{"id":13736236,"url":"https://github.com/droberson/ELFcrypt","last_synced_at":"2025-05-08T12:32:26.635Z","repository":{"id":78461721,"uuid":"95156257","full_name":"droberson/ELFcrypt","owner":"droberson","description":"Simple ELF crypter. Uses RC4 encryption.","archived":false,"fork":false,"pushed_at":"2020-09-10T00:26:54.000Z","size":34,"stargazers_count":93,"open_issues_count":1,"forks_count":25,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-15T04:32:05.644Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/droberson.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-06-22T21:02:06.000Z","updated_at":"2024-11-02T19:10:53.000Z","dependencies_parsed_at":"2023-08-30T07:18:41.244Z","dependency_job_id":null,"html_url":"https://github.com/droberson/ELFcrypt","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/droberson%2FELFcrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/droberson%2FELFcrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/droberson%2FELFcrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/droberson%2FELFcrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/droberson","download_url":"https://codeload.github.com/droberson/ELFcrypt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253068901,"owners_count":21848888,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-03T03:01:17.975Z","updated_at":"2025-05-08T12:32:26.341Z","avatar_url":"https://github.com/droberson.png","language":"C","funding_links":[],"categories":["Tools",":package: Packers"],"sub_categories":["Encryption / Obfuscation","After 2010"],"readme":"# ELFcrypt\n\n```\nMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM\nMMMMMMMMMMMMMMMMMMMMNNNNNNNNNNNNNNNNNNMMMMMMMMMMMMMMMMMMMMMMMMMMMM\nMMMMMMMMMMMMMMNNmdhso///+o++osyyhdmNNNNNNNNNNMMMMMMMMMMMMMMMMMMMMM\nMMMMMMMMMNmmhs/:...`````..........:ohmNNNNNNNNNNNNMMMMMMMMMMMMMMMM\nMMMMMMMNmds:..````````...............:sdmmNNNNNNNNNNNNMMMMMMMMMMMM\nMMMMNNNNm+.`.....````.............------odmmmmNNNNNNNNNNNMMMMMMMMM\nMNNNNNNdo......`````..........-------:---:ymmmmmmmNNNNNNNNNMMMMMMM\nNNNNNNdy.......```.....-------::::::::::--:odmmmmmmmmNNNNNNNNMMMMM\nNNNNNmh:...........---::::::::::::::::::----odmmmmmmmmmmNNNNNNNMMM\nNNNmmdo......-...---:::::::----::::::------.-odddmmmmmmmmNNNNNNNNM\nNmmmms.....----.------:::::::::::::----::--.-:odddddmmmmmmmNNNNNNN\nmmmmd:....---------:-..-------:::--..-oso/::///hdddddmmmmmmmmNNNNN\nmmmmy-..---::---.-++++/:----://++///+oo+oooyhs/sdddddddmmmmmmmNNNN\nmmmdy-.---:///--.:++osyhsosyhyo/::oyhso//ooyhyo+dddddddddmmmmmmmNN\nmmddy.-syysoo+-..:++//+osdhys+:/oooyys+/++::sso+hddddddddddmmmmmmN\nmddds.:ohydhhs:..-/+/:/oyy+/::/dddy/oyss+/+so//ohddddddddddmmmmmmm\nddddy.-:syddhso--::/+osss////+hdyydhossyhddysoo+hddddddddddddmmmmm\nddddh/--/hhsyyhyo/+shyssys+:o+hho+hyosdmmmdysssohdddddddddddddmmmm\ndddddh:-:+sssosyyydmmmmdho::+/+/+sso+oshmmmhysooddddddddddddddmmmm\ndddddh/--/oysyhdhyyhmmdhs+:::---:+--:++shddhyo+sdddddddddddddddmmm\ndddddho/::/oyhdddssyhhhoso::-://+ooshhyoyhhsosyhdddddddddddddddmmm\nddddddyo/::+syyhdsssssysddyssydhhhdmNmdooyysyhddddddddddddddddddmm\nddddddho+///oosyhssssossoooohhsyydhsyy+/ohhyhddddddddddddddddddmmm\ndddddddy+/:/+o+syhhyysoosso+++::+ssosssssyyydddddddddddddddddddmmm\ndddddddh//::/o+o+ydddhssooooos+oyhhhhddh+sshddddddddddddddddddddmm\nddddddhho::::/++/-ydddhyyso++//oyyssyhysoosddddddddddddddddddddmmm\nddddddhhs----://:-+yhhyhddyo+/+ssyydmmddhsdddddddddddddddddddddmmm\ndddddhhy+---.-:-:os/shyydmmmdyhddmmmdhmmssdddddddddddddddddddddmmm\ndddddddh/---.--ohyhy:-/oyhhdmddmmmd+-.sNdosyhhddddddddddddddddmmmm\ndddddddy:+----:hs+hdh+.`..-/shdmmy:..-dNNhhsoooosyhdddddddddddmmmm\ndddddddy:+/---:ss:/yddh+-.---/yds.```./hNNdmmdddyyyhdmNNNmmmmmmmmm\nmdddddds//:-:-:+ys:-+hmdhyso/--+-.--::/omNmmdmNNNdyyyhmmmhhmNNNNNN\nmmddddy+//::+///ohh/.-+omNNNmdsyddmmmmmmNNNNNmdmmdhhddydmyyhNdNNNN\nmmmdyo+++o+++///oymmo..oNNNNNNNmdyysyyhhhNNdhhyssydhddsmsddmdyNNNN\ndhyssyyyhhss+/++symNNy-+mNmNNmds:-----::+mdyyyyyssymmdmNhdNNsyNNNN\nyyyyysyydhhd++osydNNNNd/smmdy/--......--:hmhhyhhysydNNdymNmyyNNNNN\nyyhddhhmNNmhsssyhNNNNNNms//:-..........--oNdhhddddmNNNmdymhhhNNNNN\nhshdNdmNmNhsyohmNNNNNNNNNy...........`..-:mmmmddNNhNmmNNddmNmNNNNm\nssmNNNsNyNsdshmNNNNNNNNNNNo..........``.--yNNNmdNNoNmNNNNNsmNNNNNm\nshydmm+NomymyNddNNNNNNNNNNNo.......-....--sNNNNdNmyhdmdNNNsNNNNNNN\nhhh+mhhyssNNddhsdhNNNNNNNNNNy............-sNNmNmmNNNdshyNNmmddmNNN\n+yhyNdyhyhNNmNyhydmNNNNNNNNNNy-.......`..-/mNNmNdNyNsydmNNNmmmNNNN\nhsNddNdMMNMNmhdmmNdNNNNNNNNNNNs-......``..-yNNNNdmmhoNNNNNmmNNNNNN\n```\n\n## Version 1 Quick Start\n```\n% make\ngcc -Wall -o ELFcrypt ELFcrypt.c\ngcc -Wall -o example example.c\n% ./ELFcrypt example\nELFcrypt by @dmfroberson\n\nCrypting .crypted section of example, outputting to crypted\n\nEnter passphrase: harharhar\nConfirm passphrase: harharhar\n% ./crypted\nEnter passphrase: harharhar\nConfirm passphrase: harharhar\nThis function was crypted\n```\n\nTo use this in future projects, include ELFcrypt.h, add a call to\nELFdecrypt() to main(), and prefix your functions that you'd like to\nprotect with CRYPTED. After this make-believe C program is compiled,\nrun ELFcrypt against it with whatever password you desire and it will\nbe encrypted with RC4. See example.c for more details.\n\nThis also will attempt to read the ELFCRYPT environment variable as\ninput for the password:\n\n```\n% ELFCRYPT=\"harharhar\" ./crypted\nThis function was crypted\n```\n\n## objdump before/after\nBefore:\n```\n% objdump -dj .crypted example \n\nexample: file format elf64-x86-64\n\n\nDisassembly of section .crypted:\n\n0000000000401022 \u003ccrypted_main\u003e:\n 401022:\t55 \tpush %rbp\n 401023:\t48 89 e5 \tmov %rsp,%rbp\n 401026:\t48 83 ec 10 \tsub $0x10,%rsp\n 40102a:\t89 7d fc \tmov %edi,-0x4(%rbp)\n 40102d:\t48 89 75 f0 \tmov %rsi,-0x10(%rbp)\n 401031:\tbf ec 10 40 00 \tmov $0x4010ec,%edi\n 401036:\te8 b5 f7 ff ff \tcallq 4007f0 \u003cputs@plt\u003e\n 40103b:\tb8 64 00 00 00 \tmov $0x64,%eax\n 401040:\tc9 \tleaveq \n 401041:\tc3 \tretq \n```\n\nAfter:\n```\n% objdump -dj .crypted crypted\n\ncrypted: file format elf64-x86-64\n\n\nDisassembly of section .crypted:\n\n0000000000401022 \u003ccrypted_main\u003e:\n 401022:\t68 ac 6c f3 e5 \tpushq $0xffffffffe5f36cac\n 401027:\t6d \tinsl (%dx),%es:(%rdi)\n 401028:\t91 \txchg %eax,%ecx\n 401029:\t59 \tpop %rcx\n 40102a:\td2 7b 05 \tsarb %cl,0x5(%rbx)\n 40102d:\t6e \toutsb %ds:(%rsi),(%dx)\n 40102e:\t20 3c 38 \tand %bh,(%rax,%rdi,1)\n 401031:\t74 05 \tje 401038 \u003ccrypted_main+0x16\u003e\n 401033:\t54 \tpush %rsp\n 401034:\t13 d6 \tadc %esi,%edx\n 401036:\t2c 31 \tsub $0x31,%al\n 401038:\t18 99 4c 46 5f 38 \tsbb %bl,0x385f464c(%rcx)\n 40103e:\tad \tlods %ds:(%rsi),%eax\n 40103f:\te3 bb \tjrcxz 400ffc \u003c__libc_csu_init+0x4c\u003e\n\t...\n\n```\n\n\nAs you can see, the second binary contains a bunch of nonsensical rubbish\ninstead of readable assembler in the .crypted section.\n\n\n## Quickstart Version 2\n```\n ~/ELFcrypt % make\ngcc -Wall -o ELFcrypt ELFcrypt.c\ngcc -Wall -o ELFcrypt2 ELFcrypt2.c\ngcc -Wall -o ELFcrypt2-stub ELFcrypt2-stub.c\ngcc -Wall -o example example.c\n ~/ELFcrypt % ./ELFcrypt2 /bin/ls out\nELFcrypt2 by @dmfroberson\nEnter passphrase: danger\nConfirm passphrase: danger\n ~/ELFcrypt % cat ELFcrypt2-stub out \u003ecrypted\n ~/ELFcrypt % chmod +x crypted\n ~/ELFcrypt % ./crypted \nEnter passphrase: danger\nConfirm passphrase: danger\ncrypted ELFcrypt2.c\t ELFcrypt.c example.c out\nELFcrypt ELFcrypt2-stub ELFcrypt.h LICENSE.md README.md\nELFcrypt2 ELFcrypt2-stub.c example\t Makefile\n```\n\nELFcrypt2 creates a stub program that reads whatever data resides beyond\nthe end of its own valid ELF, decrypts this data memory, and finally\nexecutes it in memory by means of fexecve()\n\nTo use on different programs, run them through ELFcrypt2, then use cat\nas outlined above to create the binary.\n\nThis might not work right on older Linux systems that do not have the\nmemfd_create() function. This can be worked around by modifying the\ncode to create temporary files rather than utilizing this function.\nMaybe one day I will care enough to fix this.\n\nAlso, the contents of your crypted executable are vulnerable to memory\ndumps while it is running. This simply provides a layer of protection\nfor your stuff while it is relaxing on a hostile disk drive.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdroberson%2FELFcrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdroberson%2FELFcrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdroberson%2FELFcrypt/lists"}