Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu

In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204

target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204

In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.

Let's see the stack in this moment:

The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.

SCEMU also identify all the Linux  syscalls for 32bits shellcodes:

The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:

We can see where is connecting and which headers is using, so right now we can replicate the communications.

In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.

target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j

target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l

The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi

target/release/scemu -f shellcodes/shikata.bin --reg esi 

In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs

More info

• Hack Tools For Ubuntu
• Hacking Tools Online
• Usb Pentest Tools
• Hack Website Online Tool
• Pentest Tools Port Scanner
• Hack App
• Hacker Tools Apk Download
• Hacking Tools For Windows 7
• Pentest Tools Review
• Hacker Security Tools
• Wifi Hacker Tools For Windows
• World No 1 Hacker Software
• Pentest Tools Android
• Hacking Tools 2020
• Hack Tool Apk
• Hacker Tools For Mac
• Nsa Hack Tools
• Hack Tools Github
• Hacker Tools Apk Download
• Hacker Tools
• Nsa Hack Tools
• Bluetooth Hacking Tools Kali
• Hacker Tools Apk Download
• Hack Tools
• Hacking Tools For Windows 7
• Pentest Tools For Android
• Hacker Tools Hardware
• Physical Pentest Tools
• Pentest Tools Find Subdomains
• Hacking Tools Github
• Hack Website Online Tool
• Hack Tools Mac
• Hacking Tools Software
• Pentest Tools Linux
• Hacker Tools For Pc
• Tools 4 Hack
• Hack Apps
• Hacking Tools For Kali Linux
• Hacker Tools
• Hacking Tools For Pc
• Pentest Automation Tools
• Hacking Apps
• Hacking Tools For Windows
• Hacks And Tools
• Hack Tools For Ubuntu
• Hacking App
• Pentest Tools Url Fuzzer
• Termux Hacking Tools 2019
• Hacker Tools For Pc
• Hack Tools
• Hacker Tools Free
• Hackers Toolbox
• Hack Tool Apk No Root
• How To Make Hacking Tools
• Pentest Tools Url Fuzzer
• Pentest Tools Tcp Port Scanner
• Github Hacking Tools
• Hacker Search Tools
• Pentest Tools For Ubuntu
• Best Hacking Tools 2020
• What Is Hacking Tools
• How To Install Pentest Tools In Ubuntu
• Hacking Tools For Mac
• Android Hack Tools Github
• Hacking Tools 2020
• Hacker
• Pentest Tools Alternative
• Hack Tools For Windows
• Hack Tools For Pc
• Hacker Tools Free
• Pentest Tools Framework
• Hacker Tools 2019
• Hack Tools 2019
• Kik Hack Tools
• Hacking Tools Hardware
• Nsa Hacker Tools
• Hack Tools For Windows
• Hacking Tools Online
• Hack Tools
• Hack Tools For Pc
• Hacking Tools Windows
• Hack Tools For Windows
• Best Hacking Tools 2020
• Pentest Tools For Ubuntu
• Termux Hacking Tools 2019
• Hacker Tools Hardware
• Pentest Tools Alternative
• Hacking Tools Pc
• Hacking Tools Hardware
• Hack Tools For Games
• Hacker Tools For Pc
• Pentest Tools Android
• Hack Tools Online
• How To Hack
• Pentest Tools For Android
• Hacker Tools Apk
• Hack Tools For Mac
• Game Hacking
• Hacker Tools For Mac
• Hacking Tools Windows
• Hacker Tool Kit
• Pentest Tools For Mac
• Pentest Tools List
• Hacking Tools Github
• Pentest Tools Apk
• Hacker Tools Linux
• Pentest Tools
• Hacker Tools For Ios
• Hacker Tools Free
• Game Hacking
• Pentest Tools For Mac
• Hacking Tools Online
• Hack Tools For Pc
• Hacker Tools Github
• Hacker Security Tools
• Hacking Tools For Beginners
• Pentest Tools Github
• Hacking Tools 2020
• Hacker Tools Free
• Top Pentest Tools
• Hacker Tools For Windows
• Pentest Tools List
• Hacker Tools Online
• Hack Tools Mac
• Hacking Tools Hardware
• Install Pentest Tools Ubuntu
• Game Hacking
• Hack Tools For Pc
• Hacker Tools Online
• Hacking Tools 2020
• Pentest Tools Kali Linux
• Pentest Tools Nmap
• Pentest Tools
• Pentest Tools Url Fuzzer
• Hacking Tools Windows 10
• Ethical Hacker Tools