[ExpDev] Custom Go Crypter

bigb0ss
3 min readApr 27, 2021

What is Crypter?

A crypter is a software that can encrypt, obfuscate and manipulate malware or a RAT (Remote Access Tool) tool to potentially bypass security products such as anti-viruses.

Encryption Process

For creating a simple crpyter, I will be using the following process:

  • Generate a key with random characters & seed (32 characters hard-coded as of now)
  • AES Encrypt #1 — Initialize the state array with the block data using the key
  • AES Encrypt #2 — Generate IV (Initialization Vector) using block size + length of shellcode
  • AES Encrypt #3 — Run the encryption process using the block and IV
  • Base64 encode the results

Decryption Process

  • Base64 decode the results
  • AES Decrypt #1 — Initialize the state array with the block data using the key
  • AES Decrypt #2 — Check if length IV is equal to the block size
  • AES Decrypt #3 — Run the decryption process using the block and IV
  • Return the decrypted string

I chose Go programming language to create the crypter.

Generate Key Code

// Random Key Generator (128 bit)var chars = []rune("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")func randKeyGen(n int) string {
charSet := make([]rune, n)
for i := range charSet {
charSet[i] = chars[math.Intn(len(chars))]
}
return string(charSet)
}

Encryption Code

// Encrypt: Original Text --> Add IV --> Encrypt with Key --> Base64 Encodefunc Encrypt(key []byte, text []byte) string {
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
// Creating IV
cipher-text := make([]byte, aes.BlockSize+len(text))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
// Encrpytion Process
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], text)
bigb0ss

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security