metame: metamorphic code engine for arbitrary executables – Penetration Testing

metame

metame is a simple metamorphic code engine for arbitrary executables.

From Wikipedia:

Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software.

metame implementation works this way:

Open a given binary and analyze the code

Randomly replace instructions with equivalences in logic and size

Copy and patch the original binary to generate a mutated variant

It currently supports the following architectures:

x86 32 bits

x86 64 bits

Also, it supports a variety of file formats, as radare2 is used for file parsing and code analysis.

An example of code before and after mutation:

Hint: Two instructions have been replaced in this snippet.

Here another example on how it can mutate a NOP sled into equivalent code:

Installation

pip install metame

This should also install the requirements.

You will also need radare2. Refer to the official website for installation instructions.

simplejson is also a “nice to have” for a small performance boost:

pip install simplejson

Usage

metame -i original.exe -o mutation.exe -d
Use metame -h for help.

Source: http://ift.tt/2aGs5ZI

The post metame: metamorphic code engine for arbitrary executables appeared first on Penetration Testing.

http://ift.tt/2tJ9q5U http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s