PE packer in C implementing ChaCha20-Poly1305, HKDF and SHA256 with anti-debug checks and process hollowing. Designed to significantly improve technical security of applications. Not for malicious purposes.
THIS PROJECT WAS NOT CREATED FOR MALWARE DEVELOPMENT. It is intended solely for legal and/or educational purposes. The author does not condone or support any illegal usage, including but not limited to the creation, distribution, or execution of malicious software. Use this tool responsibly and only in environments where you have explicit permission to do so.
This project is also not guaranteed to be cryptographically and overall secure. It was created as a demonstration of programming and reverse engineering skills. However, if this tool can help someone without violating the laws of their country — that would be appreciated.
In short:
App encrypts a .exe file (dll not supported) and embed it into a precompiled unpacker (stub).
The stub contains logic to decrypt and execute the payload at runtime.
As a result, it becomes:
- Difficult to statically analyze the original
.exewithout decryption. - Difficult to debug and dynamically analyze, due to runtime unpacking.
Such measures may be applied in security solutions, anti-cheats engines or just for protecting software from cracking.
You will need the x86_64-w64-mingw32-gcc cross-compiler installed.
❌ There is no support for 32-bit systems or non-Windows operating systems.
To build everything automatically, run:
./build.batUsage:
./packer.exe your.exe KEY64_IN_HEX NONCE24_IN_HEXExample with test file:
./packer.exe hello_world.exe 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 0123456789abcdef0123456789abcdef0123456789abcdefA key and nonce must be provided by the user. Without both, the final application will not run. Use a secure method (such as a cryptographic key generator, you may find it on the web services) to generate a 64-byte key and 24-byte nonce, in hexadecimal format. Never reuse keys or nonces across different builds.
The project uses the following algorithms:
- AEAD ChaCha20-Poly1305
- SHA-256
- HKDF (HMAC-based key derivation)
- Process Hollowing
- Anti-debug techniques
Limitations:
No support for 32-bit systems
No Linux/macOS support
No anti-VM or sandbox detection
Stub does not use any obfuscation
AV software (like Windows Defender) will almost certainly detect the final exe as a trojan
⚠️ Antivirus software may flag or delete the generated executable.
F.e. Windows Defender sometimes thinks that final executable file is suspicious at least
and describes it as the trojan and tries to delete it.
Project was tested, compiled and run on Windows 11 (v.23H2), with CPU from AMD64.
Also, there were writen unit-tests for packer and unpacker functions. Run compiled TESTS.exe if you want to auto-test application.
If everything is okay you should see something like that (example with hello_world.exe):
./build.bat
Note that building requires x86_64-w64-mingw32-gcc compiler and supports only Windows 64-bit.
tests.exe will be builded with all unit tests included, so that you can check if app works as expected by running ./tests.exe .
Building with default warning settings. ./build.bat WARN_ALL for more information of building.
UNPACKER BUILDING SUCCESS
PACKER BUILDING SUCCESS
TESTS_PACKER BUILD SUCCESS
TESTS_UNPACKER BUILD SUCCESS
./packer.exe hello_world.exe 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef 0123456789abcdef0123456789abcdef0123456789abcdef
Checking input arguments...
Arguments are valid.
Reading input file...
Read file successfully.
Validate input file as x64 PE...
File is valid x64 PE.
Encrypting data...
Encryption ended successfully.
Copying stub template...
Copying stub template ended successfully.
HKDF: reset=0 input=0 result=0. HKDF ended as expected.
Adding encrypted resource to final.exe...
Added encrypted resources.
Packing completed successfully! Output file: final.exe.
./final.exe
The project is completed and demonstrates skills in crypto/reverse engineering/software development/Quality Assurance.
Some questions and decisions are desctibed at Wiki page of this repository.
If you like this all, please - star my repository and also give me feedback if you have some.
@Arrbat