Tuesday, December 27, 2005
STREAM BABY STREAM
The following example shows an idea a friend and me had some time ago, iam 100% sure others had this idea earlier and maybe there's implementations of it available on the net as well, though neither me or ma friend ever came across it, it's sort of a stream encryption... when you look closely at the source you will see what "we" mean... this below is though just an example app which shows what the idea was.... (not a final implementation)
.386P
Locals
jumps
.Model Flat ,StdCall
extrn LoadLibraryA :PROC
extrn GetProcAddress :PROC
extrn MessageBoxA :PROC
extrn ExitProcess :PROC
;-----------------------------------------------------------------------------
.Data
caption db "test application",0
text2 db "test 2",0
msgbox dd ?
.Code
code_block_1_start equ $
mov eax,offset MessageBoxA
mov eax,[eax+2]
mov eax,[eax]
mov dword ptr [msgbox],eax
ret
code_block_1_ends equ $
fill_space_1 db 1000h - (code_block_1_ends-code_block_1_start) dup (00h)
code_block_2_start equ $
push 0
lea eax,dword ptr [ebp+caption]
push eax
lea eax,dword ptr [ebp+caption]
push eax
push 0
call dword ptr [ebp+msgbox]
ret
code_block_2_ends equ $
fill_space_2 db 1000h - (code_block_2_ends-code_block_2_start) dup (00h)
code_block_3_start equ $
xor eax,dword ptr [ebp+msgbox]
mov eax,[eax]
xor ebx,ebx
rol eax,cl
rol eax,cl
xor eax,012345678h
xor dword ptr [ebp+msgbox],ebx
ret
code_block_3_ends equ $
fill_space_3 db 1000h - (code_block_3_ends-code_block_3_start) dup (00h)
block_x dd offset code_block_1_start
block_x_2 dd offset code_block_1_start
block_ctx dd 3
get_shit dd ?
Main:
;// ENCRYPT STREAM BLOCKS
mov esi,offset code_block_2_start
mov edi,offset code_block_3_start
call encrypt_block_x
mov esi,offset code_block_1_start
mov edi,offset code_block_2_start
call encrypt_block_x
;// CALL & DECRYPT STREAMING
call $+5
pop ebp
sub ebp,offset $-1
call_next_block:
call dword ptr [block_x]
mov ecx,0400h
mov esi,offset code_block_1_start
add dword ptr [block_x_2],01000h
mov edi,dword ptr [block_x_2]
decrypt_stream:
lodsd
xor eax,[edi]
mov dword ptr [esi-4],eax
add edi,04h
loop decrypt_stream
dec dword ptr [block_ctx]
jne call_next_block
call ExitProcess
encrypt_block_x:
mov ecx,1000h
sar ecx,02h
encrypt_code_blocks:
lodsd
xor [edi],eax
add edi,04h
loop encrypt_code_blocks
ret
End Main ;end of code, JUMP-spot (main)
.386P
Locals
jumps
.Model Flat ,StdCall
extrn LoadLibraryA :PROC
extrn GetProcAddress :PROC
extrn MessageBoxA :PROC
extrn ExitProcess :PROC
;-----------------------------------------------------------------------------
.Data
caption db "test application",0
text2 db "test 2",0
msgbox dd ?
.Code
code_block_1_start equ $
mov eax,offset MessageBoxA
mov eax,[eax+2]
mov eax,[eax]
mov dword ptr [msgbox],eax
ret
code_block_1_ends equ $
fill_space_1 db 1000h - (code_block_1_ends-code_block_1_start) dup (00h)
code_block_2_start equ $
push 0
lea eax,dword ptr [ebp+caption]
push eax
lea eax,dword ptr [ebp+caption]
push eax
push 0
call dword ptr [ebp+msgbox]
ret
code_block_2_ends equ $
fill_space_2 db 1000h - (code_block_2_ends-code_block_2_start) dup (00h)
code_block_3_start equ $
xor eax,dword ptr [ebp+msgbox]
mov eax,[eax]
xor ebx,ebx
rol eax,cl
rol eax,cl
xor eax,012345678h
xor dword ptr [ebp+msgbox],ebx
ret
code_block_3_ends equ $
fill_space_3 db 1000h - (code_block_3_ends-code_block_3_start) dup (00h)
block_x dd offset code_block_1_start
block_x_2 dd offset code_block_1_start
block_ctx dd 3
get_shit dd ?
Main:
;// ENCRYPT STREAM BLOCKS
mov esi,offset code_block_2_start
mov edi,offset code_block_3_start
call encrypt_block_x
mov esi,offset code_block_1_start
mov edi,offset code_block_2_start
call encrypt_block_x
;// CALL & DECRYPT STREAMING
call $+5
pop ebp
sub ebp,offset $-1
call_next_block:
call dword ptr [block_x]
mov ecx,0400h
mov esi,offset code_block_1_start
add dword ptr [block_x_2],01000h
mov edi,dword ptr [block_x_2]
decrypt_stream:
lodsd
xor eax,[edi]
mov dword ptr [esi-4],eax
add edi,04h
loop decrypt_stream
dec dword ptr [block_ctx]
jne call_next_block
call ExitProcess
encrypt_block_x:
mov ecx,1000h
sar ecx,02h
encrypt_code_blocks:
lodsd
xor [edi],eax
add edi,04h
loop encrypt_code_blocks
ret
End Main ;end of code, JUMP-spot (main)
# posted by ^DAEMON^ : 5:38 AM
