nullsecuritynet
Fatal Error Detected: Cannot open Self (pyinstaller exe cannot run after encryption)
I have a file I cannot run after encrypting with hyperion v2.3.1: -rwxrwxrwx 1 root root 8394507 May 22 23:09 helloworld_python.exe PE32+ executable (GUI) x86-64, for MS Windows
I can successfully compile all the examples with hyperion. However when I try the following: wine hyperion.exe -k 2 -s 2 helloworld_python.exe hello_encr.exe wine test_encr.exe
it throws this popup error: Fatal Error Detected Cannot open self z:\root\testdir\hyperion-2.3.1\hello_encr.exe or archive z:\root\testdir\hyperion-2.3.1\hello_encr.pkg
I tried it on windows and it throws the same error.
What makes helloworld_python.exe unique is I compiled it with pyinstaller: cat helloworld_python.py print("hello world")
pyinstaller --onefile --noupx --noconsole test.py
Hi there,
interesting problem. I never tried pyinstaller. Can you encrypt ur exe with the log option enabled and send me the log.txt?
Kind regards,
Christian
On 5/24/20 4:50 PM, dsturge01 wrote:
I have a file I cannot run after encrypting with hyperion v2.3.1: -rwxrwxrwx 1 root root 8394507 May 22 23:09 helloworld_python.exe PE32+ executable (GUI) x86-64, for MS Windows
I can successfully compile all the examples with hyperion. However when I try the following: wine hyperion.exe -k 2 -s 2 helloworld_python.exe hello_encr.exe wine test_encr.exe
it throws this popup error: Fatal Error Detected Cannot open self z:\root\testdir\hyperion-2.3.1\hello_encr.exe or archive z:\root\testdir\hyperion-2.3.1\hello_encr.pkg
I tried it on windows and it throws the same error.
What makes helloworld_python.exe unique is I compiled it with pyinstaller: cat helloworld_python.py print("hello world")
pyinstaller --onefile --noupx --noconsole test.py
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/nullsecuritynet/tools/issues/16, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACR6JMR3CYV3JQXHKFC2EALRTEX27ANCNFSM4NI5KGIA.
log.txt
Hyperion Logfile
Bruteforcing Key Verifying Checksum Verifying PE
Mapping File into Memory Set Image writable: 0000000140000000 .text 0000000140001000 .rdata 0000000140023000 .data 0000000140033000 .pdata 000000014003F000 _RDATA 0000000140041000 .rsrc 0000000140042000 .reloc 0000000140051000
Loading APIs Import Table: 0000000140031F68
Processing Import Directory: KERNEL32.dll Name: GetModuleFileNameW Name: GetProcAddress Name: GetCommandLineW Name: GetEnvironmentVariableW Name: SetEnvironmentVariableW Name: ExpandEnvironmentStringsW Name: GetTempPathW Name: WaitForSingleObject Name: SetDllDirectoryW Name: GetExitCodeProcess Name: CreateProcessW Name: GetStartupInfoW Name: LoadLibraryExW Name: CreateDirectoryW Name: LoadLibraryA Name: FormatMessageW Name: MultiByteToWideChar Name: WideCharToMultiByte Name: SetEndOfFile Name: Sleep Name: GetLastError Name: WriteConsoleW Name: HeapReAlloc Name: RtlCaptureContext Name: RtlLookupFunctionEntry Name: RtlVirtualUnwind Name: UnhandledExceptionFilter Name: SetUnhandledExceptionFilter Name: GetCurrentProcess Name: TerminateProcess Name: IsProcessorFeaturePresent Name: QueryPerformanceCounter Name: GetCurrentProcessId Name: GetCurrentThreadId Name: GetSystemTimeAsFileTime Name: InitializeSListHead Name: IsDebuggerPresent Name: GetModuleHandleW Name: RtlUnwindEx Name: SetLastError Name: EnterCriticalSection Name: LeaveCriticalSection Name: DeleteCriticalSection Name: InitializeCriticalSectionAndSpinCount Name: TlsAlloc Name: TlsGetValue Name: TlsSetValue Name: TlsFree Name: FreeLibrary Name: RaiseException Name: GetCommandLineA Name: ReadFile Name: CreateFileW Name: GetDriveTypeW Name: GetFileInformationByHandle Name: GetFileType Name: CloseHandle Name: PeekNamedPipe Name: SystemTimeToTzSpecificLocalTime Name: FileTimeToSystemTime Name: GetFullPathNameW Name: RemoveDirectoryW Name: FindClose Name: FindFirstFileExW Name: FindNextFileW Name: SetStdHandle Name: SetConsoleCtrlHandler Name: DeleteFileW Name: GetStdHandle Name: WriteFile Name: ExitProcess Name: GetModuleHandleExW Name: HeapAlloc Name: HeapFree Name: GetConsoleMode Name: ReadConsoleW Name: SetFilePointerEx Name: GetConsoleCP Name: GetFileSizeEx Name: CompareStringW Name: LCMapStringW Name: GetCurrentDirectoryW Name: FlushFileBuffers Name: GetFileAttributesExW Name: IsValidCodePage Name: GetACP Name: GetOEMCP Name: GetCPInfo Name: GetEnvironmentStringsW Name: FreeEnvironmentStringsW Name: GetStringTypeW Name: GetProcessHeap Name: GetTimeZoneInformation Name: HeapSize
Processing Import Directory: ADVAPI32.dll Name: ConvertStringSecurityDescriptorToSecurityDescriptorW
Processing Import Directory: WS2_32.dll Ordinal: 000000000000000E
Setting Section Permissions 0000000140000000 0000000140001000 0000000140023000 0000000140033000 000000014003F000 0000000140041000 0000000140042000 0000000140051000
verbose output: hyperion3.exe -k 2 -s 2 -l -v hello.exe hello_encr.exe
| Stage 1: Analyzing input file |
Opening hello.exe Successfully copied file to memory location: 0xa5d020 Found valid MZ signature Found pointer to PE Header: 0x108 Found valid PE signature Found 64 bit binary Image base is 0x140000000 Image size is 0x100052000 Found commandline flag in binary
| Stage 2: Generating ASM files |
format PE64 console 5.0 at IMAGE_BASE written to Src\Container\64\main_prolog.inc Input file size + Checksum: 0x628202 Rounded up to a multiple of key size: 0x628210 INFILE_SIZE equ 0x628210 written to Src\Container\64\infile_size.inc Generated checksum: 0x3137f020 Generated Encryption Key: 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 Written encrypted input file as FASM array to: Src\Container\64\infile_array.inc IMAGE_BASE equ 0x140000000 written to Src\Container\64\image_base.inc IMAGE_SIZE equ 0x52000 written to Src\Container\64\image_size.inc REAL_KEY_SIZE equ 0x2 written to Src\Container\64\key_size.inc REAL_KEY_RANGE equ 0x2 written to Src\Container\64\key_size.inc include 'logfile_enable.asm' written to Src\Container\64\logfile_select.asm include '....\Payloads\Aes\64\aes.inc' written to Src\Container\64\decryption_payload.asm include '....\Payloads\Aes\64\aes.asm' written to Src\Container\64\decryption_payload.asm include '....\Payloads\Aes\64\decryptexecutable.asm' written to Src\Container\64\decryption_payload.asm
| Stage 3: Generating Executable |
Starting FASM with the following parameters: Commandline: Fasm\FASM.EXE Src\Container\64\main.asm hello_encr.exe FASM Working Directory: C:\Users\IEUser\Videos\Hyperion-2.3.1\Hyperion-2.3.1 flat assembler version 1.71.54 (1048576 kilobytes memory) 7 passes, 5.1 seconds, 6467584 bytes.
Done :-)
Thx :) The log output looks fine. When I have the time, ill try to reproduce the error and debug the binary to see whats going on.
On 5/24/20 5:53 PM, dsturge01 wrote:
log.txt Hyperion LogfileBruteforcing Key Verifying Checksum Verifying PE
Mapping File into Memory Set Image writable: 0000000140000000 .text 0000000140001000 .rdata 0000000140023000 .data 0000000140033000 .pdata 000000014003F000 _RDATA 0000000140041000 .rsrc 0000000140042000 .reloc 0000000140051000
Loading APIs Import Table: 0000000140031F68
Processing Import Directory: KERNEL32.dll Name: GetModuleFileNameW Name: GetProcAddress Name: GetCommandLineW Name: GetEnvironmentVariableW Name: SetEnvironmentVariableW Name: ExpandEnvironmentStringsW Name: GetTempPathW Name: WaitForSingleObject Name: SetDllDirectoryW Name: GetExitCodeProcess Name: CreateProcessW Name: GetStartupInfoW Name: LoadLibraryExW Name: CreateDirectoryW Name: LoadLibraryA Name: FormatMessageW Name: MultiByteToWideChar Name: WideCharToMultiByte Name: SetEndOfFile Name: Sleep Name: GetLastError Name: WriteConsoleW Name: HeapReAlloc Name: RtlCaptureContext Name: RtlLookupFunctionEntry Name: RtlVirtualUnwind Name: UnhandledExceptionFilter Name: SetUnhandledExceptionFilter Name: GetCurrentProcess Name: TerminateProcess Name: IsProcessorFeaturePresent Name: QueryPerformanceCounter Name: GetCurrentProcessId Name: GetCurrentThreadId Name: GetSystemTimeAsFileTime Name: InitializeSListHead Name: IsDebuggerPresent Name: GetModuleHandleW Name: RtlUnwindEx Name: SetLastError Name: EnterCriticalSection Name: LeaveCriticalSection Name: DeleteCriticalSection Name: InitializeCriticalSectionAndSpinCount Name: TlsAlloc Name: TlsGetValue Name: TlsSetValue Name: TlsFree Name: FreeLibrary Name: RaiseException Name: GetCommandLineA Name: ReadFile Name: CreateFileW Name: GetDriveTypeW Name: GetFileInformationByHandle Name: GetFileType Name: CloseHandle Name: PeekNamedPipe Name: SystemTimeToTzSpecificLocalTime Name: FileTimeToSystemTime Name: GetFullPathNameW Name: RemoveDirectoryW Name: FindClose Name: FindFirstFileExW Name: FindNextFileW Name: SetStdHandle Name: SetConsoleCtrlHandler Name: DeleteFileW Name: GetStdHandle Name: WriteFile Name: ExitProcess Name: GetModuleHandleExW Name: HeapAlloc Name: HeapFree Name: GetConsoleMode Name: ReadConsoleW Name: SetFilePointerEx Name: GetConsoleCP Name: GetFileSizeEx Name: CompareStringW Name: LCMapStringW Name: GetCurrentDirectoryW Name: FlushFileBuffers Name: GetFileAttributesExW Name: IsValidCodePage Name: GetACP Name: GetOEMCP Name: GetCPInfo Name: GetEnvironmentStringsW Name: FreeEnvironmentStringsW Name: GetStringTypeW Name: GetProcessHeap Name: GetTimeZoneInformation Name: HeapSize
Processing Import Directory: ADVAPI32.dll Name: ConvertStringSecurityDescriptorToSecurityDescriptorW
Processing Import Directory: WS2_32.dll Ordinal: 000000000000000E
Setting Section Permissions 0000000140000000 0000000140001000 0000000140023000 0000000140033000 000000014003F000 0000000140041000 0000000140042000 0000000140051000
verbose output: hyperion3.exe -k 2 -s 2 -l -v hello.exe hello_encr.exe
| Stage 1: Analyzing input file |Opening hello.exe Successfully copied file to memory location: 0xa5d020 Found valid MZ signature Found pointer to PE Header: 0x108 Found valid PE signature Found 64 bit binary Image base is 0x140000000 Image size is 0x100052000 Found commandline flag in binary
| Stage 2: Generating ASM files |format PE64 console 5.0 at IMAGE_BASE written to Src\Container\64\main_prolog.inc Input file size + Checksum: 0x628202 Rounded up to a multiple of key size: 0x628210 INFILE_SIZE equ 0x628210 written to Src\Container\64\infile_size.inc Generated checksum: 0x3137f020 Generated Encryption Key: 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 0x0 Written encrypted input file as FASM array to: Src\Container\64\infile_array.inc IMAGE_BASE equ 0x140000000 written to Src\Container\64\image_base.inc IMAGE_SIZE equ 0x52000 written to Src\Container\64\image_size.inc REAL_KEY_SIZE equ 0x2 written to Src\Container\64\key_size.inc REAL_KEY_RANGE equ 0x2 written to Src\Container\64\key_size.inc include 'logfile_enable.asm' written to Src\Container\64\logfile_select.asm include '....\Payloads\Aes\64\aes.inc' written to Src\Container\64\decryption_payload.asm include '....\Payloads\Aes\64\aes.asm' written to Src\Container\64\decryption_payload.asm include '....\Payloads\Aes\64\decryptexecutable.asm' written to Src\Container\64\decryption_payload.asm
| Stage 3: Generating Executable |Starting FASM with the following parameters: Commandline: Fasm\FASM.EXE Src\Container\64\main.asm hello_encr.exe FASM Working Directory: C:\Users\IEUser\Videos\Hyperion-2.3.1\Hyperion-2.3.1 flat assembler version 1.71.54 (1048576 kilobytes memory) 7 passes, 5.1 seconds, 6467584 bytes.
Done :-)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nullsecuritynet/tools/issues/16#issuecomment-633251210, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACR6JMSGLUBRZIU7RL3OUVDRTE7G3ANCNFSM4NI5KGIA.