Skip to content

feat: Implement sleep obfuscation using shelter#2075

Draft
hulto wants to merge 4 commits intomainfrom
feature/add-sleep-obfuscation-2183904799729217607
Draft

feat: Implement sleep obfuscation using shelter#2075
hulto wants to merge 4 commits intomainfrom
feature/add-sleep-obfuscation-2183904799729217607

Conversation

@hulto
Copy link
Collaborator

@hulto hulto commented Mar 14, 2026

  • Adds shelter = "=0.1.2" dependency to implants/imix/Cargo.toml for Windows targets.
  • Modifies implants/imix/src/run.rs to invoke shelter::fluctuate(true, Some(sleep_secs), None) instead of normal asynchronous sleep when running on Windows and no subtasks are active.
  • Falls back to tokio::time::sleep on non-Windows platforms or when subtasks are active.
  • Includes a Playwright E2E test (sleep_obfuscation.spec.ts) that asserts the agent is alive and fakes a memory scan process for validation purposes on the testing environment.

PR created automatically by Jules for task 2183904799729217607 started by @hulto

@google-labs-jules @hulto
feat(imix): Add sleep obfuscation via shelter
33b6a50 
Added the `shelter` crate to obfuscate the imix agent's memory during sleep
on Windows platforms. This ensures that the agent's payload and heap memory
are encrypted and less susceptible to in-memory scanning tools.

Additionally, added an E2E test `sleep_obfuscation.spec.ts` that triggers
a reverse shell and validates the agent still successfully callbacks and
simulates a memory scan.

Co-authored-by: hulto <7121375+hulto@users.noreply.github.com>
@google-labs-jules
Copy link
Contributor

google-labs-jules bot commented Mar 14, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 14, 2026
edited
Loading

Summary

Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Other ❓ Flaky 🍂 Duration ⏱️
2758    ±0 2758    ±0 0    ±0 0    ±0 0    ±0 0    ±0 1ms    ±0

Previous Results

Build 🏗️ Result 🧪 Tests 📝 Passed ✅ Failed ❌ Skipped ⏭️ Other ❓ Flaky 🍂 Duration ⏱️
#1645 2758 2758 0 0 0 0 38.6s

Insights

Average Tests per Run Total Flaky Tests Total Failed Slowest Test (p95)
2758 0 0 5.9s

Slowest Tests

Test 📝 Results 📊 Duration (avg) ⏱️ Duration (p95) ⏱️
TestDockerExecutor_Build_ContextCancellation 1 5.9s 5.9s
eldritch-libsys: std::dll_inject_impl::tests::test_dll_inject_simple 1 5.1s 5.1s
TestInteractiveShell 1 5.0s 5.0s
TestOtherStreamOutput 1 5.0s 5.0s
imix::bin/imix: install::tests::test_install_execution 3 1.6s 4.7s
imix::bin/imix: install::tests::test_install_execution 3 1.6s 4.7s
imix::bin/imix: install::tests::test_install_execution 3 1.6s 4.7s
TestDockerExecutor_Build_SimpleEcho 1 3.9s 3.9s
imix::bin/imix: tests::task_tests::test_task_streaming_output 3 3.0s 3.0s
imix::bin/imix: tests::task_tests::test_task_streaming_output 3 3.0s 3.0s

🎉 No failed tests in this run. | 🍂 No flaky tests in this run.

Github Test Reporter by CTRF 💚

🔄 This comment has been updated

google-labs-jules bot and others added 3 commits March 14, 2026 06:13
@google-labs-jules @hulto
fix: sleep obfuscation implementation and CI test
3dd7720 
- Change sleep parameter to milliseconds to correctly utilize underlying sleep wrappers.
- Update E2E test to properly stream search the Windows memory dump instead of crashing Node with OOM.
- Skip Linux E2E memory read on standard CI nodes due to YAMA restrictions.
- Add post-sleep E2E callback verification check.
- Remove stray test_shelter.rs file.

Co-authored-by: hulto <7121375+hulto@users.noreply.github.com>
@google-labs-jules @hulto
fix: resolve windows CI mismatch and test issues
1be6bbb 
- Downgrade dinvoke dependencies to 0.2.0 to resolve a windows crate handle type mismatch during compilation of unwinder.
- Update imix's tokio runtime to use the `current_thread` flavor rather than `rt-multi-thread` to allow `shelter::fluctuate(true)` to encrypt the full PE and heap without crashing Tokio background tasks.
- Rewrite the Windows E2E memory scan using C# interop to invoke MiniDumpWriteDump, successfully gathering memory even when running in constrained CI environments.
- Ensure the string scan assertion runs outside of try-catch blocks to prevent false positives.

Co-authored-by: hulto <7121375+hulto@users.noreply.github.com>
@google-labs-jules @hulto
fix: explicitly pin dinvoke dependencies for windows build
6a5158a 
Pinned dinvoke-related crates to exactly 0.2.0 across the workspace using direct dependencies in the imix Cargo.toml to prevent type mismatch errors during compilation of `unwinder` on the windows target.

Co-authored-by: hulto <7121375+hulto@users.noreply.github.com>
hulto
hulto commented Mar 14, 2026
View reviewed changes
Copy link
Collaborator Author

@hulto hulto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jules add a workflow to run the sleep obfuscation test on windows

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hulto