Awesome
Furikuri
Furikuri is protection framework what targeting on shellcode and executable files
Supported x32 and x64 archs
Obfuscation techniques
Instruction mutation
Mutation of original instruction into series of other equivalent instructions
example:
mov rcx, rax
mov rdx, [rsp + 38h]
call SomeFunc
becomes to :
mov rdx, rax
mov rcx, [rsp + 38h]
push rcx
mov rcx, rdx
pop rdx
call SomeFunc
Junk generation
Inserting assembler instructions with out any payload between "original" instructions
example:
mov rcx, rax
mov rdx, [rsp + 38h]
call SomeFunc
becomes to :
mov rdx, rdx
mov rdx, r8
mov rcx, rax
push r8
mov r8, 12345678h
pop r8
mov rdx, [rsp + 38h]
call SomeFunc
Spaghetti code
Dividing original basic block of code on several but more smaller, through insertion jmp
in middle of block to start of second of "new" block
example:
mov r10, [rax+20h]
mov eax, [rsp+98h]
mov [rsp+40h], eax
mov rax, [rsp+90h]
mov [rsp+38h], rax
mov eax, [rsp+88h]
mov [rsp+30h], eax
mov rax, [rsp+80h]
mov [rsp+28h], rax
mov [rsp+20h], r9d
becomes to :
mov r10, [rax+20h]
mov eax, [rsp+98h]
mov [rsp+40h], eax
mov rax, [rsp+90h]
mov [rsp+38h], rax
jmp l1:
...
...
...
l1 :
mov eax, [rsp+88h]
mov [rsp+30h], eax
mov rax, [rsp+80h]
mov [rsp+28h], rax
mov [rsp+20h], r9d
Bytecode obfuscation
Changes bytecode of instruction to another bytecode
example:
48 8B CA mov rcx,rdx
becomes to :
48 89 D1 mov rcx,rdx
Examples
shellcode obfuscation<br> executable obfuscation
Compile
-
Windows
-
Requirements
- Git Bush
- Visual Studio 2019 (for now, but u can change runtime version and compile in on below versions)
-
Clone repo and initialize submodules
git clone https://github.com/jnastarot/furikuri.git cd furikuri git submodule update --init
-
Open
furikuri.sln
and build it in Visual Studio
-
-
Linux
TODO