Closed ghost closed 2 years ago
Why does it still build if these are empty
It builds because files are present on disk. Resource compiler doesn't check what they are. Empty files mean - every method that uses them will fail to execute. Methods that does not rely on these dlls will still work.
Thank you for your answer. Do you see any issues with the way I've compiled the project?
You don't need any *.key files inside Akagi\Bin, they are used by naka to generate you secrets32/64 files and no longer needed after that.
Gotcha, but overall am I correct in assuming that following the steps I took this should build a fully working UACME?
Yes.
Yes.
thank you 👍 Curious a few general Qs:
It is not for av evasion. It is intentional complication of compilation process to make sure people who will do this understand what they do and not just copy-paste with their own copyrights like some Chinese haxor did in 2015 with his "bypassuac". Additionally it serves like an "idiot protection" from these who use modules from uacme for their own malware which then described by some wannabe security trash as "APT", e.g. Cymmetria with their fake APT campaing called "patchwork". No other reasons behind this.
It is not for av evasion. It is intentional complication of compilation process to make sure people who will do this understand what they do and not just copy-paste with their own copyrights like some Chinese haxor did in 2015 with his "bypassuac". Additionally it serves like an "idiot protection" from these who use modules from uacme for their own malware which then described by some wannabe security trash as "APT", e.g. Cymmetria with their fake APT campaing called "patchwork". No other reasons behind this.
Fair enough 👍
There is no verbose output, in fact there is almost no output entirely in program or it components. Normally when main executable exits it should return 0 and other value in case of error.
All methods accept parameter to execute.
Gotcha, am I correct in saying there is no way to really test if the payloads are correctly compiled into Akagi? (fails silently) How would you recommend I check that the payloads are correctly in there or is the only way to check to just run the binary/method on test machine and if it doesn't do anything assume it was a compilation error.
You have to rewrite the part of akagi where it executes ucmMain
, so when process terminates it will return result which you later can query through GetExitCodeProcess. The value you want to check is STATUS_DATA_ERROR. Currently akagi executes it real entry point through various manipulations with indirect calls in Stub.c because of previous WD annoyance. Normally main
should only call ExitProcess(ucmMain(with defaulted parameters)).
Thank you 👍 And great tool!
I have compiled Akagi after generating the .cd/.key files but wanted to check I built it correctly. As I noticed when compiling the whole project (uacme.sln) with empty .key/.cd files it still builds. SIDENOTE: Why does it still build if these are empty?
Some methods were working but some weren't so wanted to sanity check if I messed up the build.
These are the steps I took to compile:
.\Naka64.exe C:\...\UACME-master\Source\Fubuki\output\Win32\Release\Fubuki32.dll
I did this for the following files:
Then ran
Naka64.exe --stable
resulting in the below: