[Aanya]

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections. Each section is encrypted individually using its own 16-byte key with the RC4 encryption algorithm.

https://github.com/Maldev-Academy/EmbedPayloadInPng

With @Aanya 

[seraph8]

Good post Aanussy :3 I usually see IDAT sections as 6 bit so why the 16 byte? I am not a professional of the subject just wondering hehe OwO like wouldnt it be better for runtime to use same format if ((their)) av seems it as sussy baka? :o but very well written kawaii on the github page hehe

[Aanya]

IDAT sections can have larger amount of data , like upto 2MB i guess , but the 16 byte here is the size of the encryption key used to encrypt each IDAT section not the size of IDAT sections .So what we are doing here is splitting the payload and adding them as multiple IDAT chunks , and we encrypt each of these IDAT chunks with 16 byte (128 bit ) key , so even if one key gets compromised other keys wont be decrypted ,This is for evasion . But doing this also has drawbacks like if the antivirus detects this method , or finds the unusual pattern it gets flagged .

[seraph8]

IDAT sections can have larger amount of data , like upto 2MB i guess , but the 16 byte here is the size of the encryption key used to encrypt each IDAT section not the size of IDAT sections  .So what we are doing here is splitting the payload and adding them as multiple IDAT chunks , and we encrypt each of these IDAT chunks with 16 byte (128 bit ) key , so even if one key gets compromised other keys wont be decrypted  ,This is for evasion . But doing this also has drawbacks  like if the antivirus detects this method , or finds the unusual pattern it gets flagged .

i see aanussy :3 but you fattening the chunk, and modern av see the data and compares to end product, thats the minus, but if you can do minimal chunks or like every 4th might not detect-


every modern av still retarded and runs as sequence, from first chunk to end analysis, so spreading it might evade most.

[Aanya]

IDAT sections can have larger amount of data , like upto 2MB i guess , but the 16 byte here is the size of the encryption key used to encrypt each IDAT section not the size of IDAT sections  .So what we are doing here is splitting the payload and adding them as multiple IDAT chunks , and we encrypt each of these IDAT chunks with 16 byte (128 bit ) key , so even if one key gets compromised other keys wont be decrypted  ,This is for evasion . But doing this also has drawbacks  like if the antivirus detects this method , or finds the unusual pattern it gets flagged .

i see aanussy :3 but you fattening the chunk, and modern av see the data and compares to end product, thats the minus, but if you can do minimal chunks or like every 4th might not detect-


every modern av still retarded and runs as sequence, from first chunk to end analysis, so spreading it might evade most.

you are right , but if you see the code they have limited each  IDAT section to 8 kb .