Getting Started
The DragonForce Affiliate Portal generates customized ransomware binaries for Halcyon security demonstrations.
Configuration Fields
Artifact Name
Purpose: The filename for your generated binary.
Rules: Alphanumeric characters, dashes, underscores, and periods only. Maximum 64 bytes.
Example: acme-attack, client_demo_v2
Process Kill List
Purpose: Processes to terminate before encryption (e.g., database services).
Format: Comma or newline separated process names.
Limit: 479 bytes after pipe-delimited conversion.
Example: sql.exe, oracle.exe, excel.exe, outlook.exe
Directory Whitelist
Purpose: Directories to SKIP during encryption.
Format: Comma or newline separated directory names.
Limit: 101 bytes.
Example: tmp, winnt, temp, windows
File Extension Whitelist
Purpose: File types to SKIP during encryption.
Format: Comma or newline separated extensions (with or without leading dot).
Limit: 52 bytes.
Example: .exe, .dll, .sys, .ini
Encrypted File Extension
Purpose: Extension appended to encrypted files.
Limit: 22 bytes.
Default: .dragonforce_encrypted
Example: .locked, .encrypted
Troubleshooting
Error: Field exceeds maximum size
One of your input fields is too large. Check the limits above and reduce the size of your input.
Error: Build output already exists (409 Conflict)
A binary with this name already exists. Either:
- Choose a different artifact name
- Delete the existing build from the Builds page
Error: ChaCha signature not found
The base binary is missing or corrupted. Contact your administrator.
Build Process
- Input fields are validated and normalized
- RSA-4096 keypair is generated
- 870-byte config struct is assembled with your settings
- Config is encrypted with ChaCha8
- Base DragonForce binary is patched with config and RSA key
- Modified binary and private key are saved
Security Notes
- Each build generates a unique RSA keypair
- Binaries are never-seen-before variants (zero-day)
- Private keys enable manual decryption if needed
- Halcyon Agent captures CryptGenRandom for keyless recovery