Monday, June 5, 2023

Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu



In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204


target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204



In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.


Let's see the stack in this moment:


The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.


SCEMU also identify all the Linux  syscalls for 32bits shellcodes:



The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:


We can see where is connecting and which headers is using, so right now we can replicate the communications.



In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.


target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j


target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l


The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi


target/release/scemu -f shellcodes/shikata.bin --reg esi 


In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs





Related posts


  1. How To Install Pentest Tools In Ubuntu
  2. Computer Hacker
  3. Hacking Tools Windows 10
  4. Pentest Tools For Android
  5. Hacking Tools And Software
  6. Tools Used For Hacking
  7. Hacker Tools 2020
  8. Pentest Tools For Android
  9. Hacking Tools For Windows
  10. How To Make Hacking Tools
  11. Pentest Tools Find Subdomains
  12. Nsa Hack Tools Download
  13. New Hack Tools
  14. New Hacker Tools
  15. Nsa Hack Tools Download
  16. Pentest Tools Download
  17. Wifi Hacker Tools For Windows
  18. Hacker Tools Free Download
  19. Pentest Tools Nmap
  20. Hack And Tools
  21. Hak5 Tools
  22. Hacking Tools Pc
  23. Hack Tools For Ubuntu
  24. Hack Tools
  25. Hack Rom Tools
  26. Computer Hacker
  27. Tools 4 Hack
  28. Hacking Tools And Software
  29. Bluetooth Hacking Tools Kali
  30. Best Hacking Tools 2019
  31. Hacking Apps
  32. Pentest Tools List
  33. Hackrf Tools
  34. Underground Hacker Sites
  35. Pentest Tools Apk
  36. Hacker Hardware Tools
  37. Game Hacking
  38. Hacker Tools 2020
  39. Pentest Tools Linux
  40. Pentest Tools Free
  41. Hacker Tools
  42. Hacking Tools Mac
  43. Pentest Automation Tools
  44. Game Hacking
  45. Hack App
  46. New Hack Tools
  47. Nsa Hack Tools Download
  48. Free Pentest Tools For Windows
  49. Pentest Automation Tools
  50. Hacks And Tools
  51. Pentest Tools Port Scanner
  52. Growth Hacker Tools
  53. Hacking Tools Software
  54. Hacking Tools Name
  55. Hacking Tools Windows
  56. Computer Hacker
  57. Hack Tool Apk No Root
  58. Hackrf Tools
  59. Hacking Tools For Windows 7
  60. Tools For Hacker
  61. Pentest Tools Port Scanner
  62. How To Install Pentest Tools In Ubuntu
  63. Hacker Tools Windows
  64. Hack App
  65. Pentest Tools For Ubuntu
  66. Black Hat Hacker Tools
  67. Hack Tool Apk No Root
  68. Physical Pentest Tools
  69. Hacking Tools Github
  70. Hacking Tools Name
  71. Tools For Hacker
  72. Hacking Tools Free Download
  73. Pentest Recon Tools
  74. Hack Tools Online
  75. Hacking Tools For Pc
  76. Hacker Tools Free Download
  77. Pentest Automation Tools
  78. Hacking Tools For Kali Linux
  79. Hack Tools
  80. Hacking Tools Free Download
  81. Github Hacking Tools
  82. Hacking Tools For Windows 7
  83. New Hacker Tools
  84. Pentest Tools For Android
  85. Pentest Tools Apk
  86. Hacker Tools For Mac
  87. Hacker
  88. Pentest Tools Framework
  89. Tools 4 Hack
  90. Physical Pentest Tools
  91. Pentest Tools Alternative
  92. What Is Hacking Tools
  93. Hacker Tools Github
  94. Pentest Tools Website Vulnerability
  95. Hacking Tools Windows 10
  96. Growth Hacker Tools
  97. Wifi Hacker Tools For Windows
  98. Pentest Tools Framework
  99. Hacking Tools Download
  100. Ethical Hacker Tools
  101. Hacking Apps
  102. Free Pentest Tools For Windows
  103. Hacking Tools Free Download
  104. Pentest Tools For Windows
  105. Pentest Tools Online
  106. Best Hacking Tools 2020
  107. Hacker Tools Linux
  108. Free Pentest Tools For Windows
  109. Hacking Tools Hardware
  110. Best Hacking Tools 2020
  111. Hackers Toolbox
  112. Hacking Tools Windows 10
  113. Hacking Tools Kit
  114. Pentest Tools Nmap
  115. Pentest Tools Download
  116. Hacker Tools
  117. Top Pentest Tools
  118. Game Hacking
  119. Pentest Tools For Windows
  120. Hackrf Tools
  121. Hack Tools Pc
  122. Pentest Automation Tools
  123. Underground Hacker Sites
  124. Hack Apps
  125. Hacker Tools For Pc
  126. Best Pentesting Tools 2018
  127. Hacking Tools For Mac
  128. Hacking Tools Online
  129. Best Hacking Tools 2019
  130. How To Hack
  131. How To Make Hacking Tools
  132. Hack Tools Pc
  133. Hack Rom Tools
  134. Hack Rom Tools
  135. Hacker Tools For Mac
  136. Hacking Tools Name
  137. Hack Rom Tools
  138. Hacker Tools For Ios
  139. Pentest Tools Bluekeep
  140. Top Pentest Tools
  141. What Are Hacking Tools
  142. What Are Hacking Tools
  143. Hack Tools For Ubuntu
  144. Hacker Tools Windows
  145. Hack Tools For Ubuntu
  146. Pentest Tools Bluekeep
  147. Hack Tools Download
  148. Tools 4 Hack
  149. Hack Tools 2019
  150. Pentest Tools Subdomain
  151. Beginner Hacker Tools
  152. How To Install Pentest Tools In Ubuntu
  153. Hack Tool Apk
  154. Pentest Tools Apk
  155. Hack Website Online Tool
  156. Hacker Tools Free Download
  157. Hacking Tools For Windows Free Download
  158. Hacking Tools For Windows
  159. Hack Tools Github
  160. Pentest Tools For Ubuntu
  161. Hacking Tools Software
  162. Underground Hacker Sites
  163. Hack Tools 2019
  164. Hacker Hardware Tools
  165. Hackrf Tools
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)