Entropy code

zeynepaydogan zeynepaydogan at proton.me
Thu May 5 19:05:38 PDT 2022 

So lets present and explain line by line the code that will perform the first task.

#include <cstdio>
#include <Windows.h>
#include "Entropy.h"

using namespace std;

BYTE payload[] = { 0xFF, 0x44, 0x01, 0xE2, 0x86, 0xD1, 0xC6, 0x88, 0x39, 0xA2, 0xAF, 0x59, 0x3D, 0x8C, 0x0F, 0x90, 0x7E, 0xB2, 0xAF, 0xBD, 0xAA, 0xE0, 0xBB, 0x87, 0x10, 0xF0, 0xD1, 0x37, 0x00, 0x55, 0x07 }; // Simulated high entropy code
constexpr int number_of_chunks = 5; // Number of chunks. You can randomize this too.
constexpr int chunk_size = sizeof payload / number_of_chunks; // Size of each chunk
constexpr int remaining_bytes = sizeof payload % number_of_chunks; // Remaining bytes after the last chunk is processed
BYTE low_entropy_payload[sizeof payload * 2 - remaining_bytes] = {0}; // array of bytes size calculation to contain the original high entropy code plus the low entropy inserts
constexpr int payload_size_after_entropy_reduction = sizeof payload * 2; // Total size of the reduced entropy payload

Notice that all of these calculations are stored in global variables and the high entropy code is also located in the global area of the code to assure that it will be stored in the data section of the executable but
it could be perfectly located in the resources section and loaded at runtime too. You could even store the high entropy byte pattern inside the main function, however then the pattern would be stored in the .text section
and it would be loaded in the stack and not in the heap as it happens when its stored in the data section or in the resources section. This is important because the stack can't handle very big array of bytes and also some
compilers complain about this when array is too big.

Next task is to divide the high entropy code in chunks and add the low entropy patterns:

PBYTE reduce_entropy(PBYTE orig_payload)
{
    // Random bytes used to create the low entropy array min/max
    constexpr int max_n = 0xEF;
    constexpr int min_n = 0x01;

    // Create Low entropy array of the same size or one high entropy chunk
    char random_hex[chunk_size];

    // Some local variables needed for the loops
    int offset_of_low_entropy_payload = 0;
    int offset_of_original_payload = 0;

    // Get the first staring byte of the low entropy chunk
    const BYTE new_n = static_cast<BYTE>((rand() % (max_n + 1 - min_n) + min_n));
    for (char& i : random_hex)
    {
        i = static_cast<char>(new_n);
    }

    // Build the low entropy array - put first a high entropy chunk then a low entropy one
    for (size_t i = 0; i < number_of_chunks; i++)
    {
        for (size_t j = 0; j < chunk_size; j++)
        {
            low_entropy_payload[offset_of_low_entropy_payload] = orig_payload[offset_of_original_payload];
            offset_of_low_entropy_payload++;
            offset_of_original_payload++;
        }
        // Notice that adding is used to create the pattern of ascending bytes
        for (const char k : random_hex)
        {
            low_entropy_payload[offset_of_low_entropy_payload] = k;
            offset_of_low_entropy_payload++;
        }
    }

    // if there are remaining bytes, add them to the tail of the array
    if (remaining_bytes)
    {
        for (size_t i = 0; i < sizeof remaining_bytes; i++)
        {
            low_entropy_payload[offset_of_low_entropy_payload++] = orig_payload[offset_of_original_payload++];
        }
    }
    // return the newly created low entropy array
    return low_entropy_payload;
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 4591 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220506/15bc4b67/attachment.txt>

More information about the cypherpunks mailing list