Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

Metame - Metame Is A Metamorphic Code Engine For Arbitrary Executables

$
0
0
metame is a simple metamorphic code engine for arbitrary executables.
From Wikipedia:
Metamorphic code is code that when run outputs a logically equivalent version of its own code under some interpretation. This is used by computer viruses to avoid the pattern recognition of anti-virus software.
metame implementation works this way:
  1. Open a given binary and analyze the code
  2. Randomly replace instructions with equivalences in logic and size
  3. Copy and patch the original binary to generate a mutated variant

It currently supports the following architectures:
  • x86 32 bits
  • x86 64 bits
Also, it supports a variety of file formats, as radare2 is used for file parsing and code analysis.
Example of code before and after mutation:


Hint: Two instructions have been replaced in this snippet.
Here another example on how it can mutate a NOP sled into equivalent code:


Installation
pip install metame
This should also install the requirements.
You will also need radare2. Refer to the official website for installation instructions.
simplejson is also a "nice to have" for a small performance boost:
pip install simplejson

Usage
metame -i original.exe -o mutation.exe -d
Use metame -h for help.



Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>