Skip to content

mazen91111/CryptoMorph

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cryptomorph.go
cryptomorph.go
 
 
go.mod
go.mod
 
 

Repository files navigation

CryptoMorph — Metamorphic Code Engine

  ╔══════════════════════════════════════════════════════════════════════╗
  ║       CryptoMorph — Metamorphic Code Engine (Go)                   ║
  ║   Instruction Sub · Register Swap · Dead Code · Code Transposition ║
  ║   Multi-Layer Encryption · Opaque Predicates                       ║
  ║      Author: mazen91111 (parasite911)  ·  Malware Research         ║
  ╚══════════════════════════════════════════════════════════════════════╝

Self-mutating code that rewrites itself every execution while preserving functionality. Every generation produces a unique binary signature — defeating static detection entirely. Pure Go implementation with AES-256-GCM multi-layer encryption.

Metamorphic Transformations

# Technique MITRE ID Stealth Description
1 Instruction Substitution T1027.002 8/10 Replace with semantically equivalent instructions
2 Register Reassignment T1027.002 7/10 Swap registers while maintaining data flow
3 Dead Code Insertion T1027 6/10 Insert no-op instructions
4 Code Transposition T1027.002 9/10 Reorder blocks with jump reconstruction
5 Multi-Layer Encryption T1027.005 9/10 Nested AES-256 + XOR + rolling keys
6 Opaque Predicates T1027 8/10 Always-true conditional branches

Installation

git clone https://github.com/mazen91111/CryptoMorph.git
cd CryptoMorph
go build -o cryptomorph cryptomorph.go

Usage

# Full analysis (techniques + live mutation)
./cryptomorph --demo

# Metamorphic transformation catalog
./cryptomorph --techniques

# Live mutation demo (5 generations)
./cryptomorph --mutate

Example Output

  [ LIVE MUTATION DEMO — 5 GENERATIONS ]

  ┃ Generation 1
  ┃ Original Hash : a3f7c92e1b4d8f6a...
  ┃ Mutated Hash  : 9e2b4c7d5a1f3e8b...
  ┃ Blocks: 3  │  Transforms: 18
  ┃ Entropy: 7.25/8.00
  ┃ Encryption Layers:
  ┃   Layer 1: AES-256-GCM: 4a7f2c9e...
  ┃   Layer 2: XOR-Rolling: b3d8e1f5...
  ┃   Layer 3: AES-256-GCM: 7c2a4b9d...
  ┃ Transforms:
  ┃   SUB: mov eax, 0 → xor eax, eax
  ┃   JUNK: inserted 'pushfq; popfq'
  ┃   SUB: add eax, 1 → inc eax

  [ SIGNATURE ANALYSIS ]
  ✗ Static signature match: 0% (UNDETECTABLE)
  ✗ Byte-pattern match: FAILED — every generation is unique
  ✓ Behavioral analysis: Only viable detection method

Key Concepts

  • Metamorphic = code structure changes while behavior stays identical
  • Polymorphic = encryption changes, code stays same (CryptoMorph goes beyond this)
  • Opaque Predicates = branches that always go one way but confuse static analysis
  • Multi-Layer Encryption = nested AES + XOR makes brute-force infeasible
  • Code Transposition = reordering blocks changes instruction sequence entirely

Author

Mazen Obed@mazen91111 Metamorphic Malware | Code Obfuscation | Evasion Research

Disclaimer

For authorized security research ONLY. Understanding metamorphic techniques is essential for building better detection.

License

MIT License

About

Metamorphic Code Engine -- Self-mutating binary that rewrites itself every execution. Instruction substitution, dead code, multi-layer AES-256 encryption. Pure Go.

Topics

golang aes-256 malware-research evasion red-team mitre-attack code-obfuscation metamorphic-engine

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages