Sgn

Shikata ga nai (仕方がない) encoder ported into go with several improvements
Alternatives To Sgn
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Blurhash13,847296120 hours ago9September 12, 202244mitC
A very compact representation of a placeholder for an image.
Nmt6,085
8 months ago275apache-2.0Python
TensorFlow Neural Machine Translation Tutorial
Seq2seq5,300
3 years ago194apache-2.0Python
A general-purpose encoder-decoder framework for Tensorflow
Pytorch Seq2seq4,548
4 days ago56mitJupyter Notebook
Tutorials on implementing a few sequence-to-sequence (seq2seq) models with PyTorch and TorchText.
Ultrajson4,0843,278920a day ago33July 02, 202225otherC
Ultra fast JSON decoder and encoder written in C with Python bindings
Flif3,682
a year ago1March 20, 2019137otherC++
Free Lossless Image Format
Seq2seq3,118
10 months ago105gpl-2.0Python
Sequence to Sequence Learning with Keras
He2,719373,3161,1442 years ago27September 23, 201817mitJavaScript
A robust HTML entity encoder/decoder written in JavaScript.
Ffjson2,6202423564 years ago2February 06, 201557apache-2.0Go
faster JSON serialization for Go
Iced2,3589202 days ago25February 24, 202211mitRust
Blazing fast and correct x86/x64 disassembler, assembler, decoder, encoder for Rust, .NET, Java, Python, Lua
Alternatives To Sgn
Select To Compare


Alternative Project Comparisons
Readme

SGN is a polymorphic binary encoder for offensive security purposes such as generating statically undetecable binary payloads. It uses a additive feedback loop to encode given binary instructions similar to LFSR. This project is the reimplementation of the original Shikata ga nai in golang with many improvements.

How? & Why?

For offensive security community, the original implementation of shikata ga nai encoder is considered to be the best shellcode encoder(until now). But over the years security researchers found several pitfalls for statically detecing the encoder(related work FireEye article). The main motive for this project was to create a better encoder that encodes the given binary to the point it is identical with totally random data and not possible to detect the presence of a decoder. With the help of keystone assembler library following improvments are implemented.

  • [x] 64 bit support. Finally properly encoded x64 shellcodes !
  • [x] New smaller decoder stub. LFSR key reduced to 1 byte
  • [x] Encoded stub with pseudo random schema. Decoder stub is also encoded with a psudo random schema
  • [x] No visible loop condition Stub decodes itself WITHOUT using any loop conditions !!
  • [x] Decoder stub obfuscation. Random garbage instruction generator added with keystone
  • [x] Safe register option. Non of the registers are clobbered (optional preable, may reduce polimorphism)

Install

You can get the pre-compiled binaries HERE. For building from source follow the steps bellow.

Dependencies:

The only dependency for building the source is the keystone engine, follow these instructions for installing the library. Once libkeystone is installed on the system, simply just go get it ツ

go install github.com/EgeBalci/[email protected]

DOCKER INSTALL

Docker

docker pull egee/sgn
docker run -it egee/sgn

Usage

-h is pretty self explanatory use -v if you want to see what's going on behind the scenes ( ͡° ͜ʖ ͡°)_/¯

       __   _ __        __                               _ 
  ___ / /  (_) /_____ _/ /____ _  ___ ____ _  ___  ___ _(_)
 (_-</ _ \/ /  '_/ _ `/ __/ _ `/ / _ `/ _ `/ / _ \/ _ `/ / 
/___/_//_/_/_/\_\\_,_/\__/\_,_/  \_, /\_,_/ /_//_/\_,_/_/  
========[Author:-Ege-Balcı-]====/___/=======v2.0.0=========  
    ┻━┻ ︵ヽ(`Д´)ノ︵ ┻━┻           (ノ ゜Д゜)ノ ︵ 仕方がない

Usage: sgn [OPTIONS] <FILE>
  -a int
    	Binary architecture (32/64) (default 32)
  -asci
    	Generates a full ASCI printable payload (takes very long time to bruteforce)
  -badchars string
    	Don't use specified bad characters given in hex format (\x00\x01\x02...)
  -c int
    	Number of times to encode the binary (increases overall size) (default 1)
  -h	Print help
  -max int
    	Maximum number of bytes for obfuscation (default 20)
  -o string
    	Encoded output binary name
  -plain-decoder
    	Do not encode the decoder stub
  -safe
    	Do not modify and register values
  -v	More verbose output

Docker Usage

docker run -it -v /tmp/:/tmp/ sgn /tmp/shellcode

Using As Library

Warning !! SGN package is still under development for better performance and several improvements. Most of the functions are subject to change.

package main

import (
	"encoding/hex"
	"fmt"
	"io/ioutil"

	sgn "github.com/egebalci/sgn/lib"
)

func main() {
	// First open some file
	file, err := ioutil.ReadFile("myfile.bin")
	if err != nil { // check error
		fmt.Println(err)
		return
	}
	// Create a new SGN encoder
	encoder := sgn.NewEncoder()
	// Set the proper architecture
	encoder.SetArchitecture(64)
	// Encode the binary
	encodedBinary, err := encoder.Encode(file)
	if err != nil {
		fmt.Println(err)
		return
	}
	// Print out the hex dump of the encoded binary
	fmt.Println(hex.Dump(encodedBinary))

}

Execution Flow

The following image is a basic workflow diagram for the encoder. But keep in mind that the sizes, locations and orders will change for garbage instructions, decoders and schema decoders on each iteration.

LFSR itself is pretty powerful in terms of probability space. For even more polimorphism garbage instructions are appended at the begining of the unencoded raw payload. Below image shows the the companion matrix of the characteristic polynomial of the LFSR and denoting the seed as a column vector, the state of the register in Fibonacci configuration after k steps.

Challenge

Considering the probability space of this encoder I personally don't think that any rule based static detection mechanism can detect the binaries that are encoded with SGN. In fact I am willing to give out the donation money for this project as a symbolic prize if anyone can write a YARA rule that can detect every encoded output. Check out HERE for the guidelines and rules for claiming the donation money.

Current Donation Amount

QR

If you tried and failed please consider donating [̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅]

Popular Encoder Projects
Popular Decoder Projects
Popular Media Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Golang
Decoder
Encoder
Stub
Keystone