ShenCode - ROR2ROL

ROR to ROL obfuscation

Description

Attack frameworks like metasploit hashing function names as ROR13 value. This values are often recognized by antivirus solutions. This module decodes ROR13 values and encode this values with a custom ROL operation.

Command

ror2rol --input shell.raw --output shell.enc --key 33

Example Output

[+] Reading shellcode
[+] Changing ROR key
[*] Shellcode size: 274
[*] Writing bytes to file: sc.tmp
[+] encoded shellcode created in sc.tmp
[+] DONE!

Resources

• Function Name Hashing