Search blog.co.uk

About me

tibbar

tibbar

Calendar

<<  <  July 2008  >  >>
Mo Tu We Th Fr Sa Su
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Last comments

codeCrypter next release plans
by tibbar @ 2006-03-31 - 16:16:51

well, i'm taking a 5 min break from studying to think about my plans for the next release of codeCrypter.

The main weakness of the last release, which allowed a signature to be put on it, was that it used a static stub at entry point and another static stub for the decryption routine.

The second weakness was that the decryption stub was always placed in the same location in the last section of the file.

Finally, it used fixed parameters in the Linear Congential Random Number Generator (LCG) algorithm I used to perform the "encryption".

Now on the other side of things, I have not had any time to get further on my other project CodeMutator, but it had come a fair long way in development, and is capable of mutating stubs...

So the next release of codeCrypter is going to incorporate codeMutator for the purpose of making the stub different every time the packer is used.

The location of the decryption stub will be random in the last section, and random data will be filled in the space made for the stub, rather than leaving zeros (which allows AV to find the stub).

Finally, the user will be able to provide their own parameters for the LCG.

Now...back to revision...

See Ya!

12 comments | Trackback (0) | Permalink | Recommend this post
Tags:

 
Disable ads
 

Trackback address for this post:

authimage

Comments, Trackbacks: Hide subcomments

JimboJones [Visitor]

03/04/06 @ 21:17

cant wait to see more of your fine work
keep it up!

kleoz [Visitor]
http://blah.com
03/04/06 @ 21:35

go on bro . u thrilled ma life with that codecrypter ...

Anonymous [Visitor]

07/04/06 @ 10:06

Congrats for the project. It looks like the end of AV-industry is approaching :)

Anybody knows where I can find codeCrypter? Old version would be just fine.

Thanx.

Cryptic [Visitor]

12/04/06 @ 16:30

It's possible to know where to find source code of code crypter 0.31 or it's close source ?

Thanks for an answer.

Syrus [Visitor]

13/04/06 @ 15:27

Thanks for this CodeCrypter

anon [Visitor]

05/08/06 @ 19:39

Your code mutation engine is so weak dude, its more lame than stuff that was made 6 years ago ;)

tibbar [Visitor]

08/08/06 @ 00:25

wow you really missed the point. codecrypter was released to provide a framework under which anyone can write a crypter. if you don't like the algorithm (which beats all non-sandbox and non IAT sig AV still if you use new stubs), then write your own...

eKKiM [Visitor]

12/11/06 @ 01:43

Anon if you can do better provide a better PUBLIC crypter to then
Respect for tibbar, He's doing so much work for coding a crypter...

slb33 [Visitor]

02/12/06 @ 15:26

Haven't heard anything on this project in a while.
Any chance of an update?

anon [Visitor]
http://zonk
07/12/06 @ 14:01

Hehe still doing that lame stuff?

Do you even know that what you did was done long long ago by virus writers (see some earlier 29A zine issues).

Thalia [Visitor]
http://funel.blogspot.com
28/01/07 @ 17:33

congratulations.....

We are looking forward to new works of yours.

I wish for a better polymorphic engine and a metamorphic engine included..

BTW, what is your opinion on Yoda's Protector, UltraProtect's ACProtect, StrongBit's ExeCryptor, SetiSoft's Private exe Protector?

I think the future lies in VM.

Code Virtualizer from Oreans
and VMProtect

Greg [Visitor]

09/02/07 @ 08:10

I'm just starting to look at crypters and to see how effective AV is in blocking this.. I don't see code-crypter available on governmentsecurity site, or here> Is the latest version still available?

Thank you.

Leave a comment :

Your email address will not be displayed on this site.
Your URL will be displayed.
Allowed XHTML tags: <!, p, ul, ol, li, dl, dt, dd, address, blockquote, ins, del, a, span, bdo, br, em, strong, dfn, code, samp, kdb, var, cite, abbr, acronym, q, sub, sup, tt, i, b, big, small, img>
URLs, email, AIM and ICQs will be converted automatically.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)
All comments on this blog will be moderated by the author.
Validation code:
Please enter the above code here:
For protection from spambots (case-sensitive).

Recent Posts

  1. Reflecting on better times
    by tibbar on 2008-07-21
  2. CodeCrypter 1 Year On
    by tibbar on 2006-12-26
  3. Hooking drivers
    by tibbar on 2006-12-22
  4. linux server framework
    by tibbar on 2006-10-19
  5. ReactOS
    by tibbar on 2006-07-15
  6. update
    by tibbar on 2006-06-18
  7. What comes next?
    by tibbar on 2006-04-11
  8. Kernel Mode Ircbot
    by tibbar on 2006-04-06
  9. jotti scan
    by tibbar on 2006-03-23
  10. codeCrypter
    by tibbar on 2006-03-01