Str Crypter - Payload string encryption with Rust
Str Crypter is a Rust macro for encrypting cleartext strings in a binary at compile time.
Str Crypter
I have published my first Rust crate! Very exciting :)
It’s a Rust macro which allows you when developing any red team tools or implants to encrypt strings in your payload - written in cleartext in your program. It works by converting the cleartext string to an encrypted string at compile time - the macro also expands for its decryptor - so you can pass the string around memory without ever having to worry about it appearing in your binary.
This solves the problem where you have static strings which relate to something which EDR or AntiVirus would pick up as suspicious, for example: NtOpenProcess
.
To use it, you can view the crate here: crates.io.
Add it to your Rust project with:
cargo add str_crypter
Then to use it you can simply do as follows (this is accounting for the V2.0.0 update pushed on 06/10/2024):
use str_crypter::sc;
fn main() {
let decrypted_str = sc!("Hello world!", 20);
println!("Decrypted string: {}", decrypted_str);
}
Make sure you build in release mode - you’ll still see some string artifacts if building in debug mode as debug mode leaves symbols in the binary. To verify it works, run strings against the resulting binary.
Currently, this only works with utf-8 strings, so anything outside of this character-set will cause it to throw an error.
If you do use this in a project, make sure its legal and ethical - this isn’t designed to be used by anybody breaking the law and is provided because 1) it’s a very useful utility in cyber security and other projects non-cyber related; 2) it’s helpful for blue teams to understand methodologies employed by threat actors; and 3) by itself, this is harmless.
If you use this crate, please reach out to me on twitter at 0xfluxsec and let me know your thoughts and how you used it! I’d love to see your project! <3