GhostSec Gift That Keeps On Giving

1. // FOR EDUCATIONAL PURPOSES ONLY
2.  
3. // GhostSec Gift Documentation
4.  
5. // Overview
6.  
7. // Welcome to GhostSec Gift, a powerful utility offering secure file operations, robust encryption, decryption, digital signatures, and the unique ability to bind executables to media files. Leveraging the prowess of OpenSSL and libzip libraries, GhostSec Gift ensures advanced cryptographic functions and efficient archive management.
8.  
9. // Installation
10.  
11. // Prerequisites:
12.  
13. // Ensure OpenSSL is installed on your system. Use your package manager for streamlined installation, such as:
14.  
15. ```bash
16. sudo apt-get install libssl-dev
17. ```
18.  
19. // Compilation:
20.  
21. // Compile GhostSec Gift with a C++ compiler, specifying the required libraries:
22.  
23. ```bash
24. g++ GhostSec_Gift.cpp -o GhostSec_Gift -lssl -lcrypto -lzip
25. ```
26.  
27. // Setup
28.  
29. // Step 1: Generate or Load RSA Keys
30.  
31. // Initialize GhostSec Gift to generate RSA key pairs:
32.  
33. ```bash
34. ./GhostSec_Gift
35. ```
36.  
37. // This creates a private key (`private_key.pem`) and a corresponding public key (`public_key.pem`) with a default key size of 4096 bits.
38.  
39. // Step 2: Encrypt a File with Fernet
40.  
41. // Encrypt files seamlessly with Fernet encryption:
42.  
43. ```bash
44. ./GhostSec_Gift
45. ```
46.  
47. // Specify the input file path (`input.txt`), output file path (`encrypted.fernet`), and a dynamically generated Fernet key.
48.  
49. // Step 3: Encrypt the Fernet Key with RSA Public Key
50.  
51. // Secure the Fernet key by encrypting it with the RSA public key:
52.  
53. ```bash
54. ./GhostSec_Gift
55. ```
56.  
57. // Load the RSA public key and generate the encrypted Fernet key file (`encrypted_fernet_key`).
58.  
59. // Step 4: Sign a File with RSA Private Key
60.  
61. // Digitally sign a file using the RSA private key:
62.  
63. ```bash
64. ./GhostSec_Gift
65. ```
66.  
67. // This produces a signature file (`.sig`) for the specified input file (`input.txt`).
68.  
69. // Step 5: Verify Digital Signature
70.  
71. // Ensure the integrity of a file's digital signature using the RSA public key:
72.  
73. ```bash
74. ./GhostSec_Gift
75. ```
76.  
77. // Step 6: Calculate Hash of Encrypted Fernet Key
78.  
79. // Compute the hash of the encrypted Fernet key file:
80.  
81. ```bash
82. ./GhostSec_Gift
83. ```
84.  
85. // Step 7: Decrypt Fernet Key with RSA Private Key
86.  
87. // Decrypt the encrypted Fernet key using the RSA private key:
88.  
89. ```bash
90. ./GhostSec_Gift
91. ```
92.  
93. // Step 8: Decrypt File with Decrypted Fernet Key
94.  
95. // Decrypt a file utilizing the decrypted Fernet key:
96.  
97. ```bash
98. ./GhostSec_Gift
99. ```
100.  
101. // Step 9: Encrypt Multiple Files into a Single Archive
102.  
103. // Effortlessly encrypt multiple files into a single archive:
104.  
105. ```bash
106. ./GhostSec_Gift
107. ```
108.  
109. // Specify input files (`file1.txt`, `file2.txt`), the output archive (`multiple_files_archive.zip`), and an optional payload.
110.  
111. // Step 10: Decrypt Single Archive Containing Multiple Files
112.  
113. // Decrypt a single archive housing multiple files:
114.  
115. ```bash
116. ./GhostSec_Gift
117. ```
118.  
119. // Step 11: Bind EXE to Media
120.  
121. // Bind an executable to a media file for a seamless integration:
122.  
123. ```bash
124. ./GhostSec_Gift
125. ```
126.  
127. // Specify the input media (`media.mp4`), the executable (`your_program.exe`), and the output media with the embedded executable (`media_with_exe.mp4`).
128.  
129. // Step 12: Extract EXE from Bound Media
130.  
131. // Uncover the embedded executable from media with a bound executable:
132.  
133. ```bash
134. ./GhostSec_Gift
135. ```
136.  
137. // Specify the input media with the embedded executable (`media_with_exe.mp4`) and the output executable (`extracted_program.exe`).
138.  
139. // Important Considerations
140.  
141. // - Verify proper file permissions for read and write access.
142. // - Replace placeholder filenames and passphrases with actual values.
143. // - Exercise caution when binding an EXE to media, as it may impact the media file.
144.  
145. // Troubleshooting
146.  
147. // - Confirm OpenSSL and libzip library versions.
148. // - Ensure the availability of required header files.
149.  
150. // GhostSec Gift is your all-in-one solution for cryptographic and file manipulation needs. Tailor its usage to meet specific use cases and adhere to stringent security requirements. Happy encrypting!
151.  
152. cpp
153. #include <iostream>
154. #include <fstream>
155. #include <sstream>
156. #include <vector>
157. #include <openssl/rsa.h>
158. #include <openssl/pem.h>
159. #include <openssl/fernet.h>
160. #include <openssl/sha.h>
161. #include <openssl/rand.h>
162. #include <openssl/evp.h>
163. #include <openssl/bio.h>
164. #include <openssl/buffer.h>
165. #include <openssl/md5.h>
166. #include <openssl/err.h>
167. #include <zip.h>
168.  
169. using namespace std;
170.  
171. // Generate or load RSA keys
172. pair<RSA*, RSA*> generate_rsa_keypair(int key_size = 4096) {
173. RSA *private_key = RSA_generate_key(key_size, RSA_F4, nullptr, nullptr);
174. RSA *public_key = RSAPublicKey_dup(private_key);
175. return make_pair(private_key, public_key);
176. }
177.  
178. void save_rsa_key(RSA *key, const char *filename, const char *passphrase = nullptr) {
179. BIO *bio = BIO_new_file(filename, "wb");
180. if (bio) {
181. if (passphrase) {
182. EVP_PKEY *evp_key = EVP_PKEY_new();
183. EVP_PKEY_set1_RSA(evp_key, key);
184. PEM_write_bio_PKCS8PrivateKey(bio, evp_key, EVP_aes_256_cbc(), nullptr, 0, nullptr, passphrase);
185. EVP_PKEY_free(evp_key);
186. } else {
187. PEM_write_bio_RSAPrivateKey(bio, key, nullptr, nullptr, 0, nullptr, nullptr);
188. }
189. BIO_free(bio);
190. }
191. }
192.  
193. RSA* load_rsa_key(const char *filename, const char *passphrase = nullptr) {
194. RSA *key = nullptr;
195. BIO *bio = BIO_new_file(filename, "rb");
196. if (bio) {
197. if (passphrase) {
198. key = PEM_read_bio_RSAPrivateKey(bio, nullptr, nullptr, const_cast<char*>(passphrase));
199. } else {
200. key = PEM_read_bio_RSAPrivateKey(bio, nullptr, nullptr, nullptr);
201. }
202. BIO_free(bio);
203. }
204. return key;
205. }
206.  
207. // Encrypt a file using Fernet symmetric encryption
208. void encrypt_file(const char *file_path, const char *output_path, const string &fernet_key) {
209. FILE *file = fopen(file_path, "rb");
210. FILE *output_file = fopen(output_path, "wb");
211.  
212. if (file && output_file) {
213. FERNET_CTX *ctx = FERNET_init(fernet_key.c_str());
214. if (ctx) {
215. FERNET_encrypt_file(ctx, file, output_file);
216. FERNET_cleanup(ctx);
217. }
218.  
219. fclose(file);
220. fclose(output_file);
221. }
222. }
223.  
224. // Decrypt a file using Fernet symmetric encryption
225. void decrypt_file(const char *file_path, const char *output_path, const string &fernet_key) {
226. FILE *file = fopen(file_path, "rb");
227. FILE *output_file = fopen(output_path, "wb");
228.  
229. if (file && output_file) {
230. FERNET_CTX *ctx = FERNET_init(fernet_key.c_str());
231. if (ctx) {
232. FERNET_decrypt_file(ctx, file, output_file);
233. FERNET_cleanup(ctx);
234. }
235.  
236. fclose(file);
237. fclose(output_file);
238. }
239. }
240.  
241. // Sign a file with the RSA private key
242. void sign_file(const char *file_path, RSA *private_key) {
243. FILE *file = fopen(file_path, "rb");
244. if (file) {
245. fseek(file, 0, SEEK_END);
246. long file_size = ftell(file);
247. fseek(file, 0, SEEK_SET);
248.  
249. unsigned char *data = (unsigned char *)malloc(file_size);
250. fread(data, 1, file_size, file);
251. fclose(file);
252.  
253. unsigned char *signature = (unsigned char *)malloc(RSA_size(private_key));
254.  
255. unsigned int signature_len;
256. if (RSA_sign(NID_sha256, data, file_size, signature, &signature_len, private_key) == 1) {
257. FILE *signature_file = fopen((string(file_path) + ".sig").c_str(), "wb");
258. if (signature_file) {
259. fwrite(signature, 1, signature_len, signature_file);
260. fclose(signature_file);
261. }
262. }
263.  
264. free(data);
265. free(signature);
266. }
267. }
268.  
269. // Verify the digital signature of a file
270. bool verify_signature(const char *file_path, RSA *public_key) {
271. FILE *file = fopen(file_path, "rb");
272. if (file) {
273. fseek(file, 0, SEEK_END);
274. long file_size = ftell(file);
275. fseek(file, 0, SEEK_SET);
276.  
277. unsigned char *data = (unsigned char *)malloc(file_size);
278. fread(data, 1, file_size, file);
279. fclose(file);
280.  
281. FILE *signature_file = fopen((string(file_path) + ".sig").c_str(), "rb");
282. if (signature_file) {
283. fseek(signature_file, 0, SEEK_END);
284. long signature_size = ftell(signature_file);
285. fseek(signature_file, 0, SEEK_SET);
286.  
287. unsigned char *signature = (unsigned char *)malloc(signature_size);
288. fread(signature, 1, signature_size, signature_file);
289. fclose(signature_file);
290.  
291. int result = RSA_verify(NID_sha256, data, file_size, signature, signature_size, public_key);
292.  
293. free(data);
294. free(signature);
295.  
296. return result == 1;
297. }
298. }
299.  
300. return false;
301. }
302.  
303. // Calculate the hash of a file
304. string calculate_hash(const char *file_path) {
305. FILE *file = fopen(file_path, "rb");
306. if (file) {
307. SHA256_CTX sha256_ctx;
308. SHA256_Init(&sha256_ctx);
309.  
310. unsigned char buffer[65536];
311. size_t bytes_read;
312.  
313. while ((bytes_read = fread(buffer, 1, sizeof(buffer), file)) > 0) {
314. SHA256_Update(&sha256_ctx, buffer, bytes_read);
315. }
316.  
317. unsigned char hash[SHA256_DIGEST_LENGTH];
318. SHA256_Final(hash, &sha256_ctx);
319.  
320. fclose(file);
321.  
322. stringstream ss;
323. for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
324. ss << hex << setw(2) << setfill('0') << static_cast<int>(hash[i]);
325. }
326.  
327. return ss.str();
328. }
329.  
330. return "";
331. }
332.  
333. // Encrypt a Fernet key with RSA public key
334. string encrypt_fernet_key(const string &fernet_key, RSA *public_key) {
335. size_t encrypted_key_len = RSA_size(public_key);
336. unsigned char *encrypted_key = (unsigned char *)malloc(encrypted_key_len);
337.  
338. int result = RSA_public_encrypt(fernet_key.size(), reinterpret_cast<const unsigned char *>(fernet_key.c_str()), encrypted_key, public_key, RSA_PKCS1_OAEP_PADDING);
339.  
340. string result_str = "";
341. if (result > 0) {
342. result_str = string(reinterpret_cast<const char *>(encrypted_key), result);
343. }
344.  
345. free(encrypted_key);
346. return result_str;
347. }
348.  
349. // Decrypt a Fernet key with RSA private key
350. string decrypt_fernet_key(const string &encrypted_key, RSA *private_key) {
351. size_t decrypted_key_len = RSA_size(private_key);
352. unsigned char *decrypted_key = (unsigned char *)malloc(decrypted_key_len);
353.  
354. int result = RSA_private_decrypt(encrypted_key.size(), reinterpret_cast<const unsigned char *>(encrypted_key.c_str()), decrypted_key, private_key, RSA_PKCS1_OAEP_PADDING);
355.  
356. string result_str = "";
357. if (result > 0) {
358. result_str = string(reinterpret_cast<const char *>(decrypted_key), result);
359. }
360.  
361. free(decrypted_key);
362. return result_str;
363. }
364.  
365. // Encrypt multiple files into a single archive
366. void encrypt_multiple_files(const vector<string> &file_paths, const char *output_archive, const string &fernet_key, const char *payload = nullptr) {
367. zip_t *archive = zip_open(output_archive, ZIP_CREATE | ZIP_TRUNCATE, nullptr);
368. if (archive) {
369. for (const auto &file_path : file_paths) {
370. zip_source_t *source = zip_source_file(archive, file_path.c_str(), 0, 0);
371. if (source) {
372. zip_file_add(archive, file_path.c_str(), source, ZIP_FL_OVERWRITE);
373. }
374. }
375.  
376. if (payload) {
377. zip_source_t *payload_source = zip_source_buffer(archive, payload, strlen(payload), 0);
378. if (payload_source) {
379. zip_file_add(archive, "payload.txt", payload_source, ZIP_FL_OVERWRITE);
380. }
381. }
382.  
383. zip_close(archive);
384. encrypt_file(output_archive, (string(output_archive) + ".enc").c_str(), fernet_key.c_str());
385. remove(output_archive);
386. }
387. }
388.  
389. // Decrypt a single archive containing multiple files
390. void decrypt_multiple_files(const char *archive_path, const char *output_dir, const string &fernet_key) {
391. decrypt_file(archive_path, (string(archive_path) + ".dec").c_str(), fernet_key.c_str());
392.  
393. zip_t *archive = zip_open((string(archive_path) + ".dec").c_str(), 0, nullptr);
394. if (archive) {
395. for (zip_int64_t i = 0; i < zip_get_num_entries(archive, 0); ++i) {
396. zip_stat_t stat;
397. zip_stat_index(archive, i, 0, &stat);
398.  
399. zip_file_t *file = zip_fopen_index(archive, i, 0);
400. if (file) {
401. string output_path = string(output_dir) + "/" + stat.name;
402. FILE *output_file = fopen(output_path.c_str(), "wb");
403.  
404. if (output_file) {
405. char buffer[65536];
406. zip_fread(file, buffer, sizeof(buffer));
407. fwrite(buffer, 1, zip_fread(file, buffer, sizeof(buffer)), output_file);
408. fclose(output_file);
409. }
410.  
411. zip_fclose(file);
412. }
413. }
414.  
415. zip_close(archive);
416. remove((string(archive_path) + ".dec").c_str());
417. }
418. }
419.  
420. // Function to bind an EXE to media
421. void bind_exe_to_media(const char *media_file, const char *exe_file, const char *output_media_file) {
422. FILE *media = fopen(media_file, "rb");
423. FILE *exe = fopen(exe_file, "rb");
424. FILE *output_media = fopen(output_media_file, "wb");
425.  
426. if (media && exe && output_media) {
427. fseek(media, 0, SEEK_END);
428. long media_size = ftell(media);
429. fseek(media, 0, SEEK_SET);
430.  
431. fseek(exe, 0, SEEK_END);
432. long exe_size = ftell(exe);
433. fseek(exe, 0, SEEK_SET);
434.  
435. unsigned char *media_data = (unsigned char *)malloc(media_size);
436. fread(media_data, 1, media_size, media);
437.  
438. unsigned char *exe_data = (unsigned char *)malloc(exe_size);
439. fread(exe_data, 1, exe_size, exe);
440.  
441. fwrite(media_data, 1, media_size, output_media);
442. fwrite(exe_data, 1, exe_size, output_media);
443.  
444. free(media_data);
445. free(exe_data);
446.  
447. fclose(media);
448. fclose(exe);
449. fclose(output_media);
450. }
451. }
452.  
453. // Function to extract the EXE from bound media
454. void extract_exe_from_media(const char *bound_media_file, const char *output_exe_file) {
455. FILE *media = fopen(bound_media_file, "rb");
456. FILE *output_exe = fopen(output_exe_file, "wb");
457.  
458. if (media && output_exe) {
459. fseek(media, 0, SEEK_END);
460. long media_size = ftell(media);
461. fseek(media, 0, SEEK_SET);
462.  
463. unsigned char *media_data = (unsigned char *)malloc(media_size);
464. fread(media_data, 1, media_size, media);
465.  
466. const char *exe_magic_header = "MZ";
467. const char *exe_start = strstr(reinterpret_cast<const char *>(media_data), exe_magic_header);
468.  
469. if (exe_start) {
470. fwrite(exe_start, 1, media_size - (exe_start - reinterpret_cast<const char *>(media_data)), output_exe);
471. } else {
472. cout << "No EXE data found in the bound media." << endl;
473. }
474.  
475. free(media_data);
476. fclose(media);
477. fclose(output_exe);
478. }
479. }
480.  
481. // Main function
482. int main() {
483. try {
484. // Step 1: Generate or load RSA keys
485. auto[key_private, key_public] = generate_rsa_keypair();
486. save_rsa_key(key_private, "private_key.pem", "Passphrase123"); // Replace passphrase
487. save_rsa_key(key_public, "public_key.pem");
488.  
489. // Step 2: Encrypt a file with Fernet
490. string fernet_key = FERNET_generate_key();
491. encrypt_file("input.txt", "encrypted.fernet", fernet_key);
492.  
493. // Step 3: Encrypt the Fernet key with the RSA public key
494. key_public = load_rsa_key("public_key.pem");
495. string encrypted_fernet_key = encrypt_fernet_key(fernet_key, key_public);
496.  
497. ofstream fernet_key_file("encrypted_fernet_key", ios::binary);
498. fernet_key_file.write(encrypted_fernet_key.c_str(), encrypted_fernet_key.size());
499. fernet_key_file.close();
500.  
501. // Step 4: Sign the file with the RSA private key
502. sign_file("input.txt", key_private);
503.  
504. // Step 5: Verify the digital signature of the file
505. bool verified = verify_signature("input.txt", key_public);
506. if (verified) {
507. cout << "Digital signature is valid." << endl;
508. } else {
509. cout << "Digital signature is invalid or missing." << endl;
510. }
511.  
512. // Step 6: Calculate the hash of the encrypted Fernet key
513. string encrypted_fernet_key_hash = calculate_hash("encrypted_fernet_key");
514. cout << "Hash of the encrypted Fernet key: " << encrypted_fernet_key_hash << endl;
515.  
516. // Step 7: Decrypt the Fernet key with the RSA private key
517. ifstream encrypted_fernet_key_file("encrypted_fernet_key", ios::binary);
518. stringstream encrypted_fernet_key_stream;
519. encrypted_fernet_key_stream << encrypted_fernet_key_file.rdbuf();
520. encrypted_fernet_key_file.close();
521.  
522. key_private = load_rsa_key("private_key.pem", "Passphrase123"); // Replace passphrase
523. string```cpp
524. encrypted_fernet_key = decrypt_fernet_key(encrypted_fernet_key_stream.str(), key_private);
525.  
526. // Step 8: Decrypt the file with the decrypted Fernet key
527. decrypt_file("encrypted.fernet", "decrypted.txt", encrypted_fernet_key);
528. cout << "File encrypted and decrypted successfully." << endl;
529.  
530. // Step 9: Encrypt multiple files into a single archive
531. vector<string> file_paths_to_encrypt = {"file1.txt", "file2.txt"};
532. const char *output_archive = "multiple_files_archive.zip";
533. const char *payload = "This is a payload text that will be injected into the archive."; // Replace with your payload
534. encrypt_multiple_files(file_paths_to_encrypt, output_archive, encrypted_fernet_key, payload);
535.  
536. // Step 10: Decrypt a single archive containing multiple files
537. const char *output_dir = "decrypted_files";
538. decrypt_multiple_files(output_archive, output_dir, encrypted_fernet_key);
539. cout << "Multiple files encrypted and decrypted successfully." << endl;
540.  
541. // Step 11: Bind an EXE to a media file
542. bind_exe_to_media("media.mp4", "your_program.exe", "media_with_exe.mp4");
543.  
544. // Step 12: Extract the EXE from the bound media
545. extract_exe_from_media("media_with_exe.mp4", "extracted_program.exe");
546.  
547. cout << "EXE bound to media and extracted successfully." << endl;
548. } catch (const exception &e) {
549. cerr << "An error occurred: " << e.what() << endl;
550. }
551.  
552. return 0;
553. }
554.