lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 09 Sep 2005 22:19:25 +0200 From: Piotr Bania <bania.piotr@...il.com> To: abarrera@...n-gate.ne, FULLDISC <full-disclosure@...ts.grok.org.uk>, SBUGTRAQ <bugtraq@...urityfocus.com> Subject: Re: (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Re, >... >If you want some indepth on polymorphis I recomend you the 29a papers: >http://vx.netlux.org/29a/ I'm not a master in this branch however let me citate one of the aritcles found on the server you sent me (i also recomend you to read it): ----- CUT -------------------------------------------------------------- " There exists a system of division of polymorphic viruses into levels according to complexity of code in decryptors of those viruses. Such a system was introduced by Dr. Alan Solomon and then enhanced by Vesselin Bontchev. Level 1: Viruses having a set of decryptors with constant code, choosing one while infecting. Such viruses are called "semi-polymorphic" or "oligomor phic". Examples: "Cheeba", "Slovakia", "Whale". Level 2: Virus decryptor contains one or several constant instructions, the rest of it is changeable. Level 3: decryptor contains unused functions - "junk" like NOP, CLI, STI,etc Level 4: decryptor uses interchangeable instructions and changes their order (instructions mixing). Decryption algorithm remains unchanged. Level 5: all the above mentioned techniques are used, decryption algorithm is changeable, repeated encryption of virus code and even partial encryption of the decryptor code is possible. " ----- CUT -------------------------------------------------------------- So appending to this source i got a level 3 or level 4, unless you fully understand the source. I'm not saying it is perfect, is was written in 5 days. Hope this helps you. best regards, Piotr Bania -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr@...il.com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://pb.specialised.info - Key ID: 0xBE43AC33 -------------------------------------------------------------------- " Dinanzi a me non fuor cose create se non etterne, e io etterno duro. Lasciate ogne speranza, voi ch'intrate " - Dante, Inferno Canto III _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists