makne 1.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. makne-1.0/.gitattributes +2 -0
  2. makne-1.0/.github/workflows/publish.yml +110 -0
  3. makne-1.0/.gitignore +12 -0
  4. makne-1.0/CMakeLists.txt +78 -0
  5. makne-1.0/LICENSE +21 -0
  6. makne-1.0/PKG-INFO +379 -0
  7. makne-1.0/README.md +365 -0
  8. makne-1.0/docs/logo.png +0 -0
  9. makne-1.0/include/CodeReorderer.h +62 -0
  10. makne-1.0/include/ControlFlowObfuscator.h +76 -0
  11. makne-1.0/include/DataEncoder.h +60 -0
  12. makne-1.0/include/DecryptorGenerator.h +72 -0
  13. makne-1.0/include/ImportObfuscator.h +87 -0
  14. makne-1.0/include/InstructionSubstitutor.h +51 -0
  15. makne-1.0/include/JunkCodeInserter.h +37 -0
  16. makne-1.0/include/MetamorphicEngine.h +62 -0
  17. makne-1.0/include/PEStructs.h +220 -0
  18. makne-1.0/include/PayloadEncryptor.h +62 -0
  19. makne-1.0/include/PolymorphicEngine.h +202 -0
  20. makne-1.0/include/RegisterRandomizer.h +36 -0
  21. makne-1.0/include/SectionRandomizer.h +76 -0
  22. makne-1.0/include/Utils.h +110 -0
  23. makne-1.0/pyproject.toml +30 -0
  24. makne-1.0/python/makne/__init__.py +88 -0
  25. makne-1.0/python/makne/__main__.py +16 -0
  26. makne-1.0/src/CodeReorderer.cpp +38 -0
  27. makne-1.0/src/ControlFlowObfuscator.cpp +207 -0
  28. makne-1.0/src/DataEncoder.cpp +56 -0
  29. makne-1.0/src/DecryptorGenerator.cpp +407 -0
  30. makne-1.0/src/ImportObfuscator.cpp +531 -0
  31. makne-1.0/src/InstructionSubstitutor.cpp +283 -0
  32. makne-1.0/src/JunkCodeInserter.cpp +176 -0
  33. makne-1.0/src/MetamorphicEngine.cpp +705 -0
  34. makne-1.0/src/PayloadEncryptor.cpp +116 -0
  35. makne-1.0/src/PolymorphicEngine.cpp +966 -0
  36. makne-1.0/src/RegisterRandomizer.cpp +328 -0
  37. makne-1.0/src/SectionRandomizer.cpp +895 -0
  38. makne-1.0/src/Utils.cpp +109 -0
  39. makne-1.0/src/main.cpp +274 -0
@@ -0,0 +1,2 @@
1
+ # Auto detect text files and perform LF normalization
2
+ * text=auto
@@ -0,0 +1,110 @@
1
+ name: Publish to PyPI and GitHub Releases
2
+
3
+ on:
4
+ push:
5
+ tags:
6
+ - 'v*'
7
+ workflow_dispatch:
8
+
9
+ permissions:
10
+ contents: write # Required for creating release and uploading assets
11
+
12
+ jobs:
13
+ build_wheels:
14
+ name: Build wheels on ${{ matrix.os }}
15
+ runs-on: ${{ matrix.os }}
16
+ strategy:
17
+ matrix:
18
+ os: [ubuntu-latest, windows-latest, macos-latest]
19
+
20
+ steps:
21
+ - name: Checkout repository
22
+ uses: actions/checkout@v4
23
+
24
+ - name: Set up QEMU
25
+ if: runner.os == 'Linux'
26
+ uses: docker/setup-qemu-action@v3
27
+
28
+ - name: Build wheels
29
+ uses: pypa/cibuildwheel@v2.21.0
30
+ env:
31
+ CIBW_BUILD_FRONTEND: "build"
32
+ # Skip 32-bit builds on Linux/macOS, build only 64-bit to align with Zydis/PE architecture support
33
+ CIBW_SKIP: "*-manylinux_i686 *-musllinux_i686 cp36-* cp37-* pp*"
34
+ CIBW_ENVIRONMENT: "BUILD_PYTHON_PACKAGE=ON"
35
+
36
+ - name: Upload wheels as artifacts
37
+ uses: actions/upload-artifact@v4
38
+ with:
39
+ name: cibw-wheels-${{ matrix.os }}
40
+ path: ./wheelhouse/*.whl
41
+
42
+ build_sdist:
43
+ name: Build source distribution
44
+ runs-on: ubuntu-latest
45
+ steps:
46
+ - name: Checkout repository
47
+ uses: actions/checkout@v4
48
+
49
+ - name: Set up Python
50
+ uses: actions/setup-python@v5
51
+ with:
52
+ python-version: '3.11'
53
+
54
+ - name: Install build
55
+ run: python -m pip install build
56
+
57
+ - name: Build sdist
58
+ run: python -m build --sdist
59
+
60
+ - name: Upload sdist as artifact
61
+ uses: actions/upload-artifact@v4
62
+ with:
63
+ name: cibw-sdist
64
+ path: dist/*.tar.gz
65
+
66
+ publish_pypi:
67
+ name: Publish to PyPI
68
+ needs: [build_wheels, build_sdist]
69
+ runs-on: ubuntu-latest
70
+ environment:
71
+ name: pypi
72
+ url: https://pypi.org/p/makne
73
+ permissions:
74
+ id-token: write # Required for trusted publishing OIDC
75
+ steps:
76
+ - name: Download all build artifacts
77
+ uses: actions/download-artifact@v4
78
+ with:
79
+ pattern: cibw-*
80
+ path: dist
81
+ merge-multiple: true
82
+
83
+ - name: Publish to PyPI
84
+ if: startsWith(github.ref, 'refs/tags/v')
85
+ uses: pypa/gh-action-pypi-publish@release/v1
86
+
87
+ github_release:
88
+ name: Create GitHub Release
89
+ needs: [build_wheels, build_sdist]
90
+ runs-on: ubuntu-latest
91
+ steps:
92
+ - name: Checkout repository
93
+ uses: actions/checkout@v4
94
+
95
+ - name: Download all build artifacts
96
+ uses: actions/download-artifact@v4
97
+ with:
98
+ pattern: cibw-*
99
+ path: dist
100
+ merge-multiple: true
101
+
102
+ - name: Create Release and Upload Assets
103
+ uses: softprops/action-gh-release@v2
104
+ if: startsWith(github.ref, 'refs/tags/v')
105
+ with:
106
+ files: dist/*
107
+ draft: false
108
+ prerelease: false
109
+ env:
110
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
makne-1.0/.gitignore ADDED
@@ -0,0 +1,12 @@
1
+ CMakeLists.txt.user
2
+ CMakeCache.txt
3
+ CMakeFiles
4
+ CMakeScripts
5
+ Testing
6
+ Makefile
7
+ cmake_install.cmake
8
+ install_manifest.txt
9
+ compile_commands.json
10
+ CTestTestfile.cmake
11
+ _deps
12
+ CMakeUserPresets.json
@@ -0,0 +1,78 @@
1
+ cmake_minimum_required(VERSION 3.15)
2
+ project(makne LANGUAGES CXX)
3
+
4
+ # Set C++ Standard
5
+ set(CMAKE_CXX_STANDARD 17)
6
+ set(CMAKE_CXX_STANDARD_REQUIRED ON)
7
+ set(CMAKE_CXX_EXTENSIONS OFF)
8
+
9
+ # Add Include Directories
10
+ include_directories(include)
11
+
12
+ # Source Files
13
+ set(SOURCES
14
+ src/main.cpp
15
+ src/CodeReorderer.cpp
16
+ src/ControlFlowObfuscator.cpp
17
+ src/DataEncoder.cpp
18
+ src/DecryptorGenerator.cpp
19
+ src/ImportObfuscator.cpp
20
+ src/InstructionSubstitutor.cpp
21
+ src/JunkCodeInserter.cpp
22
+ src/MetamorphicEngine.cpp
23
+ src/PayloadEncryptor.cpp
24
+ src/PolymorphicEngine.cpp
25
+ src/RegisterRandomizer.cpp
26
+ src/SectionRandomizer.cpp
27
+ src/Utils.cpp
28
+ )
29
+
30
+ # Headers (for IDE visibility)
31
+ set(HEADERS
32
+ include/PEStructs.h
33
+ include/CodeReorderer.h
34
+ include/ControlFlowObfuscator.h
35
+ include/DataEncoder.h
36
+ include/DecryptorGenerator.h
37
+ include/ImportObfuscator.h
38
+ include/InstructionSubstitutor.h
39
+ include/JunkCodeInserter.h
40
+ include/MetamorphicEngine.h
41
+ include/PayloadEncryptor.h
42
+ include/PolymorphicEngine.h
43
+ include/RegisterRandomizer.h
44
+ include/SectionRandomizer.h
45
+ include/Utils.h
46
+ )
47
+
48
+ # Executable Target
49
+ add_executable(makne ${SOURCES} ${HEADERS})
50
+
51
+ # Fetch Zycore
52
+ include(FetchContent)
53
+ FetchContent_Declare(
54
+ zycore
55
+ URL https://github.com/zyantific/zycore-c/archive/refs/tags/v1.5.0.zip
56
+ )
57
+ FetchContent_MakeAvailable(zycore)
58
+
59
+ # Fetch Zydis
60
+ set(ZYAN_ZYCORE_PATH "${zycore_SOURCE_DIR}" CACHE PATH "The path to look for Zycore" FORCE)
61
+ FetchContent_Declare(
62
+ zydis
63
+ URL https://github.com/zyantific/zydis/archive/refs/tags/v4.0.0.zip
64
+ )
65
+ FetchContent_MakeAvailable(zydis)
66
+
67
+ # Link Zydis
68
+ target_link_libraries(makne PRIVATE Zydis)
69
+
70
+ # Compiler-specific settings
71
+ if(MSVC)
72
+ target_compile_options(makne PRIVATE /W4 /WX- /Od /EHsc)
73
+ else()
74
+ target_compile_options(makne PRIVATE -Wall -Wextra -O2)
75
+ endif()
76
+
77
+ # Install target for packaging
78
+ install(TARGETS makne DESTINATION .)
makne-1.0/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 GumokuCat
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
makne-1.0/PKG-INFO ADDED
@@ -0,0 +1,379 @@
1
+ Metadata-Version: 2.2
2
+ Name: makne
3
+ Version: 1.0
4
+ Summary: Advanced binary-level mutation and obfuscation framework for PE binaries
5
+ Author: Developer
6
+ Classifier: Programming Language :: C++
7
+ Classifier: Programming Language :: Python :: 3
8
+ Classifier: Operating System :: Microsoft :: Windows
9
+ Classifier: Topic :: Security
10
+ Project-URL: Homepage, https://github.com/anonymouschichvy/makne
11
+ Project-URL: Repository, https://github.com/anonymouschichvy/makne
12
+ Requires-Python: >=3.7
13
+ Description-Content-Type: text/markdown
14
+
15
+ <p align="center">
16
+ <img src="docs/logo.png" alt="MAKNE" width="100%">
17
+ </p>
18
+
19
+ An advanced binary-level mutation and obfuscation framework for **PE (Portable Executable) both 32-bit (x86) and 64-bit (x64)** binaries written in C++17. Leveraging the high-performance **Zydis disassembler** backend, the engine dynamically parses PE files, identifies instruction/basic block boundaries, applies polymorphic and metamorphic transformation passes, and rebuilds the executable with modified section structures and updated PE metadata.
20
+
21
+ ---
22
+
23
+ ## 📂 Project Directory Structure
24
+
25
+ The project follows a clean, modular C++ directory layout separating definitions (headers) from source code and configurations:
26
+
27
+ ```text
28
+ makne/
29
+ ├── CMakeLists.txt # Cross-platform build configuration
30
+ ├── README.md # Project documentation
31
+ ├── include/ # Header files
32
+ │ ├── PEStructs.h # Native PE structures definitions (DOS, COFF, Optional headers)
33
+ │ ├── CodeReorderer.h # Basic block analysis and shuffling definitions
34
+ │ ├── ControlFlowObfuscator.h # Control flow flattening & opaque predicate definitions
35
+ │ ├── DataEncoder.h # Data/String encoding & decoder stub generation
36
+ │ ├── DecryptorGenerator.h # Polymorphic decryptor stub creation
37
+ │ ├── ImportObfuscator.h # IAT obfuscation and API hashing definitions
38
+ │ ├── InstructionSubstitutor.h# Instruction-equivalent database mapping
39
+ │ ├── JunkCodeInserter.h # Dead code/junk sequence generator
40
+ │ ├── MetamorphicEngine.h # High-level metamorphic mutation pipeline
41
+ │ ├── PayloadEncryptor.h # Section-level encryption management
42
+ │ ├── PolymorphicEngine.h # Core processing, PE parsing, and orchestrator
43
+ │ ├── RegisterRandomizer.h # ModR/M register mapping and randomization
44
+ │ ├── SectionRandomizer.h # PE section name, layout, and alignment shuffler
45
+ │ └── Utils.h # Randomness and helper definitions
46
+ └── src/ # Implementation files
47
+ ├── main.cpp # Command-line driver and argument parser
48
+ ├── CodeReorderer.cpp # Basic block identification, jump fixing, and shuffling
49
+ ├── ControlFlowObfuscator.cpp # Flow flatters, dispatchers, and opaque predicates
50
+ ├── DataEncoder.cpp # XOR, Base64, and split-string algorithms
51
+ ├── DecryptorGenerator.cpp # Dynamic x86 assembly generator for decryption
52
+ ├── ImportObfuscator.cpp # IAT parsing, dynamic DLL resolution, and API hashing
53
+ ├── InstructionSubstitutor.cpp # x86 equivalent instruction mapping execution
54
+ ├── JunkCodeInserter.cpp # NOP-equivalent & flag-safe instruction generation
55
+ ├── MetamorphicEngine.cpp # Loop unrolling, inlining, and expansion levels
56
+ ├── PayloadEncryptor.cpp # XOR encryption and decryption insertion logic
57
+ ├── PolymorphicEngine.cpp # Core engine implementation (PE parsing, rebuilding)
58
+ ├── RegisterRandomizer.cpp # Register swapping and translation tables
59
+ ├── SectionRandomizer.cpp # Section shuffling, renaming, and alignment fixing
60
+ └── Utils.cpp # Cryptographic RNG (CryptoRandom)
61
+ ```
62
+
63
+ ---
64
+
65
+ ## 🛠 Features & Capabilities
66
+
67
+ The engine features two distinct modes of transformation which can be combined (Mixed Mode):
68
+
69
+ ### 1. Polymorphic Transformations
70
+ * **Zydis Disassembler Backend**: Replaced custom prefix/opcode length parsers with a full-featured Zydis decoder to safely identify x86/x64 instruction boundaries, decode operand layouts, and perform atomic byte stream modifications.
71
+ * **Instruction Substitution**: Replaces instruction patterns with equivalent CPU sequences. For example:
72
+ * `MOV reg, Imm` $\rightarrow$ `PUSH Imm; POP reg`
73
+ * `XOR reg, reg` $\rightarrow$ `SUB reg, reg`
74
+ * `NOP` $\rightarrow$ `PUSH RBX; POP RBX` or `XCHG RAX, RAX`
75
+ * *x64 Safety Filter*: Automatically bypasses single-byte legacy `INC` (`0x40`) / `DEC` (`0x48`) substitutions on x64 targets to prevent collisions with the REX prefix byte range (`0x40-0x4F`).
76
+ * **Register Randomizer**: Dynamically re-maps general-purpose register usage while adhering to strict architecture constraints:
77
+ * *Calling Convention Safe*: Preserves caller/callee boundary registers `RAX/EAX` (return values), `RCX/ECX, RDX/EDX, R8, R9` (arguments), `RSP/ESP, RBP/EBP` (stack frames), and `R12, R13` (special SIB addresses).
78
+ * *Partitioned Shuffle*: Safely shuffles registers only within legacy (`RBX, RSI, RDI`) and extension (`R10, R11, R14, R15`) groups, guaranteeing that instruction lengths and REX prefix status remain completely invariant.
79
+ * **Exception Directory Relocation**: Automatically parses x64 `.pdata` runtime function tables and `UNWIND_INFO` structures to relocate 32-bit exception handler RVAs when shuffling or renaming PE sections.
80
+ * **Code Reordering (x86/x64)**: Partitions code into basic blocks, shuffles their location, and maintains original execution flow by stitching blocks together with JMP instructions. Zydis is used to parse branch offsets and relative memory displacements to patch targets.
81
+ * **Junk Code Inserter (x86/x64)**: Inserts context-aware, benign junk instructions (e.g., flag-safe operations) to modify byte signatures without changing execution behavior. Filters out x86-only instructions on x64.
82
+ * **Control Flow Obfuscation (x86/x64)**: Distorts control flow by replacing jumps with equivalent joint condition pairs (e.g., `JO` + `JNO`) and Jcc conditions with inverted Jcc skips.
83
+ * **Payload Encryption**: Encrypts target payload sections (XOR, etc.) and injects dynamically generated decryptor stubs as the entry point. On x64 targets, stubs query the Process Environment Block (PEB) using `GS:[0x60]` (instead of `FS:[0x30]` on x86) for anti-debug analysis.
84
+ * **Data Encoding**: Encodes static data strings using XOR, Base64, or string-splitting to avoid detection of plaintext strings.
85
+
86
+ ### 2. Metamorphic Transformations
87
+ * **Zydis Intermediate Representation**: Disassembles and decodes target functions to an IR, rewriting displacements and `%rip`-relative displacements to patch jump offsets and relocations on mutations.
88
+ * **Instruction Permutation (x86/x64)**: Alters instruction positions using Bernstein's data dependency conditions (RAW, WAR, WAW) while preserving stack frame layout registers (`RSP`, `ESP`, `RBP`, `EBP`).
89
+ * **Code Expansion**: Expands instructions to multi-byte equivalents to vary executable sizing.
90
+ * **Loop Unrolling & Function Inlining**: Modifies the stack frame structure and execution sequence by eliminating calls and branches.
91
+ * **Anti-Debugging / Anti-Emulation**: Integrates stubs to detect hypervisors, sandboxes, and debuggers (e.g., PEB checks, timing checks).
92
+ * **FileAlignment Section Resizing**: Safely pads, resizes, and aligns raw PE section size growth to `FileAlignment` boundaries, automatically relocating the COFF symbol table to prevent symbol warnings or image loaders crash.
93
+
94
+ ---
95
+
96
+ ## ⚙️ Compilation & Installation
97
+
98
+ This project can be compiled as a standalone C++ command-line tool, or installed as a Python package with programmatic C++ wrapper bindings.
99
+
100
+ ### 🐍 Python Package Installation (via pip)
101
+
102
+ You can build and install the project directly as a Python package. The PEP 517 build backend (`scikit-build-core`) will automatically configure and build the C++ codebase via CMake when installing.
103
+
104
+ #### 1. Prerequisites
105
+ Ensure you have a C++17 compiler (MSVC on Windows, GCC on Linux, Clang on macOS) and CMake installed.
106
+
107
+ #### 2. Install from PyPI (Production)
108
+
109
+ > **Coming Soon**
110
+ > `makne` is not yet available on PyPI. It will be published after the initial production release.
111
+
112
+ #### 3. Install from Source (Local Development)
113
+ Clone the repository and run:
114
+ ```bash
115
+ # Editable install (recommended for developers)
116
+ pip install -e .
117
+
118
+ # Or standard local install
119
+ pip install .
120
+ ```
121
+
122
+ #### 4. Verification & Usage
123
+ * **CLI usage**: Installing the package registers a global command-line entry point:
124
+ ```bash
125
+ makne --help
126
+ ```
127
+ * **Python API usage**: You can run the obfuscator directly from Python scripts:
128
+ ```python
129
+ import makne
130
+
131
+ # Obfuscate a PE binary
132
+ return_code = makne.obfuscate("input.exe", "output.exe", ["--polymorphic", "--substitution"])
133
+ if return_code == 0:
134
+ print("Obfuscation successful!")
135
+ ```
136
+
137
+ ---
138
+
139
+ ### 🖥️ Native C++ Standalone Compilation
140
+
141
+ If you prefer building a standalone native executable without Python, the build system utilizes **CMake** for configuration and building. The build system automatically fetches dependencies like **Zydis disassembler** and **Zycore** via CMake's `FetchContent` module during configuration, so no manual downloading of submodules is necessary.
142
+
143
+ ### 🪟 Windows (MSVC)
144
+
145
+ #### 1. Prerequisites
146
+ * **Visual Studio 2019 or 2022** (Community, Professional, or Enterprise).
147
+ * During installation, ensure the **"Desktop development with C++"** workload is checked. This installs the MSVC compiler, CMake, and the required Windows SDKs.
148
+ * Alternatively, you can use standalone **CMake (3.15+)** and **Build Tools for Visual Studio**.
149
+
150
+ #### 2. Building from Command Line
151
+ Open **Developer PowerShell for VS** or **Developer Command Prompt for VS** and run:
152
+ ```powershell
153
+ # Generate the build configuration
154
+ cmake -B build -S .
155
+
156
+ # Build the release binary
157
+ cmake --build build --config Release
158
+ ```
159
+ The compiled executable `makne.exe` will be located in `build/Release/`.
160
+
161
+ #### 3. Building via Visual Studio (IDE)
162
+ 1. Open Visual Studio.
163
+ 2. Select **Open a local folder** and choose the root directory containing `CMakeLists.txt`.
164
+ 3. Visual Studio will automatically detect and configure the CMake project.
165
+ 4. Go to the menu: **Build > Build All** (or select the `makne.exe` startup item and press F5/Ctrl+F5 to build and run).
166
+
167
+ ---
168
+
169
+ ### 🐧 Linux (GCC/Clang)
170
+
171
+ #### 1. Prerequisites
172
+ Install CMake and a C++17 compatible compiler (GCC 8+ or Clang 7+):
173
+ * **Ubuntu / Debian**:
174
+ ```bash
175
+ sudo apt update
176
+ sudo apt install -y build-essential cmake
177
+ ```
178
+ * **Fedora / CentOS / RHEL**:
179
+ ```bash
180
+ sudo dnf groupinstall -y "Development Tools"
181
+ sudo dnf install -y cmake
182
+ ```
183
+ * **Arch Linux**:
184
+ ```bash
185
+ sudo pacman -Syu base-devel cmake
186
+ ```
187
+
188
+ #### 2. Building
189
+ Open a terminal in the project root folder:
190
+ ```bash
191
+ # Generate build configuration for a Release build
192
+ cmake -B build -S . -DCMAKE_BUILD_TYPE=Release
193
+
194
+ # Build the project
195
+ cmake --build build
196
+ ```
197
+ The compiled executable `makne` will be located in `build/`.
198
+
199
+ ---
200
+
201
+ ### 🍎 macOS (Clang)
202
+
203
+ #### 1. Prerequisites
204
+ * **Xcode Command Line Tools**: Install them by running the following command in terminal:
205
+ ```bash
206
+ xcode-select --install
207
+ ```
208
+ * **CMake**: Install CMake using a package manager:
209
+ * **Homebrew** (Recommended):
210
+ ```bash
211
+ brew install cmake
212
+ ```
213
+ * **MacPorts**:
214
+ ```bash
215
+ sudo port install cmake
216
+ ```
217
+
218
+ #### 2. Building
219
+ Open a terminal in the project root folder:
220
+ ```bash
221
+ # Generate build configuration for a Release build
222
+ cmake -B build -S . -DCMAKE_BUILD_TYPE=Release
223
+
224
+ # Build the project
225
+ cmake --build build
226
+ ```
227
+ The compiled executable `makne` will be located in `build/`.
228
+
229
+ ---
230
+
231
+ ## 🧠 System Architecture & Logic
232
+
233
+ ```mermaid
234
+ graph TD
235
+ A[Input PE Binary] --> B[PE Parser]
236
+ B --> C[Disassembler & Block Finder]
237
+ C --> D{Transformation Mode}
238
+
239
+ D -->|Polymorphic| E[Polymorphic Pipeline]
240
+ D -->|Metamorphic| F[Metamorphic Pipeline]
241
+ D -->|Mixed| G[Polymorphic & Metamorphic Pipeline]
242
+
243
+ E --> H[Payload Encryption & Stub Generation]
244
+ F --> I[Block Permutation & Expansion]
245
+ G --> J[Combined Transformations]
246
+
247
+ H --> K[PE Rebuilder & Checksum Generator]
248
+ I --> K
249
+ J --> K
250
+
251
+ K --> L[Output Obfuscated PE Binary]
252
+ ```
253
+
254
+ ### Flow Walkthrough
255
+
256
+ 1. **Parsing (PE Parser)**:
257
+ Loads the raw byte stream of the target `.exe` file. Parses the DOS MZ signature, COFF Header, Optional Header, and Sections to build an in-memory structural mapping of code (`.text`) and data (`.data`, `.rdata`) segments.
258
+ 2. **Code Analysis & Disassembly**:
259
+ Parses machine code instructions, determines byte length boundary offsets, identifies branches (jumps, calls), and isolates independent execution blocks (Basic Blocks).
260
+ 3. **Applying Mutations**:
261
+ Runs the pipeline of selected obfuscation passes. The engine tracks offset modifications since instruction substitution, junk insertion, and block shuffling alter virtual addresses (RVAs).
262
+ 4. **Header Reconstruction & Rebuilding**:
263
+ Adjusts relocations, recalculates Entry Point (OEP), shifts Section Headers offsets, fixes the Import Address Table (IAT) pointers, generates dynamic import-resolving stubs, computes a new PE checksum, and saves the new output binary.
264
+
265
+ ---
266
+
267
+ ## 🚀 CLI Usage & Examples
268
+
269
+ ### Usage syntax:
270
+ * **Windows (PowerShell/CMD)**:
271
+ ```powershell
272
+ .\makne.exe <input.exe> <output.exe> [options]
273
+ ```
274
+ * **Linux / macOS**:
275
+ ```bash
276
+ ./makne <input.exe> <output.exe> [options]
277
+ ```
278
+
279
+ ### CLI Command Options
280
+
281
+ | Option | Category | Description |
282
+ | :--- | :--- | :--- |
283
+ | `--polymorphic` | Transformation | Apply polymorphic transformations (Default) |
284
+ | `--metamorphic` | Transformation | Apply metamorphic transformations |
285
+ | `--mixed` | Transformation | Combine both polymorphic & metamorphic pipelines |
286
+ | `--substitution` | Polymorphic | Enable instruction substitutions |
287
+ | `--registers` | Polymorphic | Enable register randomization |
288
+ | `--reorder` | Polymorphic | Enable basic block code reordering |
289
+ | `--junk` | Polymorphic | Enable junk/dead code insertion |
290
+ | `--cflow` | Polymorphic | Enable control flow obfuscation (flattening/predicates) |
291
+ | `--encrypt` | Polymorphic | Enable payload section encryption |
292
+ | `--data` | Polymorphic | Enable static data/string encoding |
293
+ | `--sections` | Polymorphic | Randomize section names and layout |
294
+ | `--imports` | Polymorphic | Obfuscate IAT and import names |
295
+ | `--permute <1-5>` | Metamorphic | Set instruction permutation complexity level |
296
+ | `--expand <1-5>` | Metamorphic | Set code expansion multiplier |
297
+ | `--garbage <1-5>` | Metamorphic | Set junk insertion density |
298
+ | `--unroll` | Metamorphic | Enable loop unrolling |
299
+ | `--inline` | Metamorphic | Enable function inlining |
300
+ | `--antidebug` | Advanced | Add anti-debugger stub detections |
301
+ | `--antiemu` | Advanced | Add anti-emulation timing checks |
302
+ | `--level <1-5>` | Advanced | Set global obfuscation intensity (default: 3) |
303
+ | `--iterations <n>`| Advanced | Number of mutation passes to run |
304
+ | `--help` | General | Display help documentation |
305
+
306
+ ### Command Examples
307
+
308
+ Below are examples of how to run the engine. Make sure to run them from the directory containing the compiled executable (`build/` or `build/Release/`), or provide the full path to it.
309
+
310
+ #### 1. Display Help & Options
311
+ Verify the installation and see the full list of supported parameters.
312
+ * **Windows (PowerShell)**:
313
+ ```powershell
314
+ .\makne.exe --help
315
+ ```
316
+ * **Linux / macOS**:
317
+ ```bash
318
+ ./makne --help
319
+ ```
320
+
321
+ #### 2. Standard Polymorphic Obfuscation
322
+ Applies instruction substitutions, register randomization, code reordering, and section name/layout randomization.
323
+ * **Windows (PowerShell)**:
324
+ ```powershell
325
+ .\makne.exe input.exe output.exe --polymorphic --substitution --registers --reorder --sections
326
+ ```
327
+ * **Linux / macOS**:
328
+ ```bash
329
+ ./makne input.exe output.exe --polymorphic --substitution --registers --reorder --sections
330
+ ```
331
+ * **Explanation of flags**:
332
+ * `--polymorphic`: Activates the polymorphic transformation pipeline.
333
+ * `--substitution`: Replaces common instruction patterns with equivalent sequences.
334
+ * `--registers`: Randomizes general-purpose register usage safely.
335
+ * `--reorder`: Partitions code into basic blocks and shuffles them, adding stitching jumps.
336
+ * `--sections`: Randomizes PE section names and structural layout.
337
+
338
+ #### 3. Advanced Metamorphic Obfuscation
339
+ Applies aggressive code expansion, high complexity instruction permutations, loop unrolling, and function inlining.
340
+ * **Windows (PowerShell)**:
341
+ ```powershell
342
+ .\makne.exe input.exe output.exe --metamorphic --permute 5 --expand 4 --unroll --inline
343
+ ```
344
+ * **Linux / macOS**:
345
+ ```bash
346
+ ./makne input.exe output.exe --metamorphic --permute 5 --expand 4 --unroll --inline
347
+ ```
348
+ * **Explanation of flags**:
349
+ * `--metamorphic`: Activates the metamorphic transformation pipeline.
350
+ * `--permute 5`: Sets the highest complexity (level 5) for instruction permutation.
351
+ * `--expand 4`: Sets the code expansion multiplier to 4.
352
+ * `--unroll`: Enables optimization loop unrolling.
353
+ * `--inline`: Inlines function calls where safe.
354
+
355
+ #### 4. Mixed Maximum Protection (Combined Pipeline)
356
+ Combines all metamorphic and polymorphic features, flattens control flow, obfuscates import tables, encodes static strings, adds anti-analysis/debugger/emulation checks, and runs multiple passes.
357
+ * **Windows (PowerShell)**:
358
+ ```powershell
359
+ .\makne.exe input.exe output.exe --mixed --cflow --encrypt --imports --data --antidebug --antiemu --level 5 --iterations 2
360
+ ```
361
+ * **Linux / macOS**:
362
+ ```bash
363
+ ./makne input.exe output.exe --mixed --cflow --encrypt --imports --data --antidebug --antiemu --level 5 --iterations 2
364
+ ```
365
+ * **Explanation of flags**:
366
+ * `--mixed`: Runs both the polymorphic and metamorphic pipelines sequentially.
367
+ * `--cflow`: Distorts control flow via dispatchers and opaque predicates.
368
+ * `--encrypt`: Encrypts target sections and inserts a decryption stub at the entry point.
369
+ * `--imports`: Obfuscates the Import Address Table (IAT) and dynamically resolves DLLs.
370
+ * `--data`: Encodes static strings (XOR/Base64/splitting).
371
+ * `--antidebug` & `--antiemu`: Injects checks to detect debuggers, hypervisors, and sandboxes.
372
+ * `--level 5`: Sets global intensity to maximum (5).
373
+ * `--iterations 2`: Runs the entire mutation pipeline twice to generate nested layers of obfuscation.
374
+
375
+ ---
376
+
377
+ ## ⚖️ License & Disclaimer
378
+
379
+ This software is developed strictly for **educational, security research, and defensive binary analysis** purposes. Using this software to obfuscate malware to bypass anti-virus scanners for unauthorized deployment is strictly prohibited and a violation of local and international laws. The developers assume no liability for misuse of this tool.