89 lines
3.1 KiB
Markdown
89 lines
3.1 KiB
Markdown
# vitrifyr
|
|
|
|
> A Rust system tool that allows file (de)vitrification
|
|
|
|
## Preamble
|
|
|
|
Sometimes "blue teams" need to collect and send over networks a piece of malware. They can always
|
|
`cp` it to an USB stick or so and then link it to an e-mail, but often they'd rather "vitrify" it
|
|
to prevent any undesired binary executions on each and every platforms it may go through.
|
|
|
|
For this purpose one can always run `base64 -w0 < /path/to/malware.bin | xz > /tmp/vitrified.data`
|
|
and then `xz -d < /tmp/vitrified.data | base64 -d > /path/to/malware.bin` on the other end, but
|
|
maybe they cannot (or don't want to) use any system tools from an infected host.
|
|
|
|
vitrifyr allows base64 encoding followed by xz compression, with optional AES-256-CBC encryption.
|
|
On devitrification, the process is reversed.
|
|
|
|
Output files are named using input file content SHA256 digest to allow future integrity check.
|
|
Files are saved with (at most, depending on system umask) `0o640` UNIX permissions (not supported
|
|
on Windows).
|
|
|
|
Vitrification ASCII flow :
|
|
|
|
```
|
|
┌────────────┐ ┌────────┐ ┌────┐ ┌─────────────┐ ┌─────────────┐
|
|
│ │ │ │ │ │ │ │ │ │
|
|
│ Input file ├─────>│ base64 ├─────>│ xz ├─────>│ AES-256-CBC ├─────>│ Output file │
|
|
│ │ │ │ │ │ │ │ │ │
|
|
└────────────┘ └────────┘ └────┘ └─────────────┘ └─────────────┘
|
|
```
|
|
|
|
## Build
|
|
|
|
```bash
|
|
cargo build
|
|
```
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
vitrifyr --help
|
|
```
|
|
|
|
## Examples
|
|
|
|
```bash
|
|
# Vitrify Bash binary to /tmp with informational logs
|
|
vitrified_path="$(vitrifyr -i /usr/bin/bash -o /tmp --verbose)"
|
|
|
|
# Devitrify Bash to /dev/shm with debugging logs, without writing to stdout output file path
|
|
vitrifyr -d -i "$vitrified_path" -o /dev/shm --debug -q
|
|
|
|
|
|
# Vitrify systemd binary to /tmp with maximum compression, before encrypting it with "passw0rd" key
|
|
vitrified_path="$(vitrifyr -i /usr/bin/systemd -o /tmp --compression-level 9 -k 'passw0rd')"
|
|
|
|
# Decrypt and devitrify stdin bytes to /tmp (skipping integrity check)
|
|
vitrifyr -d -k 'passw0rd' -o /tmp --skip-integrity < "$vitrified_path"
|
|
|
|
|
|
# Vitrify OpenSSH client to current directory, without naming output file with input file digest
|
|
vitrified_path="$(vitrifyr -i /usr/bin/ssh --skip-integrity)"
|
|
|
|
# Devitrify it while processing input with chunks of 4KB (for lower memory footprint)
|
|
vitrifyr -d "$vitrified_path" --skip-integrity --chunk-size 4096
|
|
|
|
|
|
# Vitrify and devitrify OpenSSH server, with fastest compression and hexadecimal encryption key
|
|
export VITRIFYR_KEY="0xBEEF"
|
|
vitrified_path="$(vitrifyr -i /usr/sbin/sshd --compression-level 0)"
|
|
vitrifyr -d -i "$vitrified_path"
|
|
```
|
|
|
|
## Contributing
|
|
|
|
### Code format
|
|
|
|
```bash
|
|
rustup component add rustfmt
|
|
cargo fmt
|
|
```
|
|
|
|
### Code analysis
|
|
|
|
```bash
|
|
rustup component add clippy
|
|
cargo clippy
|
|
```
|