Skip to content

Karkas66/HashArrayCrafter

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
HashArray
HashArray
 
 
.gitignore
.gitignore
 
 
HashArray.sln
HashArray.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

HashArrayCrafter

C# Rust Windows License

A stealthy shellcode hiding tool that embeds payloads within randomized hash arrays to evade AV/EDR detection.

⚠️ EDUCATIONAL PURPOSES ONLY
This project is strictly for authorized penetration testing and security research in controlled environments. Misuse may violate computer fraud laws and ethical guidelines.

The Why

  • Inspired and developed during my self-study of the malware development course by Maldev Academy
  • Goal: Generate a more or less generic shellcode loader to bypass AVs and less advanced EDR/XDR solutions (successfully achieved!)
  • The Way: Stupid AVs tend to skip ressource intense function by patching loops and IF statements and analyze what happens after them. You can not skip this logic and preserve functionality, so it looks like a normal program to a stupid scanner
  • First iteration used plain C# code, but C# is very slow and easy to reverse engineer → redesigned to:
    • Make C# loader optional
    • Preserve core array-crafting logic while enabling native execution paths
  • Parallel development of sister project StarShot (Rust) to fully compensate for C#'s performance and security limitations with a lot of extra functionality

Workflow

  1. The program takes the path to a shellcode file as a plain argument.
  2. The payload size is analyzed.
  3. The user is prompted to define the final size of the hash array in which the payload will be stored.
    Recommendations are provided based on payload size.
  4. An array with the user-defined size is created and filled with random data.
  5. The following hashes are calculated:
    • SHA-512 of the original payload
    • SHA-512 of the gzip-compressed payload
  6. A random position within the array is selected.
  7. The compressed payload bytes are inserted into the array at that position.

Optional Features

  • Dry Run (C#):
    Test restoration of the original payload content without executing it.

  • C# Loader Generation:
    Generates a c# loader file capable of restoring and executing the payload (you have to compile it yourself) (includes a fiber-based execution approach).

  • Rust Code Blob Generation:
    Produces a Rust-compatible payload blob designed to work seamlessly with the sister project StarShot.

Usage

Clone the repository:

git clone <repo-url>
cd <repo>

Compile according to your preferred toolchain, then run the program with your shellcode as argument:

HashArrayCrafter.exe payload.bin

Notes

You can use my own project called CelestialSpark to generate shellcode for testing purposes.

Disclaimer

This project was created for educational and research purposes only.
Use responsibly and only in controlled lab environments.

"With great power comes great responsibility" — Uncle Ben (and every infosec professional ever)

About

C# Code to hide a Payload in a random Data array. AVs tend to skip ressource intensive operations like "decrypting" the original data from the array. Ships with support for a basic C# Loader and the StarShot Rust based Shellcode loader

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages