The seventh and final assignment of the SLAE64 exam states:
- Create a custom crypto like the one shown in the “crypters” video
- Free to use any existing encryption schema
- Can use any programming language
Initially I wanted to use the Tiny Encryption Algorithm but decided against it and instead chose the ChaCha20 stream cipher. The reason is that while TEA is an interesting exercise is simplicity, ChaCha20 is much more relevant today.
For this assignment I chose to use Python and the PyCryptodome library and added the code to the
compile.py I wrote earlier in the course in the new
Note, if you get the following error when running the code:
Traceback (most recent call last): File "compile.py", line 24, in <module> from Crypto.Cipher import ChaCha20 ImportError: cannot import name 'ChaCha20'
You may want to use the provided
requirements.txt in a virtualenv as your distribution’s pycrypto is not pycryptodome and lacks support for ChaCha20.
The way this crypter works is it takes a NASM source file, e.g.
Execve.nasm and uses the original
Compiler class to get the bytecode. It then generates a random key and encrypts the bytecode before writing it to
[*] Switching to crypter mode [*] Assembling Execve.nasm [*] Linking Execve.o [*] Extracting and analyzing byte code [+] No NULL bytes found [*] Shellcode length: 32 [*] Generated key (base64 encoded): h0Wm2K8eN33TQ96pR5i4ZB1pgKwSNuQSckKd1gA6cok= [*] Nonce (base64 encoded): +nFn9N8cmbs= [*] Saved encrypted bytecode to Execve.enc
In order to decrypt
Execve.enc one needs the key and nonce which are displayed during encryption. It then re-uses the C shellcode wrapper to insert the decrypted bytecode and compiles it to
[*] Switching to crypter mode [*] Compiling shellcode-Execve.enc.c [*] Decrypted shellcode compiled to Execve.bin
Simple and straightforward!
I also added an
--autorun flag which will directly execute the new shellcode too:
[*] Switching to crypter mode [*] Compiling shellcode-Execve.enc.c [*] Decrypted shellcode compiled to Execve.bin [*] Invoking ./Execve.bin $
I have uploaded the new
compile.py code to jasperla/slae64 on GitHub:
This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification. Student ID: SLAE64-1614