Fast Emulator For Shellcodes In Rust

I have developed a fast emulator for modern shellcodes, that perform huge loops of millions of instructions emulated for resolving API or for other stuff.

The emulator is in Rust and all the few dependencies as well, so the rust safety is good for emulating malware.  

There are shellcodes that can be emulated from the beginning to the end, but when this is not possible the tool has many features that can be used like a console, a memory tracing, register tracing, and so on.

https://github.com/sha0coder/scemu

In less than two seconds we have emulated 7 millions of instructions arriving to the recv. 

At this point we have some  IOC like  the ip:port where it's connecting and other details.

Lets see what happens after the recv() spawning a console at position: 7,012,204

target/release/scemu -f shellcodes/shikata.bin -vv -c 7012204

In the console, pressing "enter" several times to emulate  step into several steps and we arrive to a return instruction.

Let's see the stack in this moment:

The "ret" instruction is going to jump to the buffer read with recv() so is a kind of stager.

The option "-e" or "--endpoint" is not ready for now, but it will allow to proxy the calls to get the next  stage automatically, but for now we have the details to get the stage.

SCEMU also identify all the Linux  syscalls for 32bits shellcodes:

The encoder used in shellgen is also supported https://github.com/MarioVilas/shellgen

Let's check with cobalt-strike:

We can see where is connecting and which headers is using, so right now we can replicate the communications.

In verbose mode we could do several greps to see the calls and correlate with ghidra/ida/radare or  for example grep the branches to study the emulation flow.

target/release/scemu -f shellcodes/rshell_sgn.bin -vv | grep j

target/release/scemu -f shellcodes/rshell_sgn.bin -vv -c 44000 -l

The -l --loops options makes the emulation a bit slower but track the number of iterations.

Is possible to print all the registers in every step with  -r or --registers  but also is possible to track  specific register for example with --reg esi

target/release/scemu -f shellcodes/shikata.bin --reg esi 

In this case ESI register points to the API name, if we track EAX or ECX will see that are the counters of the loop. These shellcodes  contains a hard loop to locate the API names.

The flag -i or --inspect allow to monitor memory using expressions like "dword ptr [eax + 0xa]"

target/release/scemu -f shellcodes/shikata.bin -i 'dword ptr [esi]'

And more things to come...  find a demo below:

https://www.youtube.com/watch?v=qTYmMjW3DFs

Related links

1. Hacking Tools For Beginners
2. Pentest Tools Kali Linux
3. Hacker Tools Free Download
4. Pentest Tools Free
5. Nsa Hack Tools
6. Pentest Tools Github
7. Install Pentest Tools Ubuntu
8. Hack And Tools
9. How To Hack
10. Hack App
11. Hack Apps
12. Hacker Search Tools
13. Pentest Tools Open Source
14. Hack Tools For Windows
15. Growth Hacker Tools
16. Hack Tools Github
17. Pentest Tools Apk
18. Hack Tool Apk
19. Hacking App
20. Hacker Tools List
21. Hack Tool Apk
22. Hack Tools Pc
23. Hacker Tools Free Download
24. Hack Tools 2019
25. Hack App
26. Pentest Tools Framework
27. Hacking Tools Windows 10
28. New Hack Tools
29. Wifi Hacker Tools For Windows
30. Hackrf Tools
31. Hack Tools
32. Pentest Tools Subdomain
33. Hack App
34. Black Hat Hacker Tools
35. Pentest Tools Apk
36. Growth Hacker Tools
37. Hack Tools For Pc
38. Hack And Tools
39. Hacking Tools For Games
40. Hacking Tools Software
41. Blackhat Hacker Tools
42. Hacker Tools Online
43. Pentest Tools Framework
44. Hacking Tools Online
45. Hacking App
46. Hackrf Tools
47. Hack Tools For Games
48. Hacking Tools For Kali Linux
49. Hacking Tools For Mac
50. Hacking Tools Kit
51. Hack Tools Mac
52. Hack Tools Pc
53. Hacker Tools Online
54. Pentest Tools Subdomain
55. Pentest Tools Github
56. Hacking Tools For Windows
57. Hack Tools For Ubuntu
58. Install Pentest Tools Ubuntu
59. Hacking Tools Windows 10
60. What Are Hacking Tools
61. What Are Hacking Tools
62. Tools For Hacker
63. Wifi Hacker Tools For Windows
64. Hacker Tools Free
65. Pentest Tools Tcp Port Scanner
66. Hack Tools
67. Hacking Tools Hardware
68. Hacker Tools Free Download
69. Hacking Tools Mac
70. Hack And Tools
71. Hack Tool Apk
72. Hacker Tools For Mac
73. Hacking Apps
74. Hacker Tool Kit
75. Hacking Tools For Beginners
76. Pentest Tools Tcp Port Scanner
77. Hak5 Tools
78. Bluetooth Hacking Tools Kali
79. Hacking Tools Github
80. Hack Tools
81. Hackers Toolbox
82. Hacker Tools For Windows
83. Hacker Hardware Tools
84. Pentest Tools Github
85. Hacker Hardware Tools
86. Hacking Tools Free Download
87. Hacker Tool Kit
88. Pentest Tools Kali Linux
89. Hacker Tools Github
90. Pentest Tools Open Source
91. Hacking Tools Mac
92. Hacking Tools Software
93. Install Pentest Tools Ubuntu
94. Hacking Tools Windows 10
95. Hacking Tools For Windows
96. Hacking Tools And Software
97. Hack Tools For Mac
98. Pentest Tools Kali Linux
99. Hacker Search Tools
100. Hacker Tools For Ios
101. Pentest Recon Tools
102. Tools Used For Hacking
103. Tools 4 Hack
104. Hacking Tools Windows 10
105. Tools Used For Hacking
106. Pentest Tools Android
107. Top Pentest Tools
108. Hacking Tools Mac
109. Tools Used For Hacking
110. Pentest Tools Website
111. Hack Tools Download
112. Hacker Search Tools
113. Hacking Tools For Kali Linux
114. Hacker Search Tools
115. Hacking Tools Pc
116. Pentest Tools Tcp Port Scanner
117. Hacking Tools Github
118. Hacker Tools 2020
119. Pentest Tools Free
120. Hack Website Online Tool
121. Pentest Tools Apk
122. Hack Tools
123. Nsa Hacker Tools
124. Pentest Tools Subdomain
125. Hak5 Tools
126. Hacking Tools Windows
127. Hack Tools
128. Pentest Tools Linux
129. Pentest Tools Online
130. Hacker Tools For Pc
131. Hacking Tools For Windows
132. Physical Pentest Tools
133. Pentest Tools Find Subdomains
134. Hacker Tools Windows
135. Hacks And Tools
136. Pentest Tools For Ubuntu
137. Nsa Hack Tools Download
138. Blackhat Hacker Tools
139. Hack App
140. Hacking Tools For Windows Free Download
141. Hacking App
142. Pentest Tools For Ubuntu
143. New Hack Tools
144. Best Pentesting Tools 2018