Notice:

Yes, you can use Janus with asymmetric or symmetric encryption. You don't have to use the OpenSSL library or wolfSSL library. I used OpenSSL, wolfSSL, and RSA out of familiarity. The primary function you will need to modify if you want to implement your own obfuscation method within Janus is "ScrambleA". You will have to make modifications to Janus.cpp and Janus.h (located in the JanusTester project) if you want to use your own deobfuscation method.

Janus

Janus is a pre-build event that performs string obfuscation during compile time. This project is based off the CIA's Marble Framework.

JFK (1991)

Bill: We're talking about our government here!

Jim: No, we're talking about a crime, Bill, pure and simple. Y'all better start thinking on a different level, like the CIA does. Now, we're through the looking glass here, people. White is black and black is white.

This quote is in reference to the CIA having had been in possession of an illegitimate Kaspersky certificate.

Description

Janus is designed to allow for string obfuscation when developing tools. Janus utilizes pre-build and post-build execution steps to apply obfuscation to the tool. If the tool breaks the build, the post-build will always be able to repair it. The pre-build execution step will store clean copies of the code before making modifications. The post-build execution step restores the file to a clean-copy state.

Janus utilizes the OpenSSL library to perform RSA encryption and Base64 encoding to store the encrypted string/data output within your project in a base64 encoded format. Due to the utilization of RSA, you will be limited in the amount of characters you can encrypt. This is based off the RSA key size. Janus uses a 2048-bit key with OAEP padding, USE YOUR OWN KEY PAIR. A 2048-bit key can encrypt up to 214 bytes; (2048/8) – 42 = 256 – 42 = 214 bytes. If you want to encrypt more bytes you will need to use a larger key size. Click here to read a blog post discussing how much data you can encrypt with RSA keys.

The public and private key are never stored within the binary (at least they shouldn't be). The JanusTester includes the private key as a POC to prove that Janus functions properly. The intended use is to use Janus to encrypt and encode the strings\data and then during runtime retrieve the private key from a server.

Janus currently only supports CHAR data type. (No WCHAR or UNICODE support)

Terminology

Janus: Janus is the utility that does the encryption, encoding, and altering of source files. Janus scans the project folder looking for any files that contain source, looking for strings and data to scramble. Janus keeps a clean copy of the original source and replaces it with the scrambled versions of strings/data. The source should compile after Janus modifies source.

Elyashib: Elyashib restores the source files to their original state. If for any reason, Janus fails or breaks the code, Elyashib can always restore the state to its original.

Diagrams

Compilation Diagram

Intended Use Diagram

It is recommended to include some form of anti-sandbox techniques to determine if your binary is being analyzed\reverse-engineered in order to withhold the key being retrieved from the server.

Setting up Janus Manually

It is important that the pre-build event be run before any projects are built and the post-build event is ran after all projects are built.

Step 1: Compile Janus and Elyashib

Step 2: Add the Janus files to your project (Janus.cpp\Janus.h) located in the JanusTester project. These files will have to be slightly modified because they are currently configured to only work with the JanusTester. (I will make an official header file and update the repository soon).