lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 09 Sep 2005 22:19:25 +0200
From: Piotr Bania <bania.piotr@...il.com>
To: abarrera@...n-gate.ne, FULLDISC <full-disclosure@...ts.grok.org.uk>, 
	SBUGTRAQ <bugtraq@...urityfocus.com>
Subject: Re: (TOOL) TAPiON (Polymorphic Decryptor Generator)
	Engine


Re,

 >...
 >If you want some indepth on polymorphis I recomend you the 29a papers:
 >http://vx.netlux.org/29a/

I'm not a master in this branch however let me citate one of the 
aritcles found on the server you sent me (i also recomend you to read it):

----- CUT --------------------------------------------------------------
" There exists a system of division of polymorphic viruses into levels 
according to complexity of code in decryptors of those viruses. Such a 
system was introduced by Dr. Alan Solomon and then enhanced by Vesselin 
Bontchev.

     Level 1: Viruses having a set of decryptors with constant code, 
choosing one while infecting. Such viruses are called "semi-polymorphic" 
or "oligomor phic".

Examples: "Cheeba", "Slovakia", "Whale".

     Level 2: Virus decryptor contains one or several constant 
instructions, the rest of it is changeable.

     Level 3: decryptor contains unused functions - "junk" like NOP, 
CLI, STI,etc

     Level 4: decryptor uses interchangeable instructions and changes 
their order (instructions mixing). Decryption algorithm remains unchanged.

     Level 5: all the above mentioned techniques are used, decryption 
algorithm is changeable, repeated encryption of virus code and even 
partial encryption of the decryptor code is possible. "
----- CUT --------------------------------------------------------------


So appending to this source i got a level 3 or level 4, unless you fully 
understand the source. I'm not saying it is perfect, is was written in 5 
days.

Hope this helps you.


best regards,
Piotr Bania


-- 
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@...il.com> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://pb.specialised.info  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

                           " Dinanzi a me non fuor cose create
                             se non etterne, e io etterno duro.
                             Lasciate ogne speranza, voi ch'intrate "
                                           - Dante, Inferno Canto III
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists