Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,223
- Points
- 113
NVISO has opened up the CODASM source code.
NVISO recently released the source code for its new CODASM tool, which is designed to encode arbitrary data into pseudo-ASM instructions and compile them into a section .text of binary files. This step is aimed at improving the security and resilience of data to analysis. CODASM hides data, such as shellcodes, in highly entropic sections of binary files, making them less visible to security mechanisms.
CODASM is a Python script that generates legitimate-looking shellcode for any arbitrary payloads and creates a C header file that can be used in programs to embed shellcode in binary files and extract it at runtime.
The process of encoding payloads using CODASM includes:
The process of decoding payloads includes:
This tool is part of NVISO's drive to increase openness and collaboration in the cybersecurity community by providing powerful tools for analyzing and protecting against threats.
More information can be found on the official GitHub page of the project.
Source
NVISO recently released the source code for its new CODASM tool, which is designed to encode arbitrary data into pseudo-ASM instructions and compile them into a section .text of binary files. This step is aimed at improving the security and resilience of data to analysis. CODASM hides data, such as shellcodes, in highly entropic sections of binary files, making them less visible to security mechanisms.
CODASM is a Python script that generates legitimate-looking shellcode for any arbitrary payloads and creates a C header file that can be used in programs to embed shellcode in binary files and extract it at runtime.
The process of encoding payloads using CODASM includes:
- Generate valid x86_64 functions with prologues, epilogues, and random instructions.
- Embedding payload bytes in instruction operands (for example,mov eax, <4 байта полезной нагрузки>).
- Encrypt embedded payload bytes using XOR.
The process of decoding payloads includes:
- Parsing individual instructions before extracting the required number of payload bytes.
- Detect instructions containing payload bytes, extract them, and decrypt them.
This tool is part of NVISO's drive to increase openness and collaboration in the cybersecurity community by providing powerful tools for analyzing and protecting against threats.
More information can be found on the official GitHub page of the project.
Source
