A Python-based tool for studying and practicing Windows PE binary obfuscation techniques. This tool is designed for educational purposes and should only be used in authorized lab environments.
- Section creation and modification
- Section splitting and merging
- Space validation and alignment
- Section table updates
- Random name generation
- Common section name mimicry
- Length-preserving mutations
- PE format compatibility validation
- Multiple encryption algorithms (XOR, AES, RC4, custom)
- Dynamic key generation
- String detection and encryption
- Runtime decryption support
- Resource string manipulation
- String table modification
- Debugger detection and evasion
- Virtualization detection
- Process environment checks
- Hardware breakpoint detection
- API hooking detection
- Timing-based checks
- Parent process verification
- Section content encryption
- Base64 encoding
- Compression
- Polymorphic characteristics
- Critical section protection
- PE format validation
- Alignment verification
- Comprehensive error handling
# Clone the repository
git clone https://github.com/rileymxyz/payload_obfuscator.git
cd payload_obfuscator
# Create and activate virtual environment (recommended)
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install package
pip install .# Clone the repository
git clone https://github.com/rileymxyz/payload_obfuscator.git
cd payload_obfuscator
# Create and activate virtual environment
python -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
# Install in development mode
pip install -e .
# Install development dependencies
pip install -r requirements-dev.txt # if you have additional dev requirementsIf you encounter import errors:
- Make sure you've installed the package (
pip install .orpip install -e .) - Verify your Python environment is activated
- Check that all dependencies are installed
- If using from source directory, make sure you're in the correct directory
Common issues:
- ModuleNotFoundError: Make sure the package is installed
- ImportError: Check that all dependencies are installed
- PermissionError: Use appropriate permissions/sudo when needed
from payload_obfuscator.src.obfuscator import PayloadObfuscator
# Initialize obfuscator
obfuscator = PayloadObfuscator("input.exe", "output_dir")
# Obfuscate the payload
obfuscator.obfuscate()python3 -m payload_obfuscator.src.obfuscator input.exe -o output_dirfrom payload_obfuscator.src.obfuscator import PayloadObfuscator
obfuscator = PayloadObfuscator("input.exe", "output_dir")
pe = obfuscator.pe_handler.load_pe("input.exe")
# Encrypt strings using specific method
obfuscator.string_handler.encrypt_strings(pe, method="aes")
# Encrypt strings in specific sections
obfuscator.string_handler.encrypt_strings(pe, method="xor", section_names=[".text", ".data"])
# Get string table information
info = obfuscator.string_handler.get_string_table_info(pe)# Check execution environment
env_check = obfuscator.anti_analysis_handler.check_environment()
# Apply evasion techniques
obfuscator.anti_analysis_handler.apply_evasion_techniques(
skip_debugger=False,
skip_vm=False
)
# Get detailed environment info
env_info = obfuscator.anti_analysis_handler.get_environment_info()# Randomize specific section
section = pe.sections[0]
obfuscator.section_handler.randomize_section_name(pe, section, strategy="random")
# Randomize all non-critical sections
obfuscator.section_handler.randomize_all_section_names(pe, skip_critical=True, strategy="mimic")- This tool is for educational purposes only
- Use only in authorized lab environments
- Do not use on production systems
- Follow all applicable laws and regulations
- Practice responsible disclosure
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Create a Pull Request
This tool is intended for educational purposes only, specifically for practicing techniques within authorized lab environments. The authors are not responsible for any misuse or damage caused by this tool.
- PE format documentation
- Python pefile library