ShellCode异或加密去NULL小工具

通常为了简洁及防止NULL产生，ShellCode中会使用hash加密。而也有些时候，我们直接使用加密技术去除NULL：

#!/usr/bin/env python

import os,sys,string

#check the parameter
if len(sys.argv) != 2:
    print 'UseAge: Encoder filename'
    sys.exit(1)
    
# is file exists
filepath = os.getcwd() + '\\' + sys.argv[1]
if not os.path.exists(filepath):
    print '[!] Error: file not exists!'
    exit(1)
else:
    fp = open(filepath,'r')
    
# get each char to find the key
code = []
line = ""
KEY = range(0,256)
lines = fp.readlines()
for s in lines:
    line = line + s.replace('\n','')
line = line.strip()
for x in line.split(' '):
    y = int(x,16)
    if y in KEY:
        KEY.remove(y)
    code.append(x)
print 'All the Keys can be used:\n'
for key in KEY:
    print "%02X " % int(key),

# enter a key to code
key = raw_input('\n\nEnter the Key: ')
key = int(key,16)

# is a invalid key?
if key not in KEY:
    print '[!] Key is invalid!'
    sys.exit(1)

# encode and save it
decode = []
tmp = "83 C4 14 33 C9 8A 1C 0C 80 F3 %02X 88 1C 0C 41 80 F9 %02X 75 F1" % (key,len(code))
fw = open(os.getcwd() + '\\encode.txt','w+')
fw.write('\"')
k = 0
for z in tmp.split(' '):
    k = k+1
    if k%8==0:
        fw.write('\"\n\"')
    fw.write('\\x%s' % z)
for i in range(len(code)):
    k = k+1
    if k%8==0:
        fw.write('\"\n\"')
    fw.write('\\x%02X' % (int(code[i],16)^key))
fw.write('\"\n\ntotal bytes: %d' % k)

print '[+] Done!'
fw.close()
fp.close()

 

用法示例：

传入才提取出来的shellcode.txt，然后“encoder.py shellcode.txt”，选择一个列出的可用的key，然后会在当前目录下产生encoder.txt。