After several weeks of research and having produced a proof-of-concept code in Python, I have finally found some time to code the obfuscation library in proper programming language. I have named the library Obfusion and I will make sure to expand on its functionality in the future.
Obfusion, at the moment, is able to obfuscate the code, the same way the Python version does, but I made sure to make the code cleaner and more optimized. The obfuscation process should be much faster than previously and I'm sure it can be optimized even more.
Here is the short demo of the library's capabilities. Take a look at this disassembled shellcode sample. This shellcode just executes
calc.exe via the
I ran this shellcode through Obfusion obfuscator, performing 3 obfuscation passes and here is the disassembled obfuscated shellcode that performs the same tasks as the original:
As you can see, that makes it pretty hard to analyze. The shellcode size increased from 189 bytes to 357'236 bytes and you can increase the obfuscation complexity even more at the cost of obfuscation speed.
Those of you who haven't followed my previous research posts on obfuscation, feel free to catch up here:
You can follow the development of the Obfusion library on my Github project page here:
Make sure to watch this space as I plan to release some blog posts on how to prepare your Metasploit meterpreter shellcodes to be obfuscation-friendly (they are not currently) and I will also demonstrate best ways to infect any Portable Executable file with your own shellcode.
See you soon and have fun with the library!