Error: bad instruction movaps buffer,%xmm0' AES.s:72: Error: bad instructionretq ' AES.s:76: Error: bad instruction movaps %xmm0,buffer' AES.s:77: Error: ARM register expected --mov $0x1,%rax' AES.s:78: Error: ARM register expected -- mov $0x1,%rdi' AES.s:79: Error: ARM register expected --mov $buffer,%rsi' AES.s:80: Error: ARM register expected -- mov $16,%rdx' AES.s:81: Error: bad instructionsyscall ' AES.s:82: Error: bad instruction retq ' AES.s:85: Error: ARM register expected --mov $0x3c,%rax' AES.s:86: Error: ARM register expected -- mov $0x0,%rdi' AES.s:87: Error: bad instructionsyscall ' AES.s:90: Error: bad instruction pshufd $0b11111111,%xmm1,%xmm1' AES.s:91: Error: bad instructionshufps $0b00010000,%xmm0,%xmm2' AES.s:92: Error: bad instruction pxor %xmm2,%xmm0' AES.s:93: Error: bad instructionshufps $0b10001100,%xmm0,%xmm2' AES.s:94: Error: bad instruction pxor %xmm2,%xmm0' AES.s:95: Error: bad instructionpxor %xmm1,%xmm0' AES.s:96: Error: bad instruction `retq'

cryptolok commented 7 years ago

What's your CPU ? lscpu try as --64 AES.s -o AES.O

Bry-fi commented 7 years ago

Arm7 processor on nethunter

cryptolok commented 7 years ago

Well, as I stated in the description, the assembly code will function on Inte x64 with AES-NI support only, regardless the fact that the morpher itself is written in pyhton, since I use a custom AES implementation in x64 assembly. For more details you can see the issue number 1. So, unfortunately, you will not be able to use it on ARM... Such possibility will require recoding my implementation on ARM assembly and there are 2 possibilities:

  1. Use AES-NI on ARM - some Allwinner and Broardcom processors suport that, but not only the support is limited and not officially claimed, it's poorly documented and not wide spread as well

  2. Completely recode AES for ARM - a very time consuming task, especially considering that the shellcode target has to support AES-NI anyway

I will, nonetheless consider it as a future improvement, despite the fact that it can open the door for ARM shellcoding, it would be quit unrealistic, but perhaps someday I will do it, perhaps with a help of someone :)

I will update the README in any case

Thanks for your contribution :)