Bugtraq mailing list archives
Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
From: Alejandro Barrera <abarrera () iron-gate net>
Date: Fri, 9 Sep 2005 22:41:51 +0200
Re,
... If you want some indepth on polymorphis I recomend you the 29a papers: http://vx.netlux.org/29a/
I'm not a master in this branch however let me citate one of the aritcles found on the server you sent me (i also recomend you to read it):
I read it long ago thxs.
Level 4: decryptor uses interchangeable instructions and changes their order (instructions mixing). Decryption algorithm remains unchanged.
Level 5: all the above mentioned techniques are used, decryption algorithm is changeable, repeated encryption of virus code and even partial encryption of the decryptor code is possible. " ----- CUT --------------------------------------------------------------
So appending to this source i got a level 3 or level 4, unless you fully understand the source. I'm not saying it is perfect, is was written in 5 days.
Well, at least what I've seen is a level 3 polymorphism, due to the fact that you don't perform instrucction mixing, but block mixing which is quite different. Don't get me wrong, I love to see this kind of source and I'm a great fan of polymorphic engines :) Just making a note that your approach needs a little bit more of tweaking :)
Hope this helps you.
best regards, Piotr Bania
Greets. -- Alejandro Barrera GarcĂa-Orea R&D Engineer c/ Alcala 268 28027 Madrid Office: +34 91 326 66 11 Fax: +34 91 326 66 11 e-mail: abarrera () iron-gate net
Current thread:
- Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Piotr Bania (Sep 12)
- Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Alejandro Barrera (Sep 12)