Tuesday, May 30, 2023

Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu



In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204


target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204



In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.


Let's see the stack in this moment:


The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.


SCEMU also identify all the Linux  syscalls for 32bits shellcodes:



The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:


We can see where is connecting and which headers is using, so right now we can replicate the communications.



In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.


target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j


target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l


The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi


target/release/scemu -f shellcodes/shikata.bin --reg esi 


In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs





Related news

  1. How To Make Hacking Tools
  2. New Hack Tools
  3. Pentest Tools Subdomain
  4. Hack Tools For Games
  5. Hacking Tools For Pc
  6. Nsa Hack Tools
  7. Pentest Tools Kali Linux
  8. Blackhat Hacker Tools
  9. Hacking Apps
  10. Hacker Tools Windows
  11. Pentest Tools Port Scanner
  12. Hacker Tools Software
  13. Hacking Tools Name
  14. Pentest Tools Open Source
  15. Pentest Tools Open Source
  16. Pentest Tools Kali Linux
  17. How To Make Hacking Tools
  18. Hacking Tools For Kali Linux
  19. Physical Pentest Tools
  20. Hacker Tools For Ios
  21. Pentest Tools Linux
  22. Hacker Tools List
  23. Hacking Tools For Kali Linux
  24. Pentest Tools Open Source
  25. Hacking Tools Hardware
  26. Top Pentest Tools
  27. Black Hat Hacker Tools
  28. Bluetooth Hacking Tools Kali
  29. Hacker Hardware Tools
  30. Hack Tools 2019
  31. Hacking Tools Free Download
  32. Hack Apps
  33. Hack Apps
  34. Hacker Techniques Tools And Incident Handling
  35. What Is Hacking Tools
  36. Github Hacking Tools
  37. Pentest Tools Website Vulnerability
  38. Game Hacking
  39. Underground Hacker Sites
  40. Best Hacking Tools 2019
  41. Hacking Tools Pc
  42. Hacker Tools List
  43. Hacking Tools For Windows Free Download
  44. Game Hacking
  45. Hacker Tools Apk
  46. Pentest Tools For Android
  47. Hack Tools Github
  48. Hacking Apps
  49. Hacking Tools Windows 10
  50. Hacker Tools For Mac
  51. Hack App
  52. Hacker Search Tools
  53. Hack Rom Tools
  54. Hacker Tools Free Download
  55. Pentest Tools Download
  56. Ethical Hacker Tools
  57. Hacking Tools For Mac
  58. Hacking Tools For Windows Free Download
  59. Wifi Hacker Tools For Windows
  60. Tools Used For Hacking
  61. Pentest Tools Kali Linux
  62. Pentest Tools For Windows
  63. Hack Rom Tools
  64. What Are Hacking Tools
  65. Hacking Tools For Games
  66. World No 1 Hacker Software
  67. Pentest Box Tools Download
  68. Hacking Tools For Mac
  69. Hacker Tools Mac
  70. Pentest Tools Linux
  71. Pentest Tools For Ubuntu
  72. Hacker Tools Free Download
  73. Pentest Tools Open Source
  74. Hack Tools For Ubuntu
  75. Hacking Tools Online
  76. Nsa Hack Tools
  77. Hacker Search Tools
  78. Pentest Tools Website Vulnerability
  79. Beginner Hacker Tools
  80. Pentest Tools Port Scanner
  81. Pentest Tools Nmap
  82. Hacker Tools Free Download
  83. Growth Hacker Tools
  84. Hack Tools For Mac
  85. Hacking Tools Pc
  86. Pentest Tools Apk
  87. Hacking Tools Download
  88. Usb Pentest Tools
  89. Easy Hack Tools
  90. Hacking App
  91. Black Hat Hacker Tools
  92. Pentest Tools Find Subdomains
  93. Hack Tools
  94. Best Hacking Tools 2020
  95. Hacks And Tools
  96. Hacking Tools Free Download
  97. Hacking Tools For Windows 7
  98. Hacker Hardware Tools
  99. Ethical Hacker Tools
  100. Tools 4 Hack
  101. Hacker Tools 2019
  102. New Hacker Tools
  103. Hacking Tools Name
  104. Hack Tools For Ubuntu
  105. Nsa Hack Tools
  106. New Hack Tools
  107. Usb Pentest Tools
  108. Hacker Tools Apk
  109. Physical Pentest Tools
  110. Pentest Tools Tcp Port Scanner
  111. Hack Tools For Ubuntu
  112. Pentest Tools Alternative
  113. Pentest Tools Kali Linux
  114. Hacking Tools 2020
  115. Pentest Tools Open Source
  116. Pentest Automation Tools
  117. Hack Tools 2019
  118. Wifi Hacker Tools For Windows
  119. Pentest Tools Find Subdomains
  120. Pentest Tools Alternative
  121. Termux Hacking Tools 2019
  122. Hacker Tools
  123. Hacking Apps
  124. Hack And Tools
  125. Pentest Tools Github
  126. Hack Tools Online
  127. Pentest Tools For Mac
  128. Hacker Tools Apk Download
  129. Hacking Tools For Windows 7
  130. Hacking App
  131. Hacker Tools Windows
  132. What Is Hacking Tools
  133. Usb Pentest Tools
  134. Hacking Tools And Software
  135. Wifi Hacker Tools For Windows
  136. Hacker Tools Free
  137. New Hacker Tools
  138. Pentest Tools Apk
  139. Hacking Tools For Mac
  140. Hack Tools For Ubuntu
  141. What Are Hacking Tools
  142. Pentest Tools For Mac
  143. Pentest Tools Review
  144. Hacking Tools Name
  145. Hacking Tools For Beginners
  146. Hacker Tools 2020
  147. Pentest Tools Linux
  148. Pentest Tools For Android
  149. Hacker Tools Software
  150. Pentest Tools Open Source
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)