Compresses and encrypts given x86_64 elf file and creates new elf file, which decrypt, decompress and put in right place in memory given elf file. For compression huffman encoding is used. For encryption aes is used. New elf file has following structure:
| Elf headers |
|---|
| Cryload |
| Compressed and encrypted elf file |
| 256 byte of random data |
cryload is a loader for compressed and encrypted elf files. Buffer at the end of file is used to initialize aes key and iv with linear congruential generator.
Only statically linked ET_EXEC and ET_DYN elf files are supported. Dynamic linked elf files aren't supported, because there are different versions of shared libraries in different linux distributions, so probability that your program can't find right version of some library is high.
Cryptor isn't working with statically linked with glibc elf files, I don't know why but programs statically linked with glibc causes segfault. Cryptor is tested on statically linked golang programs, statically linked with musl-libc c programs, ET_DYN c programs without dynamic linker.
./cryptor <input_elf_file> <output_elf_file>I use kokke's tiny-AES-c implementation.
In cryload I use bediger's load_elf implementation.
In cryload I use musl-libc syscalls implementation.