makne 1.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- makne-1.0/.gitattributes +2 -0
- makne-1.0/.github/workflows/publish.yml +110 -0
- makne-1.0/.gitignore +12 -0
- makne-1.0/CMakeLists.txt +78 -0
- makne-1.0/LICENSE +21 -0
- makne-1.0/PKG-INFO +379 -0
- makne-1.0/README.md +365 -0
- makne-1.0/docs/logo.png +0 -0
- makne-1.0/include/CodeReorderer.h +62 -0
- makne-1.0/include/ControlFlowObfuscator.h +76 -0
- makne-1.0/include/DataEncoder.h +60 -0
- makne-1.0/include/DecryptorGenerator.h +72 -0
- makne-1.0/include/ImportObfuscator.h +87 -0
- makne-1.0/include/InstructionSubstitutor.h +51 -0
- makne-1.0/include/JunkCodeInserter.h +37 -0
- makne-1.0/include/MetamorphicEngine.h +62 -0
- makne-1.0/include/PEStructs.h +220 -0
- makne-1.0/include/PayloadEncryptor.h +62 -0
- makne-1.0/include/PolymorphicEngine.h +202 -0
- makne-1.0/include/RegisterRandomizer.h +36 -0
- makne-1.0/include/SectionRandomizer.h +76 -0
- makne-1.0/include/Utils.h +110 -0
- makne-1.0/pyproject.toml +30 -0
- makne-1.0/python/makne/__init__.py +88 -0
- makne-1.0/python/makne/__main__.py +16 -0
- makne-1.0/src/CodeReorderer.cpp +38 -0
- makne-1.0/src/ControlFlowObfuscator.cpp +207 -0
- makne-1.0/src/DataEncoder.cpp +56 -0
- makne-1.0/src/DecryptorGenerator.cpp +407 -0
- makne-1.0/src/ImportObfuscator.cpp +531 -0
- makne-1.0/src/InstructionSubstitutor.cpp +283 -0
- makne-1.0/src/JunkCodeInserter.cpp +176 -0
- makne-1.0/src/MetamorphicEngine.cpp +705 -0
- makne-1.0/src/PayloadEncryptor.cpp +116 -0
- makne-1.0/src/PolymorphicEngine.cpp +966 -0
- makne-1.0/src/RegisterRandomizer.cpp +328 -0
- makne-1.0/src/SectionRandomizer.cpp +895 -0
- makne-1.0/src/Utils.cpp +109 -0
- makne-1.0/src/main.cpp +274 -0
makne-1.0/.gitattributes
ADDED
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
name: Publish to PyPI and GitHub Releases
|
|
2
|
+
|
|
3
|
+
on:
|
|
4
|
+
push:
|
|
5
|
+
tags:
|
|
6
|
+
- 'v*'
|
|
7
|
+
workflow_dispatch:
|
|
8
|
+
|
|
9
|
+
permissions:
|
|
10
|
+
contents: write # Required for creating release and uploading assets
|
|
11
|
+
|
|
12
|
+
jobs:
|
|
13
|
+
build_wheels:
|
|
14
|
+
name: Build wheels on ${{ matrix.os }}
|
|
15
|
+
runs-on: ${{ matrix.os }}
|
|
16
|
+
strategy:
|
|
17
|
+
matrix:
|
|
18
|
+
os: [ubuntu-latest, windows-latest, macos-latest]
|
|
19
|
+
|
|
20
|
+
steps:
|
|
21
|
+
- name: Checkout repository
|
|
22
|
+
uses: actions/checkout@v4
|
|
23
|
+
|
|
24
|
+
- name: Set up QEMU
|
|
25
|
+
if: runner.os == 'Linux'
|
|
26
|
+
uses: docker/setup-qemu-action@v3
|
|
27
|
+
|
|
28
|
+
- name: Build wheels
|
|
29
|
+
uses: pypa/cibuildwheel@v2.21.0
|
|
30
|
+
env:
|
|
31
|
+
CIBW_BUILD_FRONTEND: "build"
|
|
32
|
+
# Skip 32-bit builds on Linux/macOS, build only 64-bit to align with Zydis/PE architecture support
|
|
33
|
+
CIBW_SKIP: "*-manylinux_i686 *-musllinux_i686 cp36-* cp37-* pp*"
|
|
34
|
+
CIBW_ENVIRONMENT: "BUILD_PYTHON_PACKAGE=ON"
|
|
35
|
+
|
|
36
|
+
- name: Upload wheels as artifacts
|
|
37
|
+
uses: actions/upload-artifact@v4
|
|
38
|
+
with:
|
|
39
|
+
name: cibw-wheels-${{ matrix.os }}
|
|
40
|
+
path: ./wheelhouse/*.whl
|
|
41
|
+
|
|
42
|
+
build_sdist:
|
|
43
|
+
name: Build source distribution
|
|
44
|
+
runs-on: ubuntu-latest
|
|
45
|
+
steps:
|
|
46
|
+
- name: Checkout repository
|
|
47
|
+
uses: actions/checkout@v4
|
|
48
|
+
|
|
49
|
+
- name: Set up Python
|
|
50
|
+
uses: actions/setup-python@v5
|
|
51
|
+
with:
|
|
52
|
+
python-version: '3.11'
|
|
53
|
+
|
|
54
|
+
- name: Install build
|
|
55
|
+
run: python -m pip install build
|
|
56
|
+
|
|
57
|
+
- name: Build sdist
|
|
58
|
+
run: python -m build --sdist
|
|
59
|
+
|
|
60
|
+
- name: Upload sdist as artifact
|
|
61
|
+
uses: actions/upload-artifact@v4
|
|
62
|
+
with:
|
|
63
|
+
name: cibw-sdist
|
|
64
|
+
path: dist/*.tar.gz
|
|
65
|
+
|
|
66
|
+
publish_pypi:
|
|
67
|
+
name: Publish to PyPI
|
|
68
|
+
needs: [build_wheels, build_sdist]
|
|
69
|
+
runs-on: ubuntu-latest
|
|
70
|
+
environment:
|
|
71
|
+
name: pypi
|
|
72
|
+
url: https://pypi.org/p/makne
|
|
73
|
+
permissions:
|
|
74
|
+
id-token: write # Required for trusted publishing OIDC
|
|
75
|
+
steps:
|
|
76
|
+
- name: Download all build artifacts
|
|
77
|
+
uses: actions/download-artifact@v4
|
|
78
|
+
with:
|
|
79
|
+
pattern: cibw-*
|
|
80
|
+
path: dist
|
|
81
|
+
merge-multiple: true
|
|
82
|
+
|
|
83
|
+
- name: Publish to PyPI
|
|
84
|
+
if: startsWith(github.ref, 'refs/tags/v')
|
|
85
|
+
uses: pypa/gh-action-pypi-publish@release/v1
|
|
86
|
+
|
|
87
|
+
github_release:
|
|
88
|
+
name: Create GitHub Release
|
|
89
|
+
needs: [build_wheels, build_sdist]
|
|
90
|
+
runs-on: ubuntu-latest
|
|
91
|
+
steps:
|
|
92
|
+
- name: Checkout repository
|
|
93
|
+
uses: actions/checkout@v4
|
|
94
|
+
|
|
95
|
+
- name: Download all build artifacts
|
|
96
|
+
uses: actions/download-artifact@v4
|
|
97
|
+
with:
|
|
98
|
+
pattern: cibw-*
|
|
99
|
+
path: dist
|
|
100
|
+
merge-multiple: true
|
|
101
|
+
|
|
102
|
+
- name: Create Release and Upload Assets
|
|
103
|
+
uses: softprops/action-gh-release@v2
|
|
104
|
+
if: startsWith(github.ref, 'refs/tags/v')
|
|
105
|
+
with:
|
|
106
|
+
files: dist/*
|
|
107
|
+
draft: false
|
|
108
|
+
prerelease: false
|
|
109
|
+
env:
|
|
110
|
+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
makne-1.0/.gitignore
ADDED
makne-1.0/CMakeLists.txt
ADDED
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
cmake_minimum_required(VERSION 3.15)
|
|
2
|
+
project(makne LANGUAGES CXX)
|
|
3
|
+
|
|
4
|
+
# Set C++ Standard
|
|
5
|
+
set(CMAKE_CXX_STANDARD 17)
|
|
6
|
+
set(CMAKE_CXX_STANDARD_REQUIRED ON)
|
|
7
|
+
set(CMAKE_CXX_EXTENSIONS OFF)
|
|
8
|
+
|
|
9
|
+
# Add Include Directories
|
|
10
|
+
include_directories(include)
|
|
11
|
+
|
|
12
|
+
# Source Files
|
|
13
|
+
set(SOURCES
|
|
14
|
+
src/main.cpp
|
|
15
|
+
src/CodeReorderer.cpp
|
|
16
|
+
src/ControlFlowObfuscator.cpp
|
|
17
|
+
src/DataEncoder.cpp
|
|
18
|
+
src/DecryptorGenerator.cpp
|
|
19
|
+
src/ImportObfuscator.cpp
|
|
20
|
+
src/InstructionSubstitutor.cpp
|
|
21
|
+
src/JunkCodeInserter.cpp
|
|
22
|
+
src/MetamorphicEngine.cpp
|
|
23
|
+
src/PayloadEncryptor.cpp
|
|
24
|
+
src/PolymorphicEngine.cpp
|
|
25
|
+
src/RegisterRandomizer.cpp
|
|
26
|
+
src/SectionRandomizer.cpp
|
|
27
|
+
src/Utils.cpp
|
|
28
|
+
)
|
|
29
|
+
|
|
30
|
+
# Headers (for IDE visibility)
|
|
31
|
+
set(HEADERS
|
|
32
|
+
include/PEStructs.h
|
|
33
|
+
include/CodeReorderer.h
|
|
34
|
+
include/ControlFlowObfuscator.h
|
|
35
|
+
include/DataEncoder.h
|
|
36
|
+
include/DecryptorGenerator.h
|
|
37
|
+
include/ImportObfuscator.h
|
|
38
|
+
include/InstructionSubstitutor.h
|
|
39
|
+
include/JunkCodeInserter.h
|
|
40
|
+
include/MetamorphicEngine.h
|
|
41
|
+
include/PayloadEncryptor.h
|
|
42
|
+
include/PolymorphicEngine.h
|
|
43
|
+
include/RegisterRandomizer.h
|
|
44
|
+
include/SectionRandomizer.h
|
|
45
|
+
include/Utils.h
|
|
46
|
+
)
|
|
47
|
+
|
|
48
|
+
# Executable Target
|
|
49
|
+
add_executable(makne ${SOURCES} ${HEADERS})
|
|
50
|
+
|
|
51
|
+
# Fetch Zycore
|
|
52
|
+
include(FetchContent)
|
|
53
|
+
FetchContent_Declare(
|
|
54
|
+
zycore
|
|
55
|
+
URL https://github.com/zyantific/zycore-c/archive/refs/tags/v1.5.0.zip
|
|
56
|
+
)
|
|
57
|
+
FetchContent_MakeAvailable(zycore)
|
|
58
|
+
|
|
59
|
+
# Fetch Zydis
|
|
60
|
+
set(ZYAN_ZYCORE_PATH "${zycore_SOURCE_DIR}" CACHE PATH "The path to look for Zycore" FORCE)
|
|
61
|
+
FetchContent_Declare(
|
|
62
|
+
zydis
|
|
63
|
+
URL https://github.com/zyantific/zydis/archive/refs/tags/v4.0.0.zip
|
|
64
|
+
)
|
|
65
|
+
FetchContent_MakeAvailable(zydis)
|
|
66
|
+
|
|
67
|
+
# Link Zydis
|
|
68
|
+
target_link_libraries(makne PRIVATE Zydis)
|
|
69
|
+
|
|
70
|
+
# Compiler-specific settings
|
|
71
|
+
if(MSVC)
|
|
72
|
+
target_compile_options(makne PRIVATE /W4 /WX- /Od /EHsc)
|
|
73
|
+
else()
|
|
74
|
+
target_compile_options(makne PRIVATE -Wall -Wextra -O2)
|
|
75
|
+
endif()
|
|
76
|
+
|
|
77
|
+
# Install target for packaging
|
|
78
|
+
install(TARGETS makne DESTINATION .)
|
makne-1.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 GumokuCat
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
makne-1.0/PKG-INFO
ADDED
|
@@ -0,0 +1,379 @@
|
|
|
1
|
+
Metadata-Version: 2.2
|
|
2
|
+
Name: makne
|
|
3
|
+
Version: 1.0
|
|
4
|
+
Summary: Advanced binary-level mutation and obfuscation framework for PE binaries
|
|
5
|
+
Author: Developer
|
|
6
|
+
Classifier: Programming Language :: C++
|
|
7
|
+
Classifier: Programming Language :: Python :: 3
|
|
8
|
+
Classifier: Operating System :: Microsoft :: Windows
|
|
9
|
+
Classifier: Topic :: Security
|
|
10
|
+
Project-URL: Homepage, https://github.com/anonymouschichvy/makne
|
|
11
|
+
Project-URL: Repository, https://github.com/anonymouschichvy/makne
|
|
12
|
+
Requires-Python: >=3.7
|
|
13
|
+
Description-Content-Type: text/markdown
|
|
14
|
+
|
|
15
|
+
<p align="center">
|
|
16
|
+
<img src="docs/logo.png" alt="MAKNE" width="100%">
|
|
17
|
+
</p>
|
|
18
|
+
|
|
19
|
+
An advanced binary-level mutation and obfuscation framework for **PE (Portable Executable) both 32-bit (x86) and 64-bit (x64)** binaries written in C++17. Leveraging the high-performance **Zydis disassembler** backend, the engine dynamically parses PE files, identifies instruction/basic block boundaries, applies polymorphic and metamorphic transformation passes, and rebuilds the executable with modified section structures and updated PE metadata.
|
|
20
|
+
|
|
21
|
+
---
|
|
22
|
+
|
|
23
|
+
## 📂 Project Directory Structure
|
|
24
|
+
|
|
25
|
+
The project follows a clean, modular C++ directory layout separating definitions (headers) from source code and configurations:
|
|
26
|
+
|
|
27
|
+
```text
|
|
28
|
+
makne/
|
|
29
|
+
├── CMakeLists.txt # Cross-platform build configuration
|
|
30
|
+
├── README.md # Project documentation
|
|
31
|
+
├── include/ # Header files
|
|
32
|
+
│ ├── PEStructs.h # Native PE structures definitions (DOS, COFF, Optional headers)
|
|
33
|
+
│ ├── CodeReorderer.h # Basic block analysis and shuffling definitions
|
|
34
|
+
│ ├── ControlFlowObfuscator.h # Control flow flattening & opaque predicate definitions
|
|
35
|
+
│ ├── DataEncoder.h # Data/String encoding & decoder stub generation
|
|
36
|
+
│ ├── DecryptorGenerator.h # Polymorphic decryptor stub creation
|
|
37
|
+
│ ├── ImportObfuscator.h # IAT obfuscation and API hashing definitions
|
|
38
|
+
│ ├── InstructionSubstitutor.h# Instruction-equivalent database mapping
|
|
39
|
+
│ ├── JunkCodeInserter.h # Dead code/junk sequence generator
|
|
40
|
+
│ ├── MetamorphicEngine.h # High-level metamorphic mutation pipeline
|
|
41
|
+
│ ├── PayloadEncryptor.h # Section-level encryption management
|
|
42
|
+
│ ├── PolymorphicEngine.h # Core processing, PE parsing, and orchestrator
|
|
43
|
+
│ ├── RegisterRandomizer.h # ModR/M register mapping and randomization
|
|
44
|
+
│ ├── SectionRandomizer.h # PE section name, layout, and alignment shuffler
|
|
45
|
+
│ └── Utils.h # Randomness and helper definitions
|
|
46
|
+
└── src/ # Implementation files
|
|
47
|
+
├── main.cpp # Command-line driver and argument parser
|
|
48
|
+
├── CodeReorderer.cpp # Basic block identification, jump fixing, and shuffling
|
|
49
|
+
├── ControlFlowObfuscator.cpp # Flow flatters, dispatchers, and opaque predicates
|
|
50
|
+
├── DataEncoder.cpp # XOR, Base64, and split-string algorithms
|
|
51
|
+
├── DecryptorGenerator.cpp # Dynamic x86 assembly generator for decryption
|
|
52
|
+
├── ImportObfuscator.cpp # IAT parsing, dynamic DLL resolution, and API hashing
|
|
53
|
+
├── InstructionSubstitutor.cpp # x86 equivalent instruction mapping execution
|
|
54
|
+
├── JunkCodeInserter.cpp # NOP-equivalent & flag-safe instruction generation
|
|
55
|
+
├── MetamorphicEngine.cpp # Loop unrolling, inlining, and expansion levels
|
|
56
|
+
├── PayloadEncryptor.cpp # XOR encryption and decryption insertion logic
|
|
57
|
+
├── PolymorphicEngine.cpp # Core engine implementation (PE parsing, rebuilding)
|
|
58
|
+
├── RegisterRandomizer.cpp # Register swapping and translation tables
|
|
59
|
+
├── SectionRandomizer.cpp # Section shuffling, renaming, and alignment fixing
|
|
60
|
+
└── Utils.cpp # Cryptographic RNG (CryptoRandom)
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
## 🛠 Features & Capabilities
|
|
66
|
+
|
|
67
|
+
The engine features two distinct modes of transformation which can be combined (Mixed Mode):
|
|
68
|
+
|
|
69
|
+
### 1. Polymorphic Transformations
|
|
70
|
+
* **Zydis Disassembler Backend**: Replaced custom prefix/opcode length parsers with a full-featured Zydis decoder to safely identify x86/x64 instruction boundaries, decode operand layouts, and perform atomic byte stream modifications.
|
|
71
|
+
* **Instruction Substitution**: Replaces instruction patterns with equivalent CPU sequences. For example:
|
|
72
|
+
* `MOV reg, Imm` $\rightarrow$ `PUSH Imm; POP reg`
|
|
73
|
+
* `XOR reg, reg` $\rightarrow$ `SUB reg, reg`
|
|
74
|
+
* `NOP` $\rightarrow$ `PUSH RBX; POP RBX` or `XCHG RAX, RAX`
|
|
75
|
+
* *x64 Safety Filter*: Automatically bypasses single-byte legacy `INC` (`0x40`) / `DEC` (`0x48`) substitutions on x64 targets to prevent collisions with the REX prefix byte range (`0x40-0x4F`).
|
|
76
|
+
* **Register Randomizer**: Dynamically re-maps general-purpose register usage while adhering to strict architecture constraints:
|
|
77
|
+
* *Calling Convention Safe*: Preserves caller/callee boundary registers `RAX/EAX` (return values), `RCX/ECX, RDX/EDX, R8, R9` (arguments), `RSP/ESP, RBP/EBP` (stack frames), and `R12, R13` (special SIB addresses).
|
|
78
|
+
* *Partitioned Shuffle*: Safely shuffles registers only within legacy (`RBX, RSI, RDI`) and extension (`R10, R11, R14, R15`) groups, guaranteeing that instruction lengths and REX prefix status remain completely invariant.
|
|
79
|
+
* **Exception Directory Relocation**: Automatically parses x64 `.pdata` runtime function tables and `UNWIND_INFO` structures to relocate 32-bit exception handler RVAs when shuffling or renaming PE sections.
|
|
80
|
+
* **Code Reordering (x86/x64)**: Partitions code into basic blocks, shuffles their location, and maintains original execution flow by stitching blocks together with JMP instructions. Zydis is used to parse branch offsets and relative memory displacements to patch targets.
|
|
81
|
+
* **Junk Code Inserter (x86/x64)**: Inserts context-aware, benign junk instructions (e.g., flag-safe operations) to modify byte signatures without changing execution behavior. Filters out x86-only instructions on x64.
|
|
82
|
+
* **Control Flow Obfuscation (x86/x64)**: Distorts control flow by replacing jumps with equivalent joint condition pairs (e.g., `JO` + `JNO`) and Jcc conditions with inverted Jcc skips.
|
|
83
|
+
* **Payload Encryption**: Encrypts target payload sections (XOR, etc.) and injects dynamically generated decryptor stubs as the entry point. On x64 targets, stubs query the Process Environment Block (PEB) using `GS:[0x60]` (instead of `FS:[0x30]` on x86) for anti-debug analysis.
|
|
84
|
+
* **Data Encoding**: Encodes static data strings using XOR, Base64, or string-splitting to avoid detection of plaintext strings.
|
|
85
|
+
|
|
86
|
+
### 2. Metamorphic Transformations
|
|
87
|
+
* **Zydis Intermediate Representation**: Disassembles and decodes target functions to an IR, rewriting displacements and `%rip`-relative displacements to patch jump offsets and relocations on mutations.
|
|
88
|
+
* **Instruction Permutation (x86/x64)**: Alters instruction positions using Bernstein's data dependency conditions (RAW, WAR, WAW) while preserving stack frame layout registers (`RSP`, `ESP`, `RBP`, `EBP`).
|
|
89
|
+
* **Code Expansion**: Expands instructions to multi-byte equivalents to vary executable sizing.
|
|
90
|
+
* **Loop Unrolling & Function Inlining**: Modifies the stack frame structure and execution sequence by eliminating calls and branches.
|
|
91
|
+
* **Anti-Debugging / Anti-Emulation**: Integrates stubs to detect hypervisors, sandboxes, and debuggers (e.g., PEB checks, timing checks).
|
|
92
|
+
* **FileAlignment Section Resizing**: Safely pads, resizes, and aligns raw PE section size growth to `FileAlignment` boundaries, automatically relocating the COFF symbol table to prevent symbol warnings or image loaders crash.
|
|
93
|
+
|
|
94
|
+
---
|
|
95
|
+
|
|
96
|
+
## ⚙️ Compilation & Installation
|
|
97
|
+
|
|
98
|
+
This project can be compiled as a standalone C++ command-line tool, or installed as a Python package with programmatic C++ wrapper bindings.
|
|
99
|
+
|
|
100
|
+
### 🐍 Python Package Installation (via pip)
|
|
101
|
+
|
|
102
|
+
You can build and install the project directly as a Python package. The PEP 517 build backend (`scikit-build-core`) will automatically configure and build the C++ codebase via CMake when installing.
|
|
103
|
+
|
|
104
|
+
#### 1. Prerequisites
|
|
105
|
+
Ensure you have a C++17 compiler (MSVC on Windows, GCC on Linux, Clang on macOS) and CMake installed.
|
|
106
|
+
|
|
107
|
+
#### 2. Install from PyPI (Production)
|
|
108
|
+
|
|
109
|
+
> **Coming Soon**
|
|
110
|
+
> `makne` is not yet available on PyPI. It will be published after the initial production release.
|
|
111
|
+
|
|
112
|
+
#### 3. Install from Source (Local Development)
|
|
113
|
+
Clone the repository and run:
|
|
114
|
+
```bash
|
|
115
|
+
# Editable install (recommended for developers)
|
|
116
|
+
pip install -e .
|
|
117
|
+
|
|
118
|
+
# Or standard local install
|
|
119
|
+
pip install .
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
#### 4. Verification & Usage
|
|
123
|
+
* **CLI usage**: Installing the package registers a global command-line entry point:
|
|
124
|
+
```bash
|
|
125
|
+
makne --help
|
|
126
|
+
```
|
|
127
|
+
* **Python API usage**: You can run the obfuscator directly from Python scripts:
|
|
128
|
+
```python
|
|
129
|
+
import makne
|
|
130
|
+
|
|
131
|
+
# Obfuscate a PE binary
|
|
132
|
+
return_code = makne.obfuscate("input.exe", "output.exe", ["--polymorphic", "--substitution"])
|
|
133
|
+
if return_code == 0:
|
|
134
|
+
print("Obfuscation successful!")
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
---
|
|
138
|
+
|
|
139
|
+
### 🖥️ Native C++ Standalone Compilation
|
|
140
|
+
|
|
141
|
+
If you prefer building a standalone native executable without Python, the build system utilizes **CMake** for configuration and building. The build system automatically fetches dependencies like **Zydis disassembler** and **Zycore** via CMake's `FetchContent` module during configuration, so no manual downloading of submodules is necessary.
|
|
142
|
+
|
|
143
|
+
### 🪟 Windows (MSVC)
|
|
144
|
+
|
|
145
|
+
#### 1. Prerequisites
|
|
146
|
+
* **Visual Studio 2019 or 2022** (Community, Professional, or Enterprise).
|
|
147
|
+
* During installation, ensure the **"Desktop development with C++"** workload is checked. This installs the MSVC compiler, CMake, and the required Windows SDKs.
|
|
148
|
+
* Alternatively, you can use standalone **CMake (3.15+)** and **Build Tools for Visual Studio**.
|
|
149
|
+
|
|
150
|
+
#### 2. Building from Command Line
|
|
151
|
+
Open **Developer PowerShell for VS** or **Developer Command Prompt for VS** and run:
|
|
152
|
+
```powershell
|
|
153
|
+
# Generate the build configuration
|
|
154
|
+
cmake -B build -S .
|
|
155
|
+
|
|
156
|
+
# Build the release binary
|
|
157
|
+
cmake --build build --config Release
|
|
158
|
+
```
|
|
159
|
+
The compiled executable `makne.exe` will be located in `build/Release/`.
|
|
160
|
+
|
|
161
|
+
#### 3. Building via Visual Studio (IDE)
|
|
162
|
+
1. Open Visual Studio.
|
|
163
|
+
2. Select **Open a local folder** and choose the root directory containing `CMakeLists.txt`.
|
|
164
|
+
3. Visual Studio will automatically detect and configure the CMake project.
|
|
165
|
+
4. Go to the menu: **Build > Build All** (or select the `makne.exe` startup item and press F5/Ctrl+F5 to build and run).
|
|
166
|
+
|
|
167
|
+
---
|
|
168
|
+
|
|
169
|
+
### 🐧 Linux (GCC/Clang)
|
|
170
|
+
|
|
171
|
+
#### 1. Prerequisites
|
|
172
|
+
Install CMake and a C++17 compatible compiler (GCC 8+ or Clang 7+):
|
|
173
|
+
* **Ubuntu / Debian**:
|
|
174
|
+
```bash
|
|
175
|
+
sudo apt update
|
|
176
|
+
sudo apt install -y build-essential cmake
|
|
177
|
+
```
|
|
178
|
+
* **Fedora / CentOS / RHEL**:
|
|
179
|
+
```bash
|
|
180
|
+
sudo dnf groupinstall -y "Development Tools"
|
|
181
|
+
sudo dnf install -y cmake
|
|
182
|
+
```
|
|
183
|
+
* **Arch Linux**:
|
|
184
|
+
```bash
|
|
185
|
+
sudo pacman -Syu base-devel cmake
|
|
186
|
+
```
|
|
187
|
+
|
|
188
|
+
#### 2. Building
|
|
189
|
+
Open a terminal in the project root folder:
|
|
190
|
+
```bash
|
|
191
|
+
# Generate build configuration for a Release build
|
|
192
|
+
cmake -B build -S . -DCMAKE_BUILD_TYPE=Release
|
|
193
|
+
|
|
194
|
+
# Build the project
|
|
195
|
+
cmake --build build
|
|
196
|
+
```
|
|
197
|
+
The compiled executable `makne` will be located in `build/`.
|
|
198
|
+
|
|
199
|
+
---
|
|
200
|
+
|
|
201
|
+
### 🍎 macOS (Clang)
|
|
202
|
+
|
|
203
|
+
#### 1. Prerequisites
|
|
204
|
+
* **Xcode Command Line Tools**: Install them by running the following command in terminal:
|
|
205
|
+
```bash
|
|
206
|
+
xcode-select --install
|
|
207
|
+
```
|
|
208
|
+
* **CMake**: Install CMake using a package manager:
|
|
209
|
+
* **Homebrew** (Recommended):
|
|
210
|
+
```bash
|
|
211
|
+
brew install cmake
|
|
212
|
+
```
|
|
213
|
+
* **MacPorts**:
|
|
214
|
+
```bash
|
|
215
|
+
sudo port install cmake
|
|
216
|
+
```
|
|
217
|
+
|
|
218
|
+
#### 2. Building
|
|
219
|
+
Open a terminal in the project root folder:
|
|
220
|
+
```bash
|
|
221
|
+
# Generate build configuration for a Release build
|
|
222
|
+
cmake -B build -S . -DCMAKE_BUILD_TYPE=Release
|
|
223
|
+
|
|
224
|
+
# Build the project
|
|
225
|
+
cmake --build build
|
|
226
|
+
```
|
|
227
|
+
The compiled executable `makne` will be located in `build/`.
|
|
228
|
+
|
|
229
|
+
---
|
|
230
|
+
|
|
231
|
+
## 🧠 System Architecture & Logic
|
|
232
|
+
|
|
233
|
+
```mermaid
|
|
234
|
+
graph TD
|
|
235
|
+
A[Input PE Binary] --> B[PE Parser]
|
|
236
|
+
B --> C[Disassembler & Block Finder]
|
|
237
|
+
C --> D{Transformation Mode}
|
|
238
|
+
|
|
239
|
+
D -->|Polymorphic| E[Polymorphic Pipeline]
|
|
240
|
+
D -->|Metamorphic| F[Metamorphic Pipeline]
|
|
241
|
+
D -->|Mixed| G[Polymorphic & Metamorphic Pipeline]
|
|
242
|
+
|
|
243
|
+
E --> H[Payload Encryption & Stub Generation]
|
|
244
|
+
F --> I[Block Permutation & Expansion]
|
|
245
|
+
G --> J[Combined Transformations]
|
|
246
|
+
|
|
247
|
+
H --> K[PE Rebuilder & Checksum Generator]
|
|
248
|
+
I --> K
|
|
249
|
+
J --> K
|
|
250
|
+
|
|
251
|
+
K --> L[Output Obfuscated PE Binary]
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
### Flow Walkthrough
|
|
255
|
+
|
|
256
|
+
1. **Parsing (PE Parser)**:
|
|
257
|
+
Loads the raw byte stream of the target `.exe` file. Parses the DOS MZ signature, COFF Header, Optional Header, and Sections to build an in-memory structural mapping of code (`.text`) and data (`.data`, `.rdata`) segments.
|
|
258
|
+
2. **Code Analysis & Disassembly**:
|
|
259
|
+
Parses machine code instructions, determines byte length boundary offsets, identifies branches (jumps, calls), and isolates independent execution blocks (Basic Blocks).
|
|
260
|
+
3. **Applying Mutations**:
|
|
261
|
+
Runs the pipeline of selected obfuscation passes. The engine tracks offset modifications since instruction substitution, junk insertion, and block shuffling alter virtual addresses (RVAs).
|
|
262
|
+
4. **Header Reconstruction & Rebuilding**:
|
|
263
|
+
Adjusts relocations, recalculates Entry Point (OEP), shifts Section Headers offsets, fixes the Import Address Table (IAT) pointers, generates dynamic import-resolving stubs, computes a new PE checksum, and saves the new output binary.
|
|
264
|
+
|
|
265
|
+
---
|
|
266
|
+
|
|
267
|
+
## 🚀 CLI Usage & Examples
|
|
268
|
+
|
|
269
|
+
### Usage syntax:
|
|
270
|
+
* **Windows (PowerShell/CMD)**:
|
|
271
|
+
```powershell
|
|
272
|
+
.\makne.exe <input.exe> <output.exe> [options]
|
|
273
|
+
```
|
|
274
|
+
* **Linux / macOS**:
|
|
275
|
+
```bash
|
|
276
|
+
./makne <input.exe> <output.exe> [options]
|
|
277
|
+
```
|
|
278
|
+
|
|
279
|
+
### CLI Command Options
|
|
280
|
+
|
|
281
|
+
| Option | Category | Description |
|
|
282
|
+
| :--- | :--- | :--- |
|
|
283
|
+
| `--polymorphic` | Transformation | Apply polymorphic transformations (Default) |
|
|
284
|
+
| `--metamorphic` | Transformation | Apply metamorphic transformations |
|
|
285
|
+
| `--mixed` | Transformation | Combine both polymorphic & metamorphic pipelines |
|
|
286
|
+
| `--substitution` | Polymorphic | Enable instruction substitutions |
|
|
287
|
+
| `--registers` | Polymorphic | Enable register randomization |
|
|
288
|
+
| `--reorder` | Polymorphic | Enable basic block code reordering |
|
|
289
|
+
| `--junk` | Polymorphic | Enable junk/dead code insertion |
|
|
290
|
+
| `--cflow` | Polymorphic | Enable control flow obfuscation (flattening/predicates) |
|
|
291
|
+
| `--encrypt` | Polymorphic | Enable payload section encryption |
|
|
292
|
+
| `--data` | Polymorphic | Enable static data/string encoding |
|
|
293
|
+
| `--sections` | Polymorphic | Randomize section names and layout |
|
|
294
|
+
| `--imports` | Polymorphic | Obfuscate IAT and import names |
|
|
295
|
+
| `--permute <1-5>` | Metamorphic | Set instruction permutation complexity level |
|
|
296
|
+
| `--expand <1-5>` | Metamorphic | Set code expansion multiplier |
|
|
297
|
+
| `--garbage <1-5>` | Metamorphic | Set junk insertion density |
|
|
298
|
+
| `--unroll` | Metamorphic | Enable loop unrolling |
|
|
299
|
+
| `--inline` | Metamorphic | Enable function inlining |
|
|
300
|
+
| `--antidebug` | Advanced | Add anti-debugger stub detections |
|
|
301
|
+
| `--antiemu` | Advanced | Add anti-emulation timing checks |
|
|
302
|
+
| `--level <1-5>` | Advanced | Set global obfuscation intensity (default: 3) |
|
|
303
|
+
| `--iterations <n>`| Advanced | Number of mutation passes to run |
|
|
304
|
+
| `--help` | General | Display help documentation |
|
|
305
|
+
|
|
306
|
+
### Command Examples
|
|
307
|
+
|
|
308
|
+
Below are examples of how to run the engine. Make sure to run them from the directory containing the compiled executable (`build/` or `build/Release/`), or provide the full path to it.
|
|
309
|
+
|
|
310
|
+
#### 1. Display Help & Options
|
|
311
|
+
Verify the installation and see the full list of supported parameters.
|
|
312
|
+
* **Windows (PowerShell)**:
|
|
313
|
+
```powershell
|
|
314
|
+
.\makne.exe --help
|
|
315
|
+
```
|
|
316
|
+
* **Linux / macOS**:
|
|
317
|
+
```bash
|
|
318
|
+
./makne --help
|
|
319
|
+
```
|
|
320
|
+
|
|
321
|
+
#### 2. Standard Polymorphic Obfuscation
|
|
322
|
+
Applies instruction substitutions, register randomization, code reordering, and section name/layout randomization.
|
|
323
|
+
* **Windows (PowerShell)**:
|
|
324
|
+
```powershell
|
|
325
|
+
.\makne.exe input.exe output.exe --polymorphic --substitution --registers --reorder --sections
|
|
326
|
+
```
|
|
327
|
+
* **Linux / macOS**:
|
|
328
|
+
```bash
|
|
329
|
+
./makne input.exe output.exe --polymorphic --substitution --registers --reorder --sections
|
|
330
|
+
```
|
|
331
|
+
* **Explanation of flags**:
|
|
332
|
+
* `--polymorphic`: Activates the polymorphic transformation pipeline.
|
|
333
|
+
* `--substitution`: Replaces common instruction patterns with equivalent sequences.
|
|
334
|
+
* `--registers`: Randomizes general-purpose register usage safely.
|
|
335
|
+
* `--reorder`: Partitions code into basic blocks and shuffles them, adding stitching jumps.
|
|
336
|
+
* `--sections`: Randomizes PE section names and structural layout.
|
|
337
|
+
|
|
338
|
+
#### 3. Advanced Metamorphic Obfuscation
|
|
339
|
+
Applies aggressive code expansion, high complexity instruction permutations, loop unrolling, and function inlining.
|
|
340
|
+
* **Windows (PowerShell)**:
|
|
341
|
+
```powershell
|
|
342
|
+
.\makne.exe input.exe output.exe --metamorphic --permute 5 --expand 4 --unroll --inline
|
|
343
|
+
```
|
|
344
|
+
* **Linux / macOS**:
|
|
345
|
+
```bash
|
|
346
|
+
./makne input.exe output.exe --metamorphic --permute 5 --expand 4 --unroll --inline
|
|
347
|
+
```
|
|
348
|
+
* **Explanation of flags**:
|
|
349
|
+
* `--metamorphic`: Activates the metamorphic transformation pipeline.
|
|
350
|
+
* `--permute 5`: Sets the highest complexity (level 5) for instruction permutation.
|
|
351
|
+
* `--expand 4`: Sets the code expansion multiplier to 4.
|
|
352
|
+
* `--unroll`: Enables optimization loop unrolling.
|
|
353
|
+
* `--inline`: Inlines function calls where safe.
|
|
354
|
+
|
|
355
|
+
#### 4. Mixed Maximum Protection (Combined Pipeline)
|
|
356
|
+
Combines all metamorphic and polymorphic features, flattens control flow, obfuscates import tables, encodes static strings, adds anti-analysis/debugger/emulation checks, and runs multiple passes.
|
|
357
|
+
* **Windows (PowerShell)**:
|
|
358
|
+
```powershell
|
|
359
|
+
.\makne.exe input.exe output.exe --mixed --cflow --encrypt --imports --data --antidebug --antiemu --level 5 --iterations 2
|
|
360
|
+
```
|
|
361
|
+
* **Linux / macOS**:
|
|
362
|
+
```bash
|
|
363
|
+
./makne input.exe output.exe --mixed --cflow --encrypt --imports --data --antidebug --antiemu --level 5 --iterations 2
|
|
364
|
+
```
|
|
365
|
+
* **Explanation of flags**:
|
|
366
|
+
* `--mixed`: Runs both the polymorphic and metamorphic pipelines sequentially.
|
|
367
|
+
* `--cflow`: Distorts control flow via dispatchers and opaque predicates.
|
|
368
|
+
* `--encrypt`: Encrypts target sections and inserts a decryption stub at the entry point.
|
|
369
|
+
* `--imports`: Obfuscates the Import Address Table (IAT) and dynamically resolves DLLs.
|
|
370
|
+
* `--data`: Encodes static strings (XOR/Base64/splitting).
|
|
371
|
+
* `--antidebug` & `--antiemu`: Injects checks to detect debuggers, hypervisors, and sandboxes.
|
|
372
|
+
* `--level 5`: Sets global intensity to maximum (5).
|
|
373
|
+
* `--iterations 2`: Runs the entire mutation pipeline twice to generate nested layers of obfuscation.
|
|
374
|
+
|
|
375
|
+
---
|
|
376
|
+
|
|
377
|
+
## ⚖️ License & Disclaimer
|
|
378
|
+
|
|
379
|
+
This software is developed strictly for **educational, security research, and defensive binary analysis** purposes. Using this software to obfuscate malware to bypass anti-virus scanners for unauthorized deployment is strictly prohibited and a violation of local and international laws. The developers assume no liability for misuse of this tool.
|