Noteme is an ELF packer/crypter that aims to create hardened and stealthy troyans. The target can either be a shared object or an executable, but it's required to be x86_64 compatible. The payload can be a shellcode or a statically linked ELF binary.

Bear in mind that Noteme is still at a very early state of development.

If the payload fits inside the PT_NOTE segment, replace the content. On the other hand, if the payload is bigger, append it as a new PT_LOAD segment and reference it from the PT_NOTE's program header entry. In either case, the same redirection technique will be applied: overwrite frame_dummy's references. If required, a stub will be injected (Text segment padding injection) too.

This kind of technique is ideal for long term persistence due to its stealthiness and simplicity.

nasm (Netwide Assembler)
gcc & make

Right now, C and Go payloads have been successfully tested, with the only requirement being that the binary's base virtual address must be set to a high value (to avoid page conflict).

C payloads:

# regular gcc won't work
$ musl-gcc -static -Wl,--section-start=.init=0xA000000 -o mypayload mypayload.c 

Go payloads:

$ go tool compile -o mypayload.a -pack mypayload.go
$ go tool link -o mypayload -T 0xF000000000 mypayload.a 

git clone https://github.com/0xN3utr0n/Noteme.git
cd Noteme
make 

Usage: noteme [-opt] 

Options ('<>' required fields):

     	-p '<filepath>' Payload (Statically linked ELF or Shellcode) binary
     	-t '<filepath>' Target ELF binary
     	-o '<filepath>' Output filename
     	-T Run the payload in a independent thread
     	-h This help

Important: The thread option is only recommended for ELF payloads.

• ARM support
• ELF payload support
• Binary compression support
• Binary encryption support
• Anti-reverse engineering support