A Python utility for encrypting shell commands for use in assembly programs with multiple cryptographic methods. Turn your reconnaissance commands into obfuscated bytecode that blends into the binary landscape.
-
Multiple Encryption Methods:
- XOR (single-byte key)
- Multi-byte XOR (rotating key)
- ROT cipher (byte rotation)
- ChaCha20 (stream cipher)
- AES-128 ECB (AES-NI compatible)
-
Flexible Input/Output:
- Encrypt single commands
- Batch encrypt from file
- Decrypt encrypted commands
- Generate NASM-formatted output
-
Assembly Integration:
- Outputs NASM
dbdirectives - Includes length definitions
- Optional label naming
- Outputs NASM
- Python 3.6+
pycryptodome(only required for AES encryption)
# Clone the repository
git clone <your-repo-url>
cd command-encryption-tool
# Install dependencies (optional, only needed for AES)
pip install pycryptodomeEncrypt a single command with XOR:
python3 encrypt_commands.py -c "whoami" -m xor -k 0xAAOutput:
db 0xc5, 0xc4, 0xc6, 0xc8, 0xc2, 0xc0, 0
; length: 6, cmd: "whoami"Encrypt with custom label:
python3 encrypt_commands.py -c "hostname" -m xor -k 0xAA -l cmd_hostnameOutput:
cmd_hostname:
db 0xc2, 0xcf, 0xd3, 0xd4, 0xc8, 0xc2, 0xc8, 0xc0, 0
cmd_hostname_len equ 8 ; "hostname"Multi-byte XOR:
python3 encrypt_commands.py -c "ls -la" -m multibyte -mk 0xAA,0xBB,0xCC,0xDDROT Cipher:
python3 encrypt_commands.py -c "ls -la" -m rot -r 13ChaCha20:
python3 encrypt_commands.py -c "whoami" -m chacha20AES-128:
python3 encrypt_commands.py -c "hostname" -m aesCreate a file commands.txt:
whoami
hostname
uname -a
cmd_ps:ps aux
Encrypt all commands:
python3 encrypt_commands.py -f commands.txt -m xor -k 0xAA -o encrypted_commands.asmDecrypt encrypted bytes:
python3 encrypt_commands.py -d "0xc5,0xc4,0xc6,0xc8,0xc2,0xc0" -m xor -k 0xAAOutput:
Decrypted: whoami
| Option | Description |
|---|---|
-c, --command |
Command string to encrypt |
-f, --file |
File containing commands (one per line) |
-d, --decrypt |
Decrypt encrypted bytes (format: 0xXX,0xYY,...) |
-m, --method |
Encryption method: xor, multibyte, rot, chacha20, aes |
-k, --key |
Encryption key (hex: 0xAA or decimal: 170) |
-mk, --multibyte-key |
Multi-byte key (comma-separated: 0xAA,0xBB,0xCC,0xDD) |
-r, --rotation |
ROT cipher rotation amount (default: 13) |
-l, --label |
NASM label name (e.g., cmd_whoami) |
-o, --output |
Output file (default: stdout) |
When using -f to batch process commands, the file format is:
# Comments start with #
command1
command2
# Optional: specify labels
label_name:command3
The tool outputs NASM-compatible syntax that can be directly included in assembly programs:
section .data
cmd_whoami:
db 0xc5, 0xc4, 0xc6, 0xc8, 0xc2, 0xc0, 0
cmd_whoami_len equ 6
section .text
; Decrypt in place
mov rsi, cmd_whoami
mov rcx, cmd_whoami_len
mov al, 0xAA
decrypt_loop:
xor byte [rsi], al
inc rsi
loop decrypt_loopSimple single-byte XOR with a key byte. Fast and easy to implement in assembly.
Rotating key XOR. More secure than single-byte XOR as it prevents frequency analysis.
Adds a rotation value to each byte. Simple Caesar cipher variant.
Simplified stream cipher implementation. The Python version matches the assembly placeholder with key rotation.
Industry-standard encryption using AES-NI instructions. Requires 16-byte key and pads data to 16-byte blocks.
- XOR and ROT ciphers provide obfuscation, not strong encryption
- ECB mode (used in AES implementation) has known weaknesses for production use
- Default keys are included for demonstration only
- Always use unique, random keys in production scenarios
Contributions are welcome! Please feel free to submit pull requests or open issues for bugs and feature requests.