jerry/go-socks5-ssh-proxy
1
0
Fork 0
mirror of https://github.com/xor-gate/go-socks5-ssh-proxy synced 2026-03-22 22:06:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add some development research notes and obfuscate two other headers in the UPX packed file

Browse Source
This commit is contained in:
Jerry Jacobs
2024-07-28 20:43:52 +02:00
parent 2758725549
commit 31d5239e00
4 changed files with 52 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
cmd/upx-obfuscator/main.go
View File

@ -6,8 +6,18 @@ import (
"log"
)
var originalIdentifier = []byte("UPX0")
var obfuscatedIdentifier = []byte("GSP7")
func bytesReplace(data, old, new []byte) []byte {
foundIndex := bytes.Index(data, old)
if foundIndex > -1 {
// Found it!
log.Println("Found identifier at offset", foundIndex)
} else {
return data
log.Fatalln("Error file is not UPX packed")
}
return bytes.Replace(data, old, new, 1)
}
func main() {
if len(os.Args) != 2 {
@ -21,17 +31,11 @@ func main() {
data, _ := os.ReadFile(filename)
foundIndex := bytes.Index(data, originalIdentifier)
if foundIndex > -1 {
// Found it!
log.Println("Found UPX identifier at offset", foundIndex)
} else {
log.Fatalln("Error file is not UPX packed")
}
data = bytesReplace(data, []byte("UPX0"), []byte("GSP7"))
data = bytesReplace(data, []byte("UPX1"), []byte("GSP1"))
data = bytesReplace(data, []byte("UPX2"), []byte("GSP2"))
obfuscatedData := bytes.Replace(data, originalIdentifier, obfuscatedIdentifier, 1)
_ = os.WriteFile(filename, obfuscatedData, 0666)
_ = os.WriteFile(filename, data, 0666)
log.Println("done")
}