Skip to content

Maldev-Academy/Alphabetfuscation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Alphabetfuscation
Alphabetfuscation
 
 
Alphabetfuscation.sln
Alphabetfuscation.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Alphabetfuscation: Convert your shellcode into an ASCII string


Quick Links

Maldev Academy Home

Maldev Academy Syllabus

Offensive Phishing Operations


Available Versions

  1. main – The default implementation. Converts shellcode into randomized alphabetical letters (A–Z, a–z).
  2. entropy-favored – A variation that reduces entropy by:
    • Limiting output to uppercase letters only (A–Z)
    • Introducing random spaces between letters to simulate natural text appearance

The version documented in this README refers to the main branch.


How It Works

1. Encoding:

  • For each raw byte, we determine a random alphabetical offset (A–Z or a–z) via RDRAND.
  • Add offset to the byte, rotate the result by 4 bits, then XOR with 0xA5 (which is user-adjustable).
  • If the resulting byte is not within the ASCII alpha ranges (A–Z or a–z), another offset is chosen.

2. Optional Shuffle Mode:

If SHUFFLE_ORDER is defined, the input shellcode is preprocessed by grouping into 32-bit DWORDs and applying a 16-bit half-word swap. This obfuscates control flow patterns and hinders static signatures before the encoding step.


3. Decoding:

  • Split each output word into offset (high byte) and transformed (low byte).
  • Reverse operations: undo XOR, rotate right by 4, then subtract the offset to recover the original byte.
  • If Shuffle mode was used during encoding, inverse reordering is applied at the end to fully restore the payload.

Output Examples

  • The main banch output:

image


  • The entropy-favored branch output (truncated due to its size):

image


Encoding Function

BOOL AlphabaticalShellcodeEncode(
    IN  PBYTE  pRawHexShellcode,
    IN  DWORD  dwRawHexShellcodeSize,
    OUT PBYTE* ppEncodedShellcode,
    OUT PDWORD pdwEncodedShellcodeSize
);
  • pRawHexShellcode - Base address of the plaintext shellcode to be encoded.
  • dwRawHexShellcodeSize - The size, in bytes, of the plaintext shellcode.
  • ppEncodedShellcode - Output parameter, representing a pointer to a PBYTE variable that will receive the address of the encoded shellcode (ASCII string).
  • pdwEncodedShellcodeSize - Output parameter, representing a pointer to a DWORD variable that will receive the size of the encoded shellcode in bytes.

Decoding Function

BOOL AlphabaticalShellcodeDecode(
    IN  PBYTE  pEncodedShellcode,
    IN  DWORD  dwEncodedShellcodeSize,
    OUT PBYTE* ppDecodedShellcode,
    OUT PDWORD pdwDecodedShellcodeSize
);
  • pEncodedShellcode - Base address of the encoded ASCII shellcode to be decoded.
  • dwEncodedShellcodeSize - The size, in bytes, of the encoded buffer.
  • ppDecodedShellcode - Output parameter, representing a pointer to a PBYTE variable that will receive the address of the decoded shellcode.
  • pdwDecodedShellcodeSize - Output parameter, representing a pointer to a DWORD variable that will receive the size of the decoded shellcode in bytes.

Downside

The encoded output is 2 times larger than the input (since each byte is transformed into a 2-byte WORD).

About

Convert your shellcode into an ASCII string

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

123 stars

Watchers

0 watching

Forks

28 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages