📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.





About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New


Customize Theme

Flag: Tornado! Hurricane!

Blogs >> Piotr's Blog

Created: Tuesday, August 16 2005 13:41.54 CDT Modified: Tuesday, August 16 2005 14:09.18 CDT
Printer Friendly ...
Simple RDA (RANDOM DECRYPTION ALGORITHM) example
Author: Piotr # Views: 2254

Hi,

Following code is very simple example for so called RDA (random decryption algorithm). Encoder/decoder use some exclusive or encryption together with transposition (order) encryption (here it is word swaping). Also the xoring
encoding is made backwards, not forwards like in common cases. The code is  encrypted with draw (randomly generated) word value, as the name shows "random decryption algorithm" the decoding method don't know what the original word key was. It simply brute forces (generates keys) and tries
to decode the encoded procedure, if the decoded procedure checksum is the same as original procedure one then the key is correct and the procedure was uncoded properly. I tried to play with SEH frames here, however totaly randomized code (encrypted) and then runned  gives you no sure that stack
space will not be destroyed while doing decoding tests - so i have used crc. Like i said following example is pretty simple, more advanced algorithm can be found in Fighter family viruses (more or less explained in "Fighter talk" by Igor Daniloff on Virus Bulletin, Dec 1997) or in "Random
Decoding Algorithm demo" by darkman presented in 29a zine. Here comes my >low security model<, w00f

File stored here:
http://pb.specialised.info/all/rda.asm

have fun!

best regards,
Piotr Bania




Add New Comment
Comment:









There are 31,328 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Question about memor...
Dec/12


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...
djnemo on:
Nov/17
Kernel debugger vs user mod...
acel on:
Nov/14
Kernel debugger vs user mod...
pedram on:
Dec/21
frida.github.io: scriptable...
capadleman on:
Jun/19
Using NtCreateThreadEx for ...
More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit