|
Full Disclosure
mailing list archives
Re[2]: (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
From: Alejandro Barrera <abarrera () iron-gate net>
Date: Fri, 9 Sep 2005 22:41:51 +0200
Re,
...
If you want some indepth on polymorphis I recomend you the 29a papers:
http://vx.netlux.org/29a/
I'm not a master in this branch however let me citate one of the
aritcles found on the server you sent me (i also recomend you to read it):
I read it long ago thxs.
Level 4: decryptor uses interchangeable instructions and changes
their order (instructions mixing). Decryption algorithm remains unchanged.
Level 5: all the above mentioned techniques are used, decryption
algorithm is changeable, repeated encryption of virus code and even
partial encryption of the decryptor code is possible. "
----- CUT --------------------------------------------------------------
So appending to this source i got a level 3 or level 4, unless you fully
understand the source. I'm not saying it is perfect, is was written in 5
days.
Well, at least what I've seen is a level 3 polymorphism, due to the fact that
you don't perform instrucction mixing, but block mixing which is quite
different.
Don't get me wrong, I love to see this kind of source and I'm a great fan of
polymorphic engines :) Just making a note that your approach needs a little
bit more of tweaking :)
Hope this helps you.
best regards,
Piotr Bania
Greets.
--
Alejandro Barrera GarcĂa-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrera () iron-gate net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
