Simple RDA (RANDOM DECRYPTION ALGORITHM) example
 Piotr Bania (Piotr) <bania piotr gmailcom> |
Tuesday, August 16 2005 13:41.54 CDT |
Hi,
Following code is very simple example for so called RDA (random decryption algorithm). Encoder/decoder use some exclusive or encryption together with transposition (order) encryption (here it is word swaping). Also the xoring
encoding is made backwards, not forwards like in common cases. The code is encrypted with draw (randomly generated) word value, as the name shows "random decryption algorithm" the decoding method don't know what the original word key was. It simply brute forces (generates keys) and tries
to decode the encoded procedure, if the decoded procedure checksum is the same as original procedure one then the key is correct and the procedure was uncoded properly. I tried to play with SEH frames here, however totaly randomized code (encrypted) and then runned gives you no sure that stack
space will not be destroyed while doing decoding tests - so i have used crc. Like i said following example is pretty simple, more advanced algorithm can be found in Fighter family viruses (more or less explained in "Fighter talk" by Igor Daniloff on Virus Bulletin, Dec 1997) or in "Random
Decoding Algorithm demo" by darkman presented in 29a zine. Here comes my >low security model<, w00f
File stored here:
http://pb.specialised.info/all/rda.asm
have fun!
best regards,
Piotr Bania
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |