This is a WIP tool that performs shellcode obfuscation in x86 instruction set. If you want to learn more, check out my blog where I explain how it works:
X86 Shellcode Obfuscation - Part 1
X86 Shellcode Obfuscation - Part 2
X86 Shellcode Obfuscation - Part 3
Tool requires distorm3 library, which you can easily install with pip:
pip install distorm3usage: x86obf.py [-h] -i INPUT -o OUTPUT [-r RANGE] [-p PASSES] [-f MIXFLOW]
optional arguments:
-h, --help show this help message and exit
-i INPUT, --input INPUT
Input binary shellcode file
-o OUTPUT, --output OUTPUT
Output obfuscated binary shellcode file
-r RANGE, --range RANGE
Ranges where code instructions reside (e.g.
0-184,188-204)
-p PASSES, --passes PASSES
How many passes should the obfuscation process go
through (def. 1)
-f MIXFLOW, --mixflow MIXFLOW
Specify level of execution flow mixing (0-10) (def. 5)Example 1:
python x86obf.py -i shellcode\test1.bin -o output.binExample 2:
python x86obf.py -i shellcode\exec_calc.bin -o output.bin -r 0-184
python x86obf.py -i shellcode\exec_calc.bin -o output.bin -r 0-184 -p 4
python x86obf.py -i shellcode\exec_calc.bin -o output.bin -r 0-184 -p 2 -f 10Example 3:
python x86obf.py -i shellcode\msg_box.bin -o output.bin -r 0-196If you want to run and test any obfuscated or not obfuscated shellcode, you can use the attached run_shell.py script:
python run_shell.py -i shellcode\exec_calc.bin