{"id":27968534,"url":"https://github.com/redsiege/delta-encoder","last_synced_at":"2025-06-21T17:04:02.634Z","repository":{"id":232434384,"uuid":"783785853","full_name":"RedSiege/Delta-Encoder","owner":"RedSiege","description":null,"archived":false,"fork":false,"pushed_at":"2024-06-25T10:03:52.000Z","size":7,"stargazers_count":15,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-06-21T17:03:40.482Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RedSiege.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-04-08T15:09:14.000Z","updated_at":"2025-04-29T03:42:52.000Z","dependencies_parsed_at":"2025-05-07T21:04:13.077Z","dependency_job_id":"c5382624-fb6b-4990-aa85-d7c57585d2c1","html_url":"https://github.com/RedSiege/Delta-Encoder","commit_stats":null,"previous_names":["redsiege/delta-encoder"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RedSiege/Delta-Encoder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FDelta-Encoder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FDelta-Encoder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FDelta-Encoder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FDelta-Encoder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RedSiege","download_url":"https://codeload.github.com/RedSiege/Delta-Encoder/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2FDelta-Encoder/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261162060,"owners_count":23118219,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-07T21:04:09.431Z","updated_at":"2025-06-21T17:03:57.601Z","avatar_url":"https://github.com/RedSiege.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Delta-Encoder\nDelta-Encoder will take a raw shellcode file as input and outputs an array of deltas and a C/C++ stub to reconstitute the shellcode in memory. This does not produce a fully working shellcode loader. Delta-Encoder will only produce the encoded shellcode delta array and the code to reconstitute the shellcode at runtime.\n\nFor more information on Delta-Encoder, check out the blog here: [https://redsiege.com/delta](https://redsiege.com/delta)\n\n## Usage\n```python3 delta.py -i inputfile.bin```\n\n## Example\n```\n$ msfvenom -p windows/x64/exec CMD=calc.exe -f raw -o calc.bin\n$ python3 delta.py -i calc.bin\n\n//Initial byte for setting rest of the deltas\nunsigned char first_byte = 0xfc;\n\n//Array of deltas\nunsigned char delta[275] = {0x4c, 0x3b, 0x61, 0xc, 0xf8, 0xd8, 0x40, 0x0, 0x0, 0x41, 0x10, 0xf0, 0xf, 0x2, 0xff, 0x5, 0xf2, 0xe9, 0xa1, 0x93, 0xe3, 0x43, 0xc7, 0xe, 0xe8, 0x43, 0xc7, 0xc6, 0x30, 0x43, 0xc7, 0xce, 0x28, 0x43, 0xe7, 0xde, 0xf8, 0xc7, 0xa8, 0x93, 0x0, 0x3, 0xe4, 0x98, 0x7f, 0xe9, 0x8f, 0xec, 0x90, 0x25, 0x1b, 0x86, 0x2a, 0xf4, 0x21, 0x80, 0x8, 0x44, 0x34, 0xc0, 0xc0, 0x21, 0xb, 0x65, 0xef, 0x10, 0xf7, 0x43, 0xc7, 0xce, 0x6b, 0xb7, 0xfa, 0xc, 0xb9, 0xcf, 0xbb, 0xf5, 0x8, 0x78, 0x0, 0x0, 0x48, 0x3d, 0x3b, 0xb4, 0xf3, 0xe1, 0xb9, 0xcf, 0x80, 0x3b, 0xbd, 0xd0, 0x2c, 0x47, 0xb5, 0xe0, 0x29, 0xb8, 0xcf, 0x13, 0x73, 0xf2, 0xb7, 0xca, 0x78, 0x4a, 0xa9, 0x54, 0xc0, 0xb9, 0xd5, 0x77, 0xe4, 0x98, 0x7f, 0xe9, 0x8f, 0xec, 0x95, 0x80, 0x8, 0x44, 0x34, 0xc0, 0xc0, 0x77, 0xa8, 0x95, 0x7c, 0x5b, 0xb7, 0x49, 0xd8, 0xe4, 0x3d, 0xf4, 0x98, 0xa4, 0x63, 0x80, 0xec, 0x47, 0xb5, 0xe4, 0x25, 0xb8, 0xcf, 0x96, 0xdb, 0x4a, 0x81, 0x3c, 0xfc, 0x47, 0xb5, 0xdc, 0x2d, 0xb8, 0xcf, 0x71, 0x4a, 0x79, 0x84, 0xc0, 0xb9, 0xcf, 0x71, 0x17, 0xe9, 0x17, 0x6, 0xfb, 0x1, 0xe7, 0x17, 0xe9, 0x18, 0xe8, 0x19, 0xee, 0x3b, 0x69, 0x34, 0x21, 0x11, 0xad, 0xe1, 0x78, 0xe9, 0x18, 0x1, 0xee, 0x43, 0x87, 0xd7, 0x6e, 0xa8, 0x0, 0x0, 0x5e, 0xeb, 0x72, 0x47, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x45, 0x0, 0x74, 0x0, 0xff, 0x0, 0x41, 0x79, 0x77, 0x5a, 0xe4, 0x18, 0x78, 0xd6, 0xe6, 0x35, 0xc5, 0xed, 0xb4, 0xeb, 0x79, 0xec, 0xef, 0x28, 0xe0, 0x62, 0xd6, 0x73, 0x3b, 0x41, 0x64, 0x14, 0xca, 0x76, 0x8e, 0x76, 0x7b, 0xe5, 0x95, 0x90, 0xb6, 0x8c, 0xcc, 0x5f, 0xfd, 0xfb, 0x96, 0x59, 0xe8, 0x48, 0x51, 0x25, 0xd6, 0x8e, 0xfe, 0xb, 0xf7, 0xcb, 0x37, 0x13, 0xed, 0x9b };\n\n//Array to hold the reconstituted shellcode. Needs to be set to 1 byte more than original array\nunsigned char rebuilt[276] = { 0x00 };\nunsigned int i, index;\n//Size of delta array\nint cap = sizeof(delta) / sizeof(delta[0]);\n\n//Setting first byte of the reconstituted array to the first byte of the payload\nrebuilt[0] = first_byte;\n\n/*Takes initial byte and adds the delta to it to get the second byte. Takes second byte\nand adds second delta to get third byte and so on.*/\nfor (i = 0; i \u003c cap; i++)\n{\n    index = i + 1;\n    rebuilt[index] = rebuilt[i] + delta[i];\n}\n```\n\n### Credits\nHuge shoutouts to Mike Saunders [(@HardwaterHacker)](https://github.com/hardwaterhacker) who translated my crappy C code into a way easier to use Python script and for pushing the team to come up with new ideas.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredsiege%2Fdelta-encoder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredsiege%2Fdelta-encoder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredsiege%2Fdelta-encoder/lists"}