Add string obfuscation

unshell-obfuscate/src/encrypt.rs

@@ -0,0 +1,52 @@
+// --- Add these imports to the top of src/lib.rs ---
+use aes::{
+    Aes256,
+    cipher::{BlockEncryptMut, KeyIvInit},
+};
+use cbc::Encryptor;
+use cbc::cipher::block_padding::Pkcs7;
+use hex;
+use sha2::{Digest, Sha256};
+
+use crate::{BACKUP_ENV_KEY, ENV_KEY_NAME};
+
+// type Aes256CbcEncryptor = ;
+
+// A static, hardcoded IV. This is fine for obfuscation,
+// as we're not protecting against replay attacks, just static analysis.
+// This is the hex for "my_static_iv_012".
+const STATIC_IV: [u8; 16] = [
+    0x6d, 0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x69, 0x63, 0x5f, 0x69, 0x76, 0x5f, 0x30, 0x31, 0x32,
+];
+
+pub fn get_obfuscated_symbol_name(input: &str) -> String {
+    // 1. Get the key from the environment
+    // let key_str =
+    //     std::env::var(ENV_KEY_NAME).expect(&format!("'{}' env var not set", ENV_KEY_NAME));
+
+    let key_str = std::env::var(ENV_KEY_NAME).unwrap_or(BACKUP_ENV_KEY.to_owned());
+
+    // 2. Hash the env key to get a 32-byte (256-bit) AES key
+    let mut hasher = Sha256::new();
+    hasher.update(key_str.as_bytes());
+    let key: [u8; 32] = hasher.finalize().into();
+
+    // 3. Encrypt the input string
+    let cipher = Encryptor::<Aes256>::new(&key.into(), &STATIC_IV.into());
+    let mut plaintext = input.to_string();
+    let plaintext = unsafe { plaintext.as_bytes_mut() };
+
+    let mut buf = [0u8; 48];
+    buf[..plaintext.len()].copy_from_slice(plaintext);
+    let ciphertext = cipher
+        .encrypt_padded_mut::<Pkcs7>(&mut buf, plaintext.len())
+        .expect("Could not encrypt");
+
+    // 4. Hex-encode the result
+    let hex_encoded = hex::encode(ciphertext);
+
+    hex_encoded
+
+    // 5. Prepend a prefix
+    // format!("obf_{}", hex_encoded)
+}