{"id":27968552,"url":"https://github.com/redsiege/jargon","last_synced_at":"2026-03-10T20:35:41.569Z","repository":{"id":86559445,"uuid":"472939017","full_name":"RedSiege/jargon","owner":"RedSiege","description":null,"archived":false,"fork":false,"pushed_at":"2026-03-04T21:26:05.000Z","size":3655,"stargazers_count":154,"open_issues_count":4,"forks_count":32,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-03-05T03:12:23.119Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RedSiege.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-03-22T21:11:21.000Z","updated_at":"2026-03-04T21:26:09.000Z","dependencies_parsed_at":"2024-01-13T12:38:09.778Z","dependency_job_id":"1d22f0bd-d92e-4a92-94ba-efd880aaa935","html_url":"https://github.com/RedSiege/jargon","commit_stats":null,"previous_names":["redsiege/jargon"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/RedSiege/jargon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2Fjargon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2Fjargon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2Fjargon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2Fjargon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RedSiege","download_url":"https://codeload.github.com/RedSiege/jargon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RedSiege%2Fjargon/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30352901,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T15:55:29.454Z","status":"ssl_error","status_checked_at":"2026-03-10T15:54:58.440Z","response_time":106,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-07T21:04:23.627Z","updated_at":"2026-03-10T20:35:41.560Z","avatar_url":"https://github.com/RedSiege.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Jargon\n\nJargon  \n/ˈjärɡən/  \nnoun: jargon; plural noun: jargons  \nDefinition: special words or expressions that are used by a particular profession or group and are difficult for others to understand.\n\n## Usage\n```\npython3 jargon.py -i input.bin -d /path/to/dictionary.txt -o output.c\n```\n## Instructions\nJargon takes raw shellcode bytes (output format Raw in Cobalt Strike) as input. It also requires a dictionary file containing unique words, one per line, as input.\n\n## Background\nIn order to protect our shellcode loaders, we often use encryption to obfuscate our shellcode.  Encryption increases the entropy of our shellcode loader.  Some AV \u0026 EDR use entropy analysis to determine if a binary is trustworthy for execution.  If the entropy of a binary is too high, the agent makes a decision the binary is not trustworth for execution. This is, of course, an oversimplified explanation, but it will work for our purposes.\n\nThis project takes raw shellcode and encodes it using a dictionary of words. The dictionary could be a dictionary of English words, the text of a Shakespearean tragedy, or it could be strings extracted from your favorite system DLL. The only requirement is that the dictionary contains at least 256 unique entries and all characters are valid for string literals in C/C++.\n\n_tldr: Use this program to translate shellcode bytes into words for entropy analysis evasion._\n\n## How it works\nWe typically see shellcode represented as hex bytes - 0x00 to 0xff. However, we can also use integers to represent our shellcode. Since our shellcode can only possibly consist of 256 different values, the program reads the dictionary, selects 256 random words, and places them in an array. A word's position in this tranlsation array represents its shellcode value. Consider the following example:\n```\nunsigned char* translation_table[5] = { \"petition\",\"creates\",\"proposal\",\"maintain\",\"winner\" };\n```\nTo tranlsate our shellcode into an array of words, we read each byte of shellcode and pull the word from the translation table using the shellcode value as the index. Using the example above, if our first byte of shellcode is `0x01`, the value at `translation_table[1]` is `creates`. We take the word found at our index and append it to a new array that represents our translated shellcode. We repeat this process until we've reached the end of our shellcode. This will give us two arrays that look like the following abbreviated examples:\n```\nconst char* translation_table[256] = { \"petition\",\"creates\",\"proposal\",\"maintain\",\"winner\",\"accommodations\",\"submitted\"...\" };\n\nconst char* translated_shellcode[287] = { \"staying\",\"valuation\",\"differences\",\"score\",\"disks\",\"interests\",\"controls\" ... };\n```\nTo use this translated shellcode in our loader, we simply reverse the process.  For each entry in the translated_shellcode array, we search the translation table for that value. The array index of the word is our shellcode byte. Given the first 4 bytes of 64-bit shellcode are typically `0xfc,0x48,0x83,0xe4,` we can surmise that `\"staying\",\"valuation\",\"differences\",\"score\"` translates to translation_table[252], translation_table[72], translation_table[131], translation_table[228]. As a result, the first 4 bytes of our reconstructed shellcode will be `252,72,131,228.`\n\nThis program will generate C source code containing the two array definitions and the translation routine to recover the shellcode bytes.\n\n## Prior art\nBefore I wrote this tool, I tried to find examples that people had written before me.  I came up short, despite a lot of searching.  Since originally writing the tool, I became aware of people who have written similar tools, but their tools are not public. These projects are using similar concepts:\n\n[wire-transfer](https://github.com/moloch--/wire-transfer): Encode binary files into English text for transfer over HTTP.  \n[Sliver C2](https://github.com/BishopFox/sliver/blob/master/util/encoders/english.go): Encode binary file as English text.  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredsiege%2Fjargon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fredsiege%2Fjargon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fredsiege%2Fjargon/lists"}