astatin3/unshell
1
0
Fork 0
mirror of https://github.com/Astatin3/unshell.git synced 2026-06-08 22:38:01 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add string obfuscation

Browse Source
This commit is contained in:
Michael Mikovsky
2025-11-08 17:58:40 -07:00
parent 3dba32264c
commit 997b98491a
14 changed files with 1311 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
unshell-obfuscate/Cargo.lock
Generated
+248
View File
@@ -0,0 +1,248 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "aes"
version = "0.8.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0"
dependencies = [
"cfg-if",
"cipher",
"cpufeatures",
]
[[package]]
name = "block-buffer"
version = "0.10.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
dependencies = [
"generic-array",
]
[[package]]
name = "block-padding"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93"
dependencies = [
"generic-array",
]
[[package]]
name = "block-padding"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41d28ed5f5f65056148fd25e1a596b5b6d9e772270abf9a9085d7cbfbf26c563"
dependencies = [
"hybrid-array",
]
[[package]]
name = "cbc"
version = "0.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6"
dependencies = [
"cipher",
]
[[package]]
name = "cfg-if"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
[[package]]
name = "cipher"
version = "0.4.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad"
dependencies = [
"crypto-common",
"inout",
]
[[package]]
name = "cpufeatures"
version = "0.2.17"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
dependencies = [
"libc",
]
[[package]]
name = "crypto-common"
version = "0.1.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
dependencies = [
"generic-array",
"typenum",
]
[[package]]
name = "digest"
version = "0.10.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
dependencies = [
"block-buffer",
"crypto-common",
]
[[package]]
name = "generic-array"
version = "0.14.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2"
dependencies = [
"typenum",
"version_check",
]
[[package]]
name = "getrandom"
version = "0.3.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
dependencies = [
"cfg-if",
"libc",
"r-efi",
"wasip2",
]
[[package]]
name = "hex"
version = "0.4.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
[[package]]
name = "hex-literal"
version = "1.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e712f64ec3850b98572bffac52e2c6f282b29fe6c5fa6d42334b30be438d95c1"
[[package]]
name = "hybrid-array"
version = "0.4.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f471e0a81b2f90ffc0cb2f951ae04da57de8baa46fa99112b062a5173a5088d0"
dependencies = [
"typenum",
]
[[package]]
name = "inout"
version = "0.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01"
dependencies = [
"block-padding 0.3.3",
"generic-array",
]
[[package]]
name = "libc"
version = "0.2.177"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976"
[[package]]
name = "proc-macro2"
version = "1.0.103"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5ee95bc4ef87b8d5ba32e8b7714ccc834865276eab0aed5c9958d00ec45f49e8"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
version = "1.0.42"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a338cc41d27e6cc6dce6cefc13a0729dfbb81c262b1f519331575dd80ef3067f"
dependencies = [
"proc-macro2",
]
[[package]]
name = "r-efi"
version = "5.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
[[package]]
name = "sha2"
version = "0.10.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
dependencies = [
"cfg-if",
"cpufeatures",
"digest",
]
[[package]]
name = "syn"
version = "2.0.109"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "2f17c7e013e88258aa9543dcbe81aca68a667a9ac37cd69c9fbc07858bfe0e2f"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]]
name = "typenum"
version = "1.19.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb"
[[package]]
name = "unicode-ident"
version = "1.0.22"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9312f7c4f6ff9069b165498234ce8be658059c6728633667c526e27dc2cf1df5"
[[package]]
name = "unshell-obfuscate"
version = "0.1.0"
dependencies = [
"aes",
"block-padding 0.4.1",
"cbc",
"getrandom",
"hex",
"hex-literal",
"quote",
"sha2",
"syn",
]
[[package]]
name = "version_check"
version = "0.9.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
[[package]]
name = "wasip2"
version = "1.0.1+wasi-0.2.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7"
dependencies = [
"wit-bindgen",
]
[[package]]
name = "wit-bindgen"
version = "0.46.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59"
unshell-obfuscate/Cargo.toml
+22
View File
@@ -0,0 +1,22 @@
[package]
name = "unshell-obfuscate"
version = "0.1.0"
edition = "2024"
[lib]
proc-macro = true
[features]
# default = ["obfuscate"]
obfuscate = []
[dependencies]
aes = "0.8.4"
block-padding = "0.4.1"
cbc = "0.1.2"
getrandom = "0.3.4"
hex = "0.4.3"
hex-literal = "1.1.0"
quote = "1.0.42"
sha2 = "0.10.9"
syn = {version = "2.0.109", features = ["full"]}
unshell-obfuscate/src/encrypt.rs
+52
View File
@@ -0,0 +1,52 @@
// --- Add these imports to the top of src/lib.rs ---
use aes::{
Aes256,
cipher::{BlockEncryptMut, KeyIvInit},
};
use cbc::Encryptor;
use cbc::cipher::block_padding::Pkcs7;
use hex;
use sha2::{Digest, Sha256};
use crate::{BACKUP_ENV_KEY, ENV_KEY_NAME};
// type Aes256CbcEncryptor = ;
// A static, hardcoded IV. This is fine for obfuscation,
// as we're not protecting against replay attacks, just static analysis.
// This is the hex for "my_static_iv_012".
const STATIC_IV: [u8; 16] = [
0x6d, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x69, 0x76, 0x5f, 0x30, 0x31, 0x32,
];
pub fn get_obfuscated_symbol_name(input: &str) -> String {
// 1. Get the key from the environment
// let key_str =
// std::env::var(ENV_KEY_NAME).expect(&format!("'{}' env var not set", ENV_KEY_NAME));
let key_str = std::env::var(ENV_KEY_NAME).unwrap_or(BACKUP_ENV_KEY.to_owned());
// 2. Hash the env key to get a 32-byte (256-bit) AES key
let mut hasher = Sha256::new();
hasher.update(key_str.as_bytes());
let key: [u8; 32] = hasher.finalize().into();
// 3. Encrypt the input string
let cipher = Encryptor::<Aes256>::new(&key.into(), &STATIC_IV.into());
let mut plaintext = input.to_string();
let plaintext = unsafe { plaintext.as_bytes_mut() };
let mut buf = [0u8; 48];
buf[..plaintext.len()].copy_from_slice(plaintext);
let ciphertext = cipher
.encrypt_padded_mut::<Pkcs7>(&mut buf, plaintext.len())
.expect("Could not encrypt");
// 4. Hex-encode the result
let hex_encoded = hex::encode(ciphertext);
hex_encoded
// 5. Prepend a prefix
// format!("obf_{}", hex_encoded)
}
unshell-obfuscate/src/lib.rs
+134
View File
@@ -0,0 +1,134 @@
#![feature(proc_macro_quote)]
use proc_macro::TokenStream;
use quote::quote;
use syn::{ItemFn, parse_macro_input};
#[cfg(feature = "obfuscate")]
mod encrypt;
// Put all encrypt-related dependencies in a module, so they are easier to use with the feature flag
#[cfg(feature = "obfuscate")]
mod obs_deps {
pub use crate::encrypt::get_obfuscated_symbol_name;
pub use syn::LitStr;
pub const ENV_KEY_NAME: &str = "OBFUSCATION_KEY";
pub const BACKUP_ENV_KEY: &str = "OBFUSCATION_KEY_DO_NOT_USE";
}
#[cfg(feature = "obfuscate")]
use obs_deps::*;
#[proc_macro]
#[cfg(not(feature = "obfuscate"))]
pub fn obs(input: TokenStream) -> TokenStream {
input
}
#[proc_macro_attribute]
#[cfg(not(feature = "obfuscate"))]
pub fn obfuscated_symbol(_attr: TokenStream, item: TokenStream) -> TokenStream {
let func = parse_macro_input!(item as ItemFn);
TokenStream::from(quote! {
#[unsafe(no_mangle)]
#func
})
}
#[proc_macro]
#[cfg(not(feature = "obfuscate"))]
pub fn symbol(input: TokenStream) -> TokenStream {
input
}
#[proc_macro_attribute]
#[cfg(feature = "obfuscate")]
pub fn obfuscated_symbol(_attr: TokenStream, item: TokenStream) -> TokenStream {
// Parse the input function
let func = parse_macro_input!(item as ItemFn);
// Get the original function name
let fn_name = func.sig.ident.to_string();
// Generate the new, obfuscated name
let obfuscated_name = get_obfuscated_symbol_name(&fn_name);
// Create a new string literal for the name
let new_name_lit = LitStr::new(&obfuscated_name, func.sig.ident.span());
// Re-build the function, but add #[no_mangle]
// and rename the *exported* symbol via #[export_name]
TokenStream::from(quote! {
#[unsafe(export_name = #new_name_lit)]
#func
})
}
// --- NEW MACRO 2: The macro for the loader ---
#[proc_macro]
#[cfg(feature = "obfuscate")]
pub fn symbol(input: TokenStream) -> TokenStream {
// Parse the input as a string literal
let lit_str = parse_macro_input!(input as LitStr);
let original_name = lit_str.value();
// Generate the exact same obfuscated name
let obfuscated_name = get_obfuscated_symbol_name(&original_name);
// Expand to a static string literal
TokenStream::from(quote! {
#obfuscated_name
})
}
#[proc_macro]
#[cfg(feature = "obfuscate")]
pub fn obs(input: TokenStream) -> TokenStream {
// Parse the input as a string literal
let lit_str = parse_macro_input!(input as LitStr);
let original_str = lit_str.value();
// Handle empty strings explicitly
if original_str.is_empty() {
return TokenStream::from(quote! { String::new() });
}
// --- Obfuscated Branch Logic ---
// This code runs at compile-time
let str_bytes = original_str.as_bytes();
let len = str_bytes.len();
// 1. Generate a unique, random key for this string
let mut key = vec![0u8; len];
getrandom::fill(&mut key).expect("Failed to get random bytes for XOR key");
// 2. XOR the string with the key
let mut obfuscated = Vec::with_capacity(len);
for i in 0..len {
obfuscated.push(str_bytes[i] ^ key[i]);
}
// 3. This is the code that will be injected into the user's binary
// It runs at *runtime* to decrypt the string.
let obfuscated_expansion = quote! {
{
// These static arrays are stored directly in your binary
static OBFUSCATED_DATA: [u8; #len] = [ #( #obfuscated ),* ];
static KEY_DATA: [u8; #len] = [ #( #key ),* ];
let mut decrypted = Vec::with_capacity(#len);
for i in 0..#len {
decrypted.push(OBFUSCATED_DATA[i] ^ KEY_DATA[i]);
}
// We can trust this since the source was a valid String literal
String::from_utf8(decrypted).unwrap()
}
};
TokenStream::from(obfuscated_expansion)
}