AES Shellcode Crypter/Decrypter | Linux x86_64

 

Introduction

The Advanced Encryption Standard (AES) is a symmetric block cipher encryption algorithm that uses the same key (also known as secret-key) for encryption and decryption where each cipher encrypts and decrypts data in blocks of 128-bit using cryptographic keys of 128-bit, 192-bit and 256-bit, respectively. AES consist of multiple modes of operation to preform encryption some of which requires random Initialization Vector (IV). In this post we’ll look at shellcode encryption/decryption using AES with 128-bit key and Electronic Codebook (ECB) mode of operation.

Crypter

We will have pycrypto python library do all of the heavy lifting for us. I did add two lambdas one line functions to pad the plaintext and base64 encode the final ciphertext.

Decrypter

The decrypter first base64 decode the ciphertext and then decrypt it to reproduce the original plaintext that is the shellcode. Once the shellcode is restored we will use ctypes python library to execute it.

I’ve created execve() shellcode that spawns /bin/sh to test with.

Let’s test the scripts using the above shellcode.

If you would like to convert the above python scripts to an executable, please refer to my SLAE32 series where I use pyinstaller to preform said conversion.

Closing Thoughts

In this post we learned about AES and how powerful python can be. This post marks the end of my SLAE64 series, I hope you enjoyed it and learned something along the way. All of the above code are available on my github. Feel free to contact me for questions using the comment section below or just tweet me @ihack4falafel .

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification:

http://www.securitytube-training.com/online-courses/x8664-assembly-and-shellcoding-on-linux/index.html

Student ID: SLAE64 – 1579

Leave a Reply

Your email address will not be published. Required fields are marked *