Closed ghost closed 2 years ago
hfiref0x
commented
2 years ago Why does it still build if these are empty
It builds because files are present on disk. Resource compiler doesn't check what they are. Empty files mean - every method that uses them will fail to execute. Methods that does not rely on these dlls will still work.
ghost
commented
2 years ago Thank you for your answer. Do you see any issues with the way I've compiled the project?
hfiref0x
commented
2 years ago You don't need any *.key files inside Akagi\Bin, they are used by naka to generate you secrets32/64 files and no longer needed after that.
ghost
commented
2 years ago Gotcha, but overall am I correct in assuming that following the steps I took this should build a fully working UACME?
hfiref0x
commented
2 years ago Yes.
ghost
commented
2 years ago Yes.
thank you 👍 Curious a few general Qs:
hfiref0x
commented
2 years ago It is not for av evasion. It is intentional complication of compilation process to make sure people who will do this understand what they do and not just copy-paste with their own copyrights like some Chinese haxor did in 2015 with his "bypassuac". Additionally it serves like an "idiot protection" from these who use modules from uacme for their own malware which then described by some wannabe security trash as "APT", e.g. Cymmetria with their fake APT campaing called "patchwork". No other reasons behind this.
ghost
commented
2 years ago It is not for av evasion. It is intentional complication of compilation process to make sure people who will do this understand what they do and not just copy-paste with their own copyrights like some Chinese haxor did in 2015 with his "bypassuac". Additionally it serves like an "idiot protection" from these who use modules from uacme for their own malware which then described by some wannabe security trash as "APT", e.g. Cymmetria with their fake APT campaing called "patchwork". No other reasons behind this.
Fair enough 👍
hfiref0x
commented
2 years ago There is no verbose output, in fact there is almost no output entirely in program or it components. Normally when main executable exits it should return 0 and other value in case of error.
All methods accept parameter to execute.
ghost
commented
2 years ago Gotcha, am I correct in saying there is no way to really test if the payloads are correctly compiled into Akagi? (fails silently) How would you recommend I check that the payloads are correctly in there or is the only way to check to just run the binary/method on test machine and if it doesn't do anything assume it was a compilation error.
hfiref0x
commented
2 years ago You have to rewrite the part of akagi where it executes ucmMain, so when process terminates it will return result which you later can query through GetExitCodeProcess. The value you want to check is STATUS_DATA_ERROR. Currently akagi executes it real entry point through various manipulations with indirect calls in Stub.c because of previous WD annoyance. Normally main should only call ExitProcess(ucmMain(with defaulted parameters)).
ghost
commented
2 years ago Thank you 👍 And great tool!
I have compiled Akagi after generating the .cd/.key files but wanted to check I built it correctly. As I noticed when compiling the whole project (uacme.sln) with empty .key/.cd files it still builds. SIDENOTE: Why does it still build if these are empty?
Some methods were working but some weren't so wanted to sanity check if I messed up the build.
These are the steps I took to compile:
.\Naka64.exe C:\...\UACME-master\Source\Fubuki\output\Win32\Release\Fubuki32.dllI did this for the following files:
Then ran
Naka64.exe --stableresulting in the below: