unshell-obfuscate/src/encrypt.rs

// --- Add these imports to the top of src/lib.rs ---
use aes::{
    Aes256,
    cipher::{BlockEncryptMut, KeyIvInit},
};
use cbc::Encryptor;
use cbc::cipher::block_padding::Pkcs7;
use hex;
use sha2::{Digest, Sha256};

use crate::{BACKUP_ENV_KEY, ENV_KEY_NAME};

// type Aes256CbcEncryptor = ;

// A static, hardcoded IV. This is fine for obfuscation,
// as we're not protecting against replay attacks, just static analysis.
// This is the hex for "my_static_iv_012".
const STATIC_IV: [u8; 16] = [
    0x6d, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x69, 0x76, 0x5f, 0x30, 0x31, 0x32,
];

pub fn get_obfuscated_symbol_name(input: &str) -> String {
    // 1. Get the key from the environment
    // let key_str =
    //     std::env::var(ENV_KEY_NAME).expect(&format!("'{}' env var not set", ENV_KEY_NAME));

    let key_str = std::env::var(ENV_KEY_NAME).unwrap_or(BACKUP_ENV_KEY.to_owned());

    // 2. Hash the env key to get a 32-byte (256-bit) AES key
    let mut hasher = Sha256::new();
    hasher.update(key_str.as_bytes());
    let key: [u8; 32] = hasher.finalize().into();

    // 3. Encrypt the input string
    let cipher = Encryptor::<Aes256>::new(&key.into(), &STATIC_IV.into());
    let mut plaintext = input.to_string();
    let plaintext = unsafe { plaintext.as_bytes_mut() };

    let mut buf = [0u8; 48];
    buf[..plaintext.len()].copy_from_slice(plaintext);
    let ciphertext = cipher
        .encrypt_padded_mut::<Pkcs7>(&mut buf, plaintext.len())
        .expect("Could not encrypt");

    // 4. Hex-encode the result
    let hex_encoded = hex::encode(ciphertext);

    hex_encoded

    // 5. Prepend a prefix
    // format!("obf_{}", hex_encoded)
}
Add string obfuscation 2025-11-08 17:58:40 -07:00			`// --- Add these imports to the top of src/lib.rs ---`
			`use aes::{`
			`Aes256,`
			`cipher::{BlockEncryptMut, KeyIvInit},`
			`};`
			`use cbc::Encryptor;`
			`use cbc::cipher::block_padding::Pkcs7;`
			`use hex;`
			`use sha2::{Digest, Sha256};`

			`use crate::{BACKUP_ENV_KEY, ENV_KEY_NAME};`

			`// type Aes256CbcEncryptor = ;`

			`// A static, hardcoded IV. This is fine for obfuscation,`
			`// as we're not protecting against replay attacks, just static analysis.`
			`// This is the hex for "my_static_iv_012".`
			`const STATIC_IV: [u8; 16] = [`
			`0x6d, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x69, 0x76, 0x5f, 0x30, 0x31, 0x32,`
			`];`

			`pub fn get_obfuscated_symbol_name(input: &str) -> String {`
			`// 1. Get the key from the environment`
			`// let key_str =`
			`// std::env::var(ENV_KEY_NAME).expect(&format!("'{}' env var not set", ENV_KEY_NAME));`

			`let key_str = std::env::var(ENV_KEY_NAME).unwrap_or(BACKUP_ENV_KEY.to_owned());`

			`// 2. Hash the env key to get a 32-byte (256-bit) AES key`
			`let mut hasher = Sha256::new();`
			`hasher.update(key_str.as_bytes());`
			`let key: [u8; 32] = hasher.finalize().into();`

			`// 3. Encrypt the input string`
			`let cipher = Encryptor::<Aes256>::new(&key.into(), &STATIC_IV.into());`
			`let mut plaintext = input.to_string();`
			`let plaintext = unsafe { plaintext.as_bytes_mut() };`

			`let mut buf = [0u8; 48];`
			`buf[..plaintext.len()].copy_from_slice(plaintext);`
			`let ciphertext = cipher`
			`.encrypt_padded_mut::<Pkcs7>(&mut buf, plaintext.len())`
			`.expect("Could not encrypt");`

			`// 4. Hex-encode the result`
			`let hex_encoded = hex::encode(ciphertext);`

			`hex_encoded`

			`// 5. Prepend a prefix`
			`// format!("obf_{}", hex_encoded)`
			`}`