PitchHut logo
Log in / Sign up
hARMless
by
litemars
Encrypt and execute ARM64 ELF binaries securely and efficiently.
Preview url
Visit project
Pitch

hARMless is a powerful ARM64 ELF Packer/Loader designed for AArch64 Linux binaries. It utilizes advanced multi-layer encryption and ensures in-memory execution, eliminating the need to write the original binary to disk. Experience enhanced security with features like code obfuscation, integrity checks, and secure memory management.

Description

hARMless is an advanced ARM64 ELF Packer/Loader designed specifically for AArch64 Linux binaries, serving as a powerful tool for security researchers and developers. It enhances the security of ARM64 ELF executables through a robust multi-layer encryption mechanism and facilitates execution in memory without writing the original binary to disk.

Key Features

  • ARM64 ELF Support: Tailored for AArch64 Linux binaries, ensuring compatibility and efficiency.
  • Multi-Layer Encryption: Implements triple-layer encryption utilizing AES-256, ChaCha20, and RC4 for enhanced security.
  • Memory Execution: Achieves full runtime in-memory execution by encrypting and decrypting binaries using memfd_create, which eliminates traces on disk.
  • Code Obfuscation: Employs sophisticated obfuscation techniques to hinder reverse engineering and analysis.
  • Integrity Verification: Utilizes CRC32 checks to detect any tampering with the binaries.
  • Self-Contained: The packed binaries operate independently, negating the need for additional dependencies.
  • Core Dump Prevention: Uses setrlimit to prevent memory dumps, safeguarding sensitive data.
  • Secure Memory Wiping: Ensures sensitive data is securely erased with a multi-pass wipe.
  • Direct Syscalls: Enhances stealth by bypassing userland hooks with direct syscall implementations.

Technical Overview

The encryption workflow of the hARMless packer can be illustrated as follows:

Original Binary → RC4 → AES-256 → ChaCha20 → Packed Data

Memory Safety and Security Measures

  • Stack Protection: Guarantees a non-executable stack to increase security against attacks.
  • ASLR Compatibility: Promotes health against exploits through position-independent code execution.
  • No Disk Writes: Original binaries remain on disk, ensuring there are no digital footprints.

Usage Instructions

To utilize hARMless, clone the repository and build the project:

# Clone the repository
git clone https://github.com/litemars/hARMless.git
cd hARMless

# Build all components
make all

# Pack a binary
make pack INPUT=your_arm64_binary OUTPUT=packed_binary

# Execute the packed binary
./packed_binary

System Requirements

  • ARM64/AArch64 Linux system or cross-compilation toolchain.
  • GCC for ARM64 and standard development tools are necessary for building the project.

Legal Notice

This tool is intended strictly for authorized penetration testing, security research, education, and red team operations. Unauthorized use is prohibited and may infringe legal statutes.

0 comments

No comments yet.

Sign in to be the first to comment.