Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu

In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204

target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204

In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.

Let's see the stack in this moment:

The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.

SCEMU also identify all the Linux  syscalls for 32bits shellcodes:

The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:

We can see where is connecting and which headers is using, so right now we can replicate the communications.

In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.

target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j

target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l

The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi

target/release/scemu -f shellcodes/shikata.bin --reg esi 

In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs

Related word

1. Hacker Tools
2. Computer Hacker
3. Hacker Tools Mac
4. Pentest Tools Android
5. Nsa Hack Tools
6. Pentest Recon Tools
7. Nsa Hacker Tools
8. Nsa Hacker Tools
9. What Is Hacking Tools
10. Pentest Tools Subdomain
11. Hack Tools Download
12. Pentest Tools For Mac
13. Pentest Tools For Windows
14. Hack Tool Apk No Root
15. Hack Tools For Pc
16. Hack Tool Apk No Root
17. Hacking Tools Mac
18. Physical Pentest Tools
19. Hacker
20. Hacker Tools Apk Download
21. Hack Tools Mac
22. Bluetooth Hacking Tools Kali
23. Pentest Tools For Mac
24. Hacker Tools Mac
25. Underground Hacker Sites
26. Pentest Tools Bluekeep
27. Hacking Tools For Windows
28. Hacker Hardware Tools
29. Pentest Tools For Android
30. Hacking Tools Online
31. Hack Tools
32. Hackers Toolbox
33. Pentest Tools Port Scanner
34. Underground Hacker Sites
35. Tools 4 Hack
36. Termux Hacking Tools 2019
37. Hacking Tools Github
38. Pentest Tools Alternative
39. Pentest Reporting Tools
40. Best Hacking Tools 2019
41. Hacking Tools Usb
42. Pentest Tools Apk
43. How To Hack
44. Pentest Tools Website Vulnerability
45. Pentest Tools Url Fuzzer
46. Hacking Apps
47. Hack Tools For Pc
48. Nsa Hacker Tools
49. Hacking Tools
50. Hacking Tools For Windows
51. Android Hack Tools Github
52. Underground Hacker Sites
53. Pentest Tools Linux
54. Pentest Tools Android
55. Hacker Tools Free
56. Ethical Hacker Tools
57. Pentest Tools For Android
58. Hacking Tools Free Download
59. Termux Hacking Tools 2019
60. Top Pentest Tools
61. Top Pentest Tools
62. Hacking Tools And Software
63. Github Hacking Tools
64. Pentest Tools Bluekeep
65. Hack Tools Pc
66. Pentest Tools Find Subdomains
67. World No 1 Hacker Software
68. Hacking Tools
69. Pentest Tools Free
70. Termux Hacking Tools 2019
71. Hacker Tools Online
72. Top Pentest Tools
73. Pentest Tools Alternative
74. Hacking Tools Windows
75. Pentest Tools Bluekeep
76. Pentest Tools Open Source
77. Game Hacking
78. Pentest Tools Apk
79. Hacking Tools Usb
80. Nsa Hack Tools
81. Game Hacking
82. What Are Hacking Tools
83. Nsa Hacker Tools
84. Hacking Tools For Pc
85. Hacker Tools Free
86. Hacking Tools For Games
87. Easy Hack Tools
88. Hacker Tools Windows
89. Pentest Tools Subdomain
90. Usb Pentest Tools
91. Pentest Tools Subdomain
92. Hacking Tools Download
93. Hacking Tools Windows
94. Github Hacking Tools
95. How To Hack
96. Pentest Tools Github
97. Beginner Hacker Tools
98. Pentest Tools Tcp Port Scanner
99. Hacker Tools For Mac
100. World No 1 Hacker Software
101. Hack Tools For Games
102. Hack Rom Tools
103. Game Hacking
104. Hacker Tools Hardware
105. How To Install Pentest Tools In Ubuntu
106. Hacking Tools Online
107. Hacking Tools For Kali Linux
108. Hacker Tools Online
109. Hacking Tools
110. Hacker Tools Mac
111. Pentest Box Tools Download
112. Hackrf Tools
113. Bluetooth Hacking Tools Kali
114. Hack Tool Apk No Root
115. Hacking Tools Download
116. New Hack Tools
117. Hacking Apps
118. Pentest Tools Android
119. Hack Tools Github
120. What Are Hacking Tools
121. Hack Tools Online
122. Hacking Tools 2019
123. Hacking Apps
124. Pentest Box Tools Download
125. Hacking Tools Pc
126. Pentest Tools Nmap
127. Pentest Tools Url Fuzzer
128. How To Make Hacking Tools
129. Hacker Tools Github
130. Pentest Tools Review
131. Hack Tools Github
132. Pentest Tools Website
133. Nsa Hacker Tools
134. Pentest Tools For Windows
135. Hack Tools For Windows
136. Pentest Tools