III. Creating EKey Modules

EKey modules are executed prior to payload generation, and are used to derive encryption keys that can be used by DropEngine's Crypter module to encrypt the payload. Below is a template for creating an EKey module.

Template:

class MEKey(EKey):

    def __init__(self):

        if config.debug:
            print('calling MEKey.__init__()')

        super().__init__()

        self.name = ''
        self.mtype = 'ekey'
        self.author = ''
        self.description = ''

        self.compatible_omodules = [

            '',

        ]

        self.compatible_interfaces = [
            '',
        ]

    def add_arguments(self):

        #self.parser.add_argument(...
        pass

    def generate(self):
        return {
            'val' : ekey_val,
            'len' : ekey_len,
            'options' : self.args.__dict__,
        }

Required Structure:

EKey modules meet the following requirements:

• Must be of type MEKey
• Must inherit from type EKey
• As with all modules, must make a call to super().__init__() at the start of the constructor
• Must have a generate() function (defined in the following subsection)

Required Function: generate()

All EKey modules must have a generatet() function that accepts no arguments, performs some action, and then returns a dictionary containing the encryption key, encryption key length, as well as any command line arguments passed to the module.

• Required inputs: None
• Required output (dictionary with the following minimum structure): { 'val' : ekey_value, 'len' : ekey_length, 'options' : self.args.__dict__ }

Required Attributes:

• name - the name of the module

• mtype - the module type (must be set to 'ekey')

• author- the name of the module author

• description - a brief description of what the module does

• compatible_interfaces - a list of interface modules that are compatible with the module

• compatible_omodules - a list of compatible output modules (for example, a ekey module will have a list of compatible dkey modules)

Creating EKey Modules Using the DropEngine Module Maker

DropEngine's Module Maker can be used to easily create a skeleton from which to build an EKey module, as shown in the following example.

Command:

python csharp_module_maker.py \
--type ekey \
--name test_module \
--author s0lst1c3 \
--description itsanekey \
--compatible-omodules asdf \
--compatible-interfaces csharp_runner_interface

Example Output:

(venv) s0lst1c3@DESKTOP-NC0U49D:/mnt/c/Users/s0lst1c3/mmtest/dropengine$ python csharp_module_maker.py \
> --type ekey \
> --name test_module \
> --author s0lst1c3 \
> --description itsanekey \
> --compatible-omodules asdf \
> --compatible-interfaces csharp_runner_interface
[*] Saved new module to path: modules/input/ekeys/test_module.py
(venv) s0lst1c3@DESKTOP-NC0U49D:/mnt/c/Users/s0lst1c3/mmtest/dropengine$