ROR to ROL obfuscation
Description
rolhashis only available for Windows
Attack frameworks like metasploit hashing function names as ROR13 value. This values are often recognized by antivirus solutions. This module decodes ROR13 values and encode this values with a custom ROL operation.
Command
shencode obfuscate rolhash [-h] [-i INPUT] [-o OUTPUT] [-k KEY]
options:
--help show this help message and exit
--input INPUT Input file for UUID encoding
--output OUTPUT Outputfile for ROR13 to ROL conversion
--key KEY Key to process ROR13 to ROL
Example Output
shencode obfuscate rolhash --input shell.raw --output shell.enc --key 33
[+] Reading shellcode
[+] Changing ROR key
[*] Shellcode size: 274
[*] Writing bytes to file: sc.tmp
[+] encoded shellcode created in sc.tmp
[+] DONE!