DIG DEEPER TO FIND WATER & NOT WIDER -P.M.PATEL

Sunday, January 28, 2024

Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu



In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204


target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204



In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.


Let's see the stack in this moment:


The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.


SCEMU also identify all the Linux  syscalls for 32bits shellcodes:



The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:


We can see where is connecting and which headers is using, so right now we can replicate the communications.



In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.


target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j


target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l


The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi


target/release/scemu -f shellcodes/shikata.bin --reg esi 


In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs





Related posts


  1. Hacker Tools List
  2. Hack Tools Mac
  3. Hacking Tools Name
  4. Hacker Tools Mac
  5. Bluetooth Hacking Tools Kali
  6. Hack Tools For Ubuntu
  7. Hack Website Online Tool
  8. Pentest Tools Website
  9. Ethical Hacker Tools
  10. What Is Hacking Tools
  11. Black Hat Hacker Tools
  12. Hack Tools Online
  13. Tools For Hacker
  14. Hacker Tools Mac
  15. Hack Tool Apk
  16. Pentest Tools Find Subdomains
  17. Blackhat Hacker Tools
  18. Hack Tools Mac
  19. Hacker Tools Hardware
  20. Usb Pentest Tools
  21. Hacking Tools Usb
  22. Hacker Hardware Tools
  23. Pentest Automation Tools
  24. Pentest Tools Find Subdomains
  25. Hacking Tools Name
  26. Pentest Tools Website
  27. Hacker Search Tools
  28. Hack Tool Apk
  29. Pentest Tools For Ubuntu
  30. Hacker Tools Github
  31. Best Hacking Tools 2020
  32. Nsa Hack Tools
  33. Hack Tools Download
  34. Hacking Tools Windows
  35. Pentest Tools Port Scanner
  36. Hack Tools Mac
  37. Pentest Tools For Ubuntu
  38. New Hacker Tools
  39. Hacker Tools Linux
  40. New Hacker Tools
  41. Top Pentest Tools
  42. Hacking Tools For Windows
  43. Hacker Tools 2020
  44. Nsa Hack Tools Download
  45. Physical Pentest Tools
  46. How To Hack
  47. Hack Tools For Ubuntu
  48. Hacker Tools
  49. Hacking Tools Free Download
  50. What Is Hacking Tools
  51. Hacker Tools Windows
  52. How To Install Pentest Tools In Ubuntu
  53. Hacker Tools 2019
  54. Hacking Tools Kit
  55. Pentest Automation Tools
  56. Hacker Tools Free Download
  57. Pentest Recon Tools
  58. Pentest Tools Android
  59. Kik Hack Tools
  60. Best Pentesting Tools 2018
  61. Hacking Tools Github
  62. Underground Hacker Sites
  63. Hack Tool Apk No Root
  64. Usb Pentest Tools
  65. Pentest Reporting Tools
  66. Hacker Tools Github
  67. Underground Hacker Sites
  68. Hack Apps
  69. Nsa Hack Tools
  70. Physical Pentest Tools
  71. Hak5 Tools
  72. Game Hacking
  73. Hack Tools For Pc
  74. Easy Hack Tools
  75. Wifi Hacker Tools For Windows
  76. Hacks And Tools
  77. Pentest Tools Apk
  78. Wifi Hacker Tools For Windows
  79. Hacker Tools Mac
  80. Install Pentest Tools Ubuntu
  81. Tools 4 Hack
  82. Hacker Tools For Ios
  83. Hacking Tools 2019
  84. Game Hacking
  85. Beginner Hacker Tools
  86. Hacking Tools Online
  87. Pentest Tools Port Scanner
  88. Growth Hacker Tools
  89. How To Make Hacking Tools
  90. Pentest Tools Open Source
  91. Wifi Hacker Tools For Windows
  92. Hacker Tools Linux
  93. Pentest Tools Free
  94. Pentest Tools Review
  95. Best Hacking Tools 2019
  96. Hacker Search Tools
  97. Hacking App
  98. Kik Hack Tools
  99. Beginner Hacker Tools
  100. Pentest Tools Subdomain
  101. Hacker Tools For Pc
  102. Hacker Tools For Pc
  103. What Is Hacking Tools
  104. How To Make Hacking Tools
  105. Computer Hacker
  106. Hacking Tools Pc
  107. Hacker Tools Free Download
  108. Hack Tools For Mac
  109. Hacking Tools 2019
  110. Hack Tools For Pc
  111. Hak5 Tools
  112. Hacker
  113. Hacking Tools For Windows 7
  114. Hacking Tools Github
  115. Hacker Tools For Windows
  116. Pentest Tools Find Subdomains
  117. Termux Hacking Tools 2019
  118. Hacker Tools Github
  119. Hacking Tools Name
  120. Pentest Recon Tools
  121. Hack Website Online Tool
  122. Hacker Tools Hardware
  123. Tools Used For Hacking
  124. Pentest Tools List
  125. Pentest Tools Linux
  126. Pentest Tools Tcp Port Scanner
  127. Hacking Tools Github
  128. Top Pentest Tools
  129. Hacker Tools 2019
  130. Blackhat Hacker Tools
  131. Hacker Tools Free
  132. Hacking Tools Windows
  133. Install Pentest Tools Ubuntu
  134. Pentest Tools List
  135. Hacker Tools
  136. Hacking Tools For Windows
  137. Hacking App
  138. Usb Pentest Tools
  139. Hack Rom Tools
  140. Hacker Tools 2020
  141. Best Hacking Tools 2019
  142. Hacker Tool Kit
  143. What Are Hacking Tools
  144. Hacking Tools For Pc
  145. Termux Hacking Tools 2019
  146. Best Hacking Tools 2019
  147. Hack Apps
  148. Hack Rom Tools
  149. Nsa Hack Tools
  150. Hacking Tools Kit
  151. Pentest Box Tools Download
  152. Pentest Tools Download
  153. Install Pentest Tools Ubuntu
  154. Pentest Tools For Windows
  155. Black Hat Hacker Tools
  156. New Hacker Tools
  157. Pentest Tools Framework
  158. Hacking Tools For Kali Linux
  159. Hack Tools For Mac
  160. Hacking App
  161. Hacker Tools List
  162. Hack And Tools
  163. Tools For Hacker
  164. Hacking Tools For Windows Free Download
  165. Pentest Tools Port Scanner
  166. Hack Tools For Mac
  167. Best Pentesting Tools 2018
  168. Hacking Tools For Kali Linux
  169. Pentest Tools Alternative
  170. Pentest Tools Subdomain
  171. Pentest Tools Online
  172. Hacking Tools Download
  173. Hacking Tools Online
  174. Hack Tools Mac
  175. Hacker Tools 2020
  176. World No 1 Hacker Software
  177. Hacking Tools Online
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)