Furikuri is protection framework what targeting on shellcode and executable files
Supported x32 and x64 archs
Mutation of original instruction into series of other equivalent instructions
example:
mov rcx, rax
mov rdx, [rsp + 38h]
call SomeFunc
becomes to :
mov rdx, rax
mov rcx, [rsp + 38h]
push rcx
mov rcx, rdx
pop rdx
call SomeFunc
Inserting assembler instructions with out any payload between "original" instructions
example:
mov rcx, rax
mov rdx, [rsp + 38h]
call SomeFunc
becomes to :
mov rdx, rdx
mov rdx, r8
mov rcx, rax
push r8
mov r8, 12345678h
pop r8
mov rdx, [rsp + 38h]
call SomeFunc
Dividing original basic block of code on several but more smaller, through insertion jmp in middle of block to start of second of "new" block
example:
mov r10, [rax+20h]
mov eax, [rsp+98h]
mov [rsp+40h], eax
mov rax, [rsp+90h]
mov [rsp+38h], rax
mov eax, [rsp+88h]
mov [rsp+30h], eax
mov rax, [rsp+80h]
mov [rsp+28h], rax
mov [rsp+20h], r9d
becomes to :
mov r10, [rax+20h]
mov eax, [rsp+98h]
mov [rsp+40h], eax
mov rax, [rsp+90h]
mov [rsp+38h], rax
jmp l1:
...
...
...
l1 :
mov eax, [rsp+88h]
mov [rsp+30h], eax
mov rax, [rsp+80h]
mov [rsp+28h], rax
mov [rsp+20h], r9d
Changes bytecode of instruction to another bytecode
example:
48 8B CA mov rcx,rdx
becomes to :
48 89 D1 mov rcx,rdx
shellcode obfuscation
executable obfuscation
-
Windows
-
Requirements
- Git Bush
- Visual Studio 2019 (for now, but u can change runtime version and compile in on below versions)
-
Clone repo and initialize submodules
git clone https://github.com/jnastarot/furikuri.git cd furikuri git submodule update --init -
Open
furikuri.slnand build it in Visual Studio
-
-
Linux
TODO