Skip to content
/ MalForge Public

MalForge is a tool that modifies ELF binaries by corrupting headers, hiding symbols, and adding fake sections to make reverse engineering harder.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iqlipx/MalForge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
images
images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hexdump
hexdump
 
 
malforge.c
malforge.c
 
 

Repository files navigation

MalForge – ELF Binary Modification Tool

MalForge is a tool designed to manipulate and corrupt ELF binaries, making reverse engineering and binary analysis more challenging. The tool provides multiple corruption techniques, including header modification, symbol table obfuscation, and the addition of decoy sections.

Table of Contents

  1. Features
  2. Installation
  3. Usage
  4. How It Works
  5. Disclaimer
  6. Screenshots

Features

  1. ELF Header Corruption

    • Randomly modifies ELF magic bytes and nullifies the section header offset to hinder ELF analysis tools.

  2. Section Header Overwriting

    • Overwrites random chunks of the section headers to confuse disassemblers and debuggers.

  3. Symbol Table Obfuscation

    • Uses XOR encryption to obfuscate the symbol table, preventing extraction of function names and variable identifiers.

  4. Decoy Section Addition

    • Adds a new section filled with random junk data to mislead reverse engineers.

Installation

  1. Prerequisites:

    • GCC (GNU Compiler Collection) installed on your system.
    • An ELF binary to modify.

  2. Compilation:
    Compile MalForge using the following command:

    gcc -o malforge malforge.c

Usage

To run MalForge, provide the path to an ELF binary as an argument:

./malforge <elf_binary>

Example

./malforge test101

This command will apply all the corruption techniques to the provided ELF binary.

How It Works

  1. ELF Header Corruption MalForge modifies the ELF header by:
  • Changing the ELF magic bytes to random values.
  • Nullifying the section header table offset.
  • This makes the binary harder to parse by tools that rely on the ELF format.

  1. Section Header Overwriting The section headers are partially overwritten with random bytes, rendering the sections unidentifiable and breaking tools that rely on these headers.

  2. Symbol Table Obfuscation The .symtab section, which contains the binary’s symbol information, is XOR-encrypted with a key. This prevents reverse engineers from easily accessing function and variable names.

  3. Decoy Section Addition A decoy section filled with random junk data is added to the binary at an arbitrary offset. This can mislead reverse engineers and make binary analysis more confusing.

Screenshots

test

elf

corrupt

result

HexDump

Disclaimer

MalForge is intended for educational and research purposes only. Unauthorized modification of binaries is illegal in many jurisdictions. Use this tool responsibly and ensure that you have permission before modifying any binary files.

About

MalForge is a tool that modifies ELF binaries by corrupting headers, hiding symbols, and adding fake sections to make reverse engineering harder.

Topics

sectionheader symboltable reverseengineeringprevention iqlip iqlip7 iqlipx malforge binarymodification elfbinary

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages