Cyber security

Donut-Decryptor : Unmasking Binary Secrets

Navigating the maze of binary obfuscation? Meet the “Donut-Decryptor”, a tool tailored to decode the elusive Donut obfuscation. Dive in to unravel its capabilities and bring clarity to concealed code.

Beyond mere decryption, it’s a spotlight in the shadowy corridors of cybersecurity. A must-have for those battling coded enigmas.

A configuration and module extractor for the donut binary obfuscator.

Description

donut-decryptor checks file(s) for known signatures of the donut obfuscator’s loader shellcode.

If located, it will parse the shellcode to locate, decrypt, and extract the DONUT_INSTANCE structure embedded in the binary, and report pertinent configuration data.

If a DONUT_MODULE is present in the binary it is decrypted and dumped to disk.

Requirements

donut-decryptor currently requires the separate installation of the chaskey-lts module.

Installation

You can install donut-decryptor for usage by navigating to the root directory of the project and using pip:

cd /path/to/donut-decryptor
python -m pip install .

Following installation, a command-line script is available. For usage instructions use:

donut-decryptor --help

Examples

The files present in the samples directory are 7z files password protected using the password `infected“, all of which contain donuts which can be decoded using this script.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

1 day ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

1 day ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

2 days ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

2 days ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

3 days ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

1 week ago