Skip to content

Instantly share code, notes, and snippets.

@hasherezade

hasherezade/magni_api.h Secret

Created March 28, 2023 21:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hasherezade/6662b534d08786ddf1ba73457d4b94fe to your computer and use it in GitHub Desktop.
Save hasherezade/6662b534d08786ddf1ba73457d4b94fe to your computer and use it in GitHub Desktop.
Download ZIP
Magniber tester
Raw
magni_api.h
#pragma once
#include <windows.h>
// function encrypting the file:
__int64 __fastcall encrypt_file(WCHAR* filename);
// function perfoming the RSA encryption with the given parameters:
void* __fastcall protect_by_assymetric_crypt(
DWORD* out_buf,
DWORD* padded_data_M,
DWORD* rsa_pub_e,
int rsa_pub_e_size,
DWORD* rsa_pub_n,
unsigned int rsa_pub_n_size);
Raw
main.cpp
#include <windows.h>
#include <iostream>
#include <detours.h> //Requires MS Detours library
#include "util.h"
#include "magni_api.h"
BYTE* g_Shellc = nullptr;
size_t g_ShellcSize = 0;
decltype(&encrypt_file) _encrypt_file = nullptr;
decltype(&protect_by_assymetric_crypt) _protect_by_assymetric_crypt = nullptr;
bool init_functions()
{
if (!g_Shellc) return false;
_encrypt_file = reinterpret_cast<decltype(&encrypt_file)>(g_Shellc + 0x4B30);
_protect_by_assymetric_crypt = reinterpret_cast<decltype(&protect_by_assymetric_crypt)>(g_Shellc + 0x1980);
return true;
}
void* __fastcall my_protect_by_assymetric_crypt(
DWORD* out_buf,
DWORD* padded_data_m,
DWORD* rsa_pub_e,
int rsa_pub_e_size,
DWORD* rsa_pub_n,
unsigned int rsa_pub_n_size)
{
std::cout << __FUNCTION__ << "\n";
dump_to_file("rsa_pub_e.bin", rsa_pub_e, rsa_pub_e_size);
dump_to_file("rsa_pub_n.bin", rsa_pub_n, rsa_pub_n_size);
dump_to_file("padded_data_m.bin", padded_data_m, rsa_pub_n_size);
void* val = _protect_by_assymetric_crypt(out_buf, padded_data_m, rsa_pub_e, rsa_pub_e_size, rsa_pub_n, rsa_pub_n_size);
dump_to_file("out_buf.bin", out_buf, rsa_pub_n_size);
return val;
}
void hook_apis()
{
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)_protect_by_assymetric_crypt, my_protect_by_assymetric_crypt);
DetourTransactionCommit();
}
int wmain(int argc, WCHAR*argv[])
{
const char shc_file[] = "magni.shc"; // sample: 3a2b8ef624b4318fc142a6266c70f88799e80d10566f6dd2d8d74e91d651491a
g_Shellc = load_file(shc_file, g_ShellcSize, PAGE_EXECUTE_READWRITE);
if (!g_Shellc) {
std::cerr << "Failed to load the shellcode! Missing file: " << shc_file << "\n";
return (-1);
}
if (argc < 2) {
std::cout << "Args: <file path>\n";
return 0;
}
init_functions();
hook_apis();
WCHAR* filename = argv[1];
std::cout << "Encrypt res: " << _encrypt_file(filename) << "\n";
return 0;
}
Raw
util.cpp
#include "util.h"
BYTE* alloc_aligned(size_t buffer_size, DWORD protect, ULONGLONG desired_base)
{
if (!buffer_size) return NULL;
BYTE* buf = (BYTE*)VirtualAlloc((LPVOID)desired_base, buffer_size, MEM_COMMIT | MEM_RESERVE, protect);
return buf;
}
bool free_aligned(BYTE* buffer)
{
if (buffer == nullptr) return true;
if (!VirtualFree(buffer, 0, MEM_RELEASE)) {
#ifdef _DEBUG
std::cerr << "Releasing failed" << std::endl;
#endif
return false;
}
return true;
}
BYTE* load_file(IN const char* filename, OUT size_t& read_size, DWORD protection)
{
HANDLE file = CreateFileA(filename, GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if (file == INVALID_HANDLE_VALUE) {
#ifdef _DEBUG
std::cerr << "Could not open file!" << std::endl;
#endif
return nullptr;
}
HANDLE mapping = CreateFileMapping(file, 0, PAGE_READONLY, 0, 0, 0);
if (!mapping) {
#ifdef _DEBUG
std::cerr << "Could not create mapping!" << std::endl;
#endif
CloseHandle(file);
return nullptr;
}
BYTE* dllRawData = (BYTE*)MapViewOfFile(mapping, FILE_MAP_READ, 0, 0, 0);
if (!dllRawData) {
#ifdef _DEBUG
std::cerr << "Could not map view of file" << std::endl;
#endif
CloseHandle(mapping);
CloseHandle(file);
return nullptr;
}
size_t r_size = GetFileSize(file, 0);
if (read_size != 0 && read_size <= r_size) {
r_size = read_size;
}
if (IsBadReadPtr(dllRawData, r_size)) {
std::cerr << "[-] Mapping of " << filename << " is invalid!" << std::endl;
UnmapViewOfFile(dllRawData);
CloseHandle(mapping);
CloseHandle(file);
return nullptr;
}
BYTE* localCopyAddress = alloc_aligned(r_size, protection, 0);
if (localCopyAddress != nullptr) {
memcpy(localCopyAddress, dllRawData, r_size);
read_size = r_size;
}
else {
read_size = 0;
#ifdef _DEBUG
std::cerr << "Could not allocate memory in the current process" << std::endl;
#endif
}
UnmapViewOfFile(dllRawData);
CloseHandle(mapping);
CloseHandle(file);
return localCopyAddress;
}
Raw
util.h
#pragma once
#include <windows.h>
#include <iostream>
BYTE* alloc_aligned(size_t buffer_size, DWORD protect, ULONGLONG desired_base);
bool free_aligned(BYTE* buffer);
BYTE* load_file(IN const char* filename, OUT size_t& read_size, DWORD protection);
template<typename T>
void print_buffer(T* buf, size_t buf_size)
{
std::cout << "Buf of size: " << std::dec << buf_size <<"\n";
size_t size = buf_size * sizeof(T);
for (size_t i = 0; i < buf_size; ++i) {
std::cout << std::hex << (int)buf[i] << ", ";
}
std::cout << "\n";
}
template<typename T>
bool dump_to_file(const char *filename, T* buf, size_t buf_size)
{
FILE* fp = fopen(filename, "wb");
if (!fp) {
return false;
}
fwrite(buf, sizeof(T), buf_size, fp);
fclose(fp);
return true;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment