Skip to content

lawiet47/pylogite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

52 Commits
lib
lib
 
 
png
png
 
 
samples
samples
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

PyloGite - Metamorphic Code Generator & Loader

What is it?

Pylogite is a metamorphic code generator for x86 (64bit) ISA. The tool's aim is to take a Position independent shellcode obfuscate it by changing/deleting/adding x86 instructions and inject it into the given benign PE file. Every generated sample will be different from the last one.

What can it do?

Feature ✔️ / TODO
Insert garbage instructions ✔️
Obfuscate relative branch instructions ✔️
Graph view destruction ✔️
Obfuscate mov instructions ✔️
Unsafe registry arithmetics ✔️
Obfuscate push/pop instructions ✔️
Obfuscate cmp instructions TODO
Add SSE instructions TODO
Control Flow Deception TODO

How?

The program takes a Position independent shellcode (code section must not have any offsets to .data/.rdata sections) and obfuscates it by changing already existing instructions with new x86 instructions which perform the same action but are different in size. Program can also insert garbage instructions consisting of branches, calls, unsafe registry arithmetics anywhere in the code Hopefully achieving metamorphism.

Currently static immediate values that are being moved with mov instructions are obfuscated to hide signature values. Later on immediate values that are being used in cmp, push, add and sub instructions will also be obfuscated.

Below are two different outputs of the same shellcode:

Below is the section info for the original Microsoft Signed cmd.exe and the modified version of it.

Original:

Name RVA Size Permissions Entropy
.text 0x1000 0x2f000 READ_EXECUTE 6.37579802
.rdata 0x30000 0xb000 READ_ONLY 4.89710901
.data 0x3b000 0x1c000 READ_WRITE 3.24267717
.pdata 0x57000 0x3000 READ_ONLY 5.42258726
.didat 0x5a000 0x1000 READ_WRITE 1.02781326
.rsrc 0x5b000 0x9000 READ_ONLY 4.35942953
.reloc 0x64000 0x1000 READ_ONLY 4.58648411

Modified:

Name RVA Size Permissions Entropy
.text 0x1000 0x2f000 READ_EXECUTE 6.38199005
.rdata 0x30000 0xb000 READ_ONLY 4.89710901
.data 0x3b000 0x1c000 READ_WRITE 3.24267717
.pdata 0x57000 0x3000 READ_ONLY 5.42258726
.didat 0x5a000 0x1000 READ_WRITE 1.02781326
.rsrc 0x5b000 0x9000 READ_ONLY 4.35942953
.reloc 0x64000 0x1000 READ_ONLY 4.58648411

About

Metamorphic Code Generator & Loader

Resources

Readme

License

GPL-3.0 license
Activity

Stars

13 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages