11#include <stdio.h>
2+ #include <time.h>
23#include <unistd.h>
34#include <stdlib.h>
45#include <sys/syscall.h>
@@ -17,14 +18,20 @@ static inline int memfd_create(const char *name, unsigned int flags) {
1718 * for this program to mask its intentions a little bit.
1819 */
1920int main (int argc , char * argv [], char * envp []) {
21+ int i ;
2022 int fd ;
2123 int in ;
2224 size_t offset ;
2325 size_t filesize ;
2426 unsigned char * key ;
2527 void * program ;
28+ char characters [] = \
29+ "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890" ;
2630
2731
32+ /* Seed RNG */
33+ srand (time (NULL ));
34+
2835 /* Calculate size of the stub + encrypted ELF */
2936 filesize = get_file_size (argv [0 ]);
3037
@@ -53,6 +60,10 @@ int main(int argc, char *argv[], char *envp[]) {
5360 if (rc4 (program , filesize - offset , key ) == 1 )
5461 return EXIT_FAILURE ;
5562
63+ /* Overwrite key with random shit to hide its true contents. */
64+ for (; * key ; key ++ )
65+ * key = characters [rand () % sizeof (characters ) - 1 ];
66+
5667 /* Some operating systems may not supply this function. This has only
5768 * been tested on modern Linux distributions (as of 2018). Alternatively,
5869 * you can modify this to utilize a temporary file or shm_open(). We use the
@@ -62,12 +73,18 @@ int main(int argc, char *argv[], char *envp[]) {
6273 if (fd == -1 )
6374 return EXIT_FAILURE ;
6475
76+ /* Write decrypted program data to memory file descriptor */
6577 if (write (fd , program , filesize - offset ) != filesize - offset )
6678 return EXIT_FAILURE ;
6779
68- /* Attempt to execute decrypted ELF which is stored in memory. */
69- close (in );
80+ /* Overwrite decrypted program with randomness before unmapping it.*/
81+ for (i = 0 ; i < filesize - offset ; i ++ , program ++ )
82+ * ((char * )program ) = rand () % 0xff ;
83+
7084 munmap (program , filesize );
85+ close (in );
86+
87+ /* Attempt to execute decrypted ELF which is stored in memory fd. */
7188 fexecve (fd , argv , envp );
7289 close (fd );
7390
0 commit comments