From 384bb326c04ddd7d61c7a837d84bfea6c95a3f6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BD=B1=E8=88=9E=E8=80=85?= Date: Mon, 21 Nov 2022 10:38:40 +0800 Subject: [PATCH] Use aes encryption to store payloads to avoid AV detection --- Plugins/base.go | 55 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/Plugins/base.go b/Plugins/base.go index 7a7fe01..c509738 100644 --- a/Plugins/base.go +++ b/Plugins/base.go @@ -42,3 +42,58 @@ func ReadBytes(conn net.Conn) (result []byte, err error) { } return result, err } + +var key = "0123456789abcdef" + +func AesEncrypt(orig string, key string) string { + // 转成字节数组 + origData := []byte(orig) + k := []byte(key) + // 分组秘钥 + // NewCipher该函数限制了输入k的长度必须为16, 24或者32 + block, _ := aes.NewCipher(k) + // 获取秘钥块的长度 + blockSize := block.BlockSize() + // 补全码 + origData = PKCS7Padding(origData, blockSize) + // 加密模式 + blockMode := cipher.NewCBCEncrypter(block, k[:blockSize]) + // 创建数组 + cryted := make([]byte, len(origData)) + // 加密 + blockMode.CryptBlocks(cryted, origData) + return base64.StdEncoding.EncodeToString(cryted) +} +func AesDecrypt(cryted string, key string) string { + // 转成字节数组 + crytedByte, _ := base64.StdEncoding.DecodeString(cryted) + k := []byte(key) + // 分组秘钥 + block, _ := aes.NewCipher(k) + // 获取秘钥块的长度 + blockSize := block.BlockSize() + // 加密模式 + blockMode := cipher.NewCBCDecrypter(block, k[:blockSize]) + // 创建数组 + orig := make([]byte, len(crytedByte)) + // 解密 + blockMode.CryptBlocks(orig, crytedByte) + // 去补全码 + orig = PKCS7UnPadding(orig) + return string(orig) +} + +// 补码 +// AES加密数据块分组长度必须为128bit(byte[16]),密钥长度可以是128bit(byte[16])、192bit(byte[24])、256bit(byte[32])中的任意一个。 +func PKCS7Padding(ciphertext []byte, blocksize int) []byte { + padding := blocksize - len(ciphertext)%blocksize + padtext := bytes.Repeat([]byte{byte(padding)}, padding) + return append(ciphertext, padtext...) +} + +// 去码 +func PKCS7UnPadding(origData []byte) []byte { + length := len(origData) + unpadding := int(origData[length-1]) + return origData[:(length - unpadding)] +}