Block Api ROR13 IV randomization

[dledda-r7]

This PR updates the usage of Rex::Text.block_api_hash to take in account IV randomization.

The way it works is simple, the BlockApi and BlockApi_x64 will generate, per-run, a random IV (32 bit value) and will patch on-the-fly the asm_block_api output and will pass the iv to the Rex::Text.block_api_hash to have the updated hash

There also some other fix here and there and slight edge-cases covered, like handling how the migration stub generation works and also the exitfunk handling using a helper

[dledda-r7]

I will put it in draft for now, there is more stuff to do on this

[dledda-r7]

i'm unsure in what is the problem with CI, updating the cache size i am getting this that looks wrong:

[*] Single Updated: windows/x64/pingback_reverse_tcp CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/singles/windows/x64/pingback_reverse_tcp.rb from 425 to :dynamic...
[*] Stager Updated: windows/x64/custom/bind_ipv6_tcp_uuid CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/stagers/windows/x64/bind_ipv6_tcp_uuid.rb from 526 to :dynamic...
[*] Stager Updated: windows/x64/custom/bind_tcp_uuid CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/stagers/windows/x64/bind_tcp_uuid.rb from 524 to :dynamic...
[*] Stager Updated: windows/x64/custom/reverse_http CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/stagers/windows/x64/reverse_http.rb from 607 to :dynamic...
[*] Stager Updated: windows/x64/custom/reverse_https CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/stagers/windows/x64/reverse_https.rb from 638 to :dynamic...
[*] Stager Updated: windows/x64/custom/reverse_tcp_uuid CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/stagers/windows/x64/reverse_tcp_uuid.rb from 491 to :dynamic...
[*] Stager Updated: windows/x64/custom/reverse_winhttp CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/stagers/windows/x64/reverse_winhttp.rb from 751 to :dynamic...
[*] Stager Updated: windows/x64/custom/reverse_winhttps CacheSize on disk at /home/kali/Documents/github/metasploit-framework/modules/payloads/stagers/windows/x64/reverse_winhttps.rb from 787 to :dynamic...

[smcintyre-r7]

We should be able to remove all the instances where you initialize the value by calling #block_api_iv.

[dledda-r7]

With Rex::Text.block_api_hash being pretty well consolidated in framework now, we could update the return type to natively be an integer. It never really made sense to have it return the hexadecimal string.

The only missing is this one, will do asap

[smcintyre-r7]

Tested 32-bit and 64-bit stagers both with and without PrependMigrate. Code all looks good, and the API with how opts is handled is optimized for the most common use case where the IV is entirely handled by the library, but allows the caller to control it if necessary.

I think we're ready to land this now.

[smcintyre-r7]

Release Notes

This updates the Block API shellcode to use a random IV when calculating the ROR13 hash of methods which it calls. The result is the removal of a static piece of data that could have been previously signatured.