lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <442770225.20050909224151@iron-gate.net>
Date: Fri, 9 Sep 2005 22:41:51 +0200
From: Alejandro Barrera <abarrera@...n-gate.net>
To: Piotr Bania <bania.piotr@...il.com>
Cc: FULLDISC <full-disclosure@...ts.grok.org.uk>,
	SBUGTRAQ <bugtraq@...urityfocus.com>
Subject: Re[2]: (TOOL) TAPiON (Polymorphic Decryptor
	Generator) Engine


> Re,

 >>...
 >>If you want some indepth on polymorphis I recomend you the 29a papers:
 >>http://vx.netlux.org/29a/

> I'm not a master in this branch however let me citate one of the 
> aritcles found on the server you sent me (i also recomend you to read it):

I read it long ago thxs.

>      Level 4: decryptor uses interchangeable instructions and changes
> their order (instructions mixing). Decryption algorithm remains unchanged.

>      Level 5: all the above mentioned techniques are used, decryption 
> algorithm is changeable, repeated encryption of virus code and even 
> partial encryption of the decryptor code is possible. "
> ----- CUT --------------------------------------------------------------


> So appending to this source i got a level 3 or level 4, unless you fully 
> understand the source. I'm not saying it is perfect, is was written in 5 
> days.

  Well, at least what I've seen is a level 3 polymorphism, due to the fact that
  you don't perform instrucction mixing, but block mixing which is quite
  different.

  Don't get me wrong, I love to see this kind of source and I'm a great fan of
  polymorphic engines :) Just making a note that your approach needs a little
  bit more of tweaking :)

> Hope this helps you.


> best regards,
> Piotr Bania

Greets.



-- 
Alejandro Barrera GarcĂ­a-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrera@...n-gate.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ