Welcome to the Encryption Methods directory of Rust-for-Malware-Development.
This folder collects ways to scramble shellcode and payloads so they do not show up as plain bytes on disk or in memory. Pick the cipher that fits your size, speed, and stealth budget.
Aes_Encryption: Stand-alone AES tool that encrypts arbitrary buffers (including shellcode) with a user-supplied key and IV.
Khufu_encryption: Implements the Khufu block cipher and uses it to encrypt or decrypt shellcode.
Madryga_encryption: Simplified Madryga algorithm that walks a directory and recursively encrypts files in place. Handy for ransomware-style PoCs.
SystemFunction032_033:
Uses the undocumented SystemFunction032/033 (RC4 under the hood) shipped inside advapi32.dll to encrypt and decrypt buffers without bringing in a crypto crate.
camellia_cipher: Camellia block cipher with a custom seeded S-box generator. Comparable in strength to AES but far less common, so static signatures rarely catch it.
ecc_shellcode_exec: Elliptic-curve-cryptography (ECC) wrapper around a shellcode buffer plus an in-memory loader that decrypts and runs it.
nullxfigure: Sprinkles null bytes throughout the shellcode using a hashmap, then strips them again at runtime. Breaks naive byte-pattern detection.
payload_shuffling: Shuffles payload bytes at compile time and reassembles them at runtime β the on-disk shape never matches the executing shape.
These are single-file .rs examples. Copy them straight into your own Cargo project.
git clone https://github.com/Whitecat18/Rust-for-Malware-Development.git
cd Rust-for-Malware-Development/Encryption\ Methods
For the Cargo projects, cd into the sub-folder and run cargo build --release. For the loose .rs snippets, drop the file into your own projectβs src/ and call it from main.