flat assembler
Message board for the users of flat assembler.
Index
> Macroinstructions > XOR Crypting Macro |
Author |
|
pelaillo 25 Aug 2004, 17:30
Very nice macro example !!
|
|||
25 Aug 2004, 17:30 |
|
Nikolay Petrov 26 Oct 2004, 06:40
Tommy,
You open my eyes... thanks it's a really very nice macro example |
|||
26 Oct 2004, 06:40 |
|
Matrix 08 Nov 2004, 21:58
Nice work!
Now you can easily hide your text messages, or your images for example. and harder to decompile too. but in some cases i think its nice to see this in my code: Code: i dk why but it looks great in my code. |
|||
08 Nov 2004, 21:58 |
|
Tommy 09 Nov 2004, 07:25
|
|||
09 Nov 2004, 07:25 |
|
mimas 27 Jun 2005, 09:59
sorry for the revival of this old thread but I've got a question.
A long time ago (I leave assembly for a while), I have converted this idea into a code crypter (a lame layer cryptor). I'm back in busyness now, and I want to make a better version of this erf... preprocessing cryptor. there is the code Code: format PE CONSOLE entry start include '%fasminc%\win32a.inc' macro begincrypt name { name#.begin: } macro endcrypt name, key { name#.end: count = (rva name#.end - rva name#.begin) repeat count - 1 load b byte from name#.begin+%-1 b = (b xor key) store byte b at name#.begin+%-1 end repeat } section '.text' code readable executable writeable start: mov edi, layer.begin mov ecx, layer.end - layer.begin -1 @@: mov al, byte [edi] xor al, 0x11 stosb sub ecx, 1 jne @b begincrypt layer invoke FindWindow, 0, szTitle push eax push edi mov edi, layer2.begin mov ecx, layer2.end - layer2.begin - 1 @@: mov al, byte [edi] xor al, 0x05 stosb sub ecx, 1 jne @b pop edi begincrypt layer2 pop eax invoke SetWindowText, eax, szMessage endcrypt layer2, 0x05 invoke ExitProcess, 0 endcrypt layer, 0x11 nop ; for visual purpose nop section '.data' data readable writeable szMessage db 'Hello world!',0 szTitle db 'flat assembler 1.56',0 section '.idata' import data readable writeable library kernel32,'kernel32.dll',\ user32,'user32.dll' import kernel32,\ ExitProcess,'ExitProcess' import user32,\ FindWindow,'FindWindowA',\ SetWindowText,'SetWindowTextA' So... there is big trouble with the preprocessor and data convertion: it give me a out of range if I want to play a little more with crypted value, adding it a seed or something that may use a word instead of a byte for result. Is there a way to cast a word into a byte (or something else) and vice versa ? [OT]I take a look at the new preprocessor, it's seems so "sexy". Fun to come. |
|||
27 Jun 2005, 09:59 |
|
mimas 02 Jul 2005, 23:19
It was simple. I did miss something last time.
Code: load b byte from %+ name#.begin -1 t = byte (((b xor key) + 220) and 0xFF) store byte t at %+ name#.begin -1 |
|||
02 Jul 2005, 23:19 |
|
OzzY 16 Sep 2005, 00:24
Hi Tommy! I really enjoy you macro. Could you please coment your macro so I can study it, please? I'm trying to learn fasm macro language, is there any tutorial?
Also, I want to crypt my code, and not just data as I would do with: Code: db not ('F' xor 8), not ('A' xor 8), not ('S' xor 8), not ('M' xor 8) so macro is the way to do it! |
|||
16 Sep 2005, 00:24 |
|
Tommy 16 Sep 2005, 08:20
http://decard.net/article.php?body=tajga&chapter=preproc
(maybe I'll comment it later.. gotta go to school now..) |
|||
16 Sep 2005, 08:20 |
|
shism2 25 Nov 2005, 19:48
*FIXED*
|
|||
25 Nov 2005, 19:48 |
|
OzzY 24 Jan 2008, 17:33
I find this macro very usefull. Recently I found it in "Interesting threads".
Here is an example of it's usage: Code: include 'win32ax.inc' ; XOR crypting macro macro crypt start,length,key { local x,y,key_size,key_pos virtual at 0 db key key_size = $ end virtual key_pos = 0 repeat length load x from start+%-1 virtual at 0 db key load y from key_pos end virtual x = x xor y store x at start+%-1 key_pos = key_pos + 1 if key_pos >= key_size key_pos = 0 end if end repeat } main: call decrypt_code call start_code invoke ExitProcess,0 start_code: invoke MessageBox,0,'Hello world!','FASM rulez!',0 ret db 'This data is also crypted! ',0 end_code: decrypt_code: mov edi,start_code mov ecx,end_code-start_code @@: xor byte[edi],8 inc edi dec ecx test ecx,ecx jnz @b ret crypt start_code,end_code-start_code,8 .end main Good for fast code encryption. Add junk code and load APIs with GetProcAddress and you have pretty good PE protection made only with the program's code. Here is a disassembly for viewing the results: Code: ;DisASsembled file, Original file: test.exe TatraDAS disassembler 2.9.8, Ivan Kohut (c) 2007 ; ******************************************** ; Code Section Number: 0 ; ******************************************** BITS 32 ;Program Entry point CALL _0x0040105E CALL _0x00401012 PUSH byte 0x00 ;Imported function 'ExitProcess' from 'KERNEL32.DLL' used CALL dword [0x0040205E] ;Call from 0x00401005 _0x00401012: BOUND ECX,[EAX] LOOPNE _0x0040101A OR byte [EAX],CL OR byte [ESI+0x49],CL POP EBX INC EBP SUB byte [EDX+0x7D],BH INSD JB _0x0040104D OR AL,AH ADD EAX,dword 0x40080808 INSD UNDEFINED OPCODE! db 0x64 db 0x64 db 0x67 db 0x28 db 0x7F db 0x67 db 0x7A db 0x64 db 0x6C db 0x29 db 0x08 db 0x62 db 0x08 db 0xF7 db 0x1D db 0x74 db 0x28 db 0x48 db 0x08 db 0xCB db 0x5C db 0x60 db 0x61 db 0x7B db 0x28 db 0x6C db 0x69 db 0x7C db 0x69 db 0x28 db 0x61 db 0x7B db 0x28 ;Jump from 0x00401022 _0x0040104D: IMUL ESP,[EBX+EDI*2+0x67],dword 0x717A6B28 JS _0x004010D3 INSD INSB SUB dword [EAX],EBP XOR AH,[ECX] db 0x08 ;Call from 0x00401000 _0x0040105E: MOV EDI,dword 0x00401012 MOV ECX,dword 0x0000004C ;Jump from 0x0040106F _0x00401068: XOR byte [EDI],byte 0x08 INC EDI DEC ECX TEST ECX,ECX JNE _0x00401068 RETN |
|||
24 Jan 2008, 17:33 |
|
AlexP 30 Jan 2008, 02:33
Wow... xor crypting is so useless it's only used in viruses to hide from scanners, try something that's easy to implement but is much more secure, like the function
Code: f(x,y,z) = x^y (mod z) Given that this is very simple, and the basis of no doubt the greatest cryptographic revolution since monoalphabetic substitution (The RSA public-key cipher), this is a very simple operation. If you use the proper optimizations (like x^6 is the same as (x^2)*(x^2)*(x^2), you could have two data bytes and one key byte be the basis for this very simple function (or macro, it would be small). I'm working right now on an extremely optimized AES library if anyone's interested in code. Only schedules done so far, working on main crypt now. |
|||
30 Jan 2008, 02:33 |
|
revolution 30 Jan 2008, 07:28
Maybe you missed this discussion.
|
|||
30 Jan 2008, 07:28 |
|
AlexP 30 Jan 2008, 14:11
Yes, I did, but there's your SHA512 code! (thought it was copyrighted, shouldn't u take it off???) Still, your macro's simply do the powmod function, and apparently quite well. Would be a simple crypt by itself, am i right? I mean, as long as they can figure out how to decrypt .
|
|||
30 Jan 2008, 14:11 |
|
revolution 30 Jan 2008, 15:04
AlexP wrote: Yes, I did, but there's your SHA512 code! (thought it was copyrighted, shouldn't u take it off???) AlexP wrote: Still, your macro's simply do the powmod function, and apparently quite well. Would be a simple crypt by itself, am i right? I mean, as long as they can figure out how to decrypt . |
|||
30 Jan 2008, 15:04 |
|
AlexP 30 Jan 2008, 19:36
Okay, here it is from the "working with 64-bit numbers...." thread in windows, when I asked u to post your SHA-512 code so I could see it:
Quote:
And yeah, I'm trying to get a hybrid RSA-AES system going, bought a book on RSA and factoring/prime numbers, tons of the popular algorithms for primality testing, stuff like that so I could learn a lot before I even thought of starting. I know RSA is extremely complex to have a secure system going, and if I ever get AES done I'll spend a few weeks (or months) studying books about RSA and other fun stuff. I was going to do a stand-alone RSA cipher, but of course it would take forever to crypt anything large... I'll have something fun running on my computer someday, and I know I'll look back someday and say "Wow... I never want to see another proof again!!!". Luv the math though, I'm top percent in my high school class for it . PS: Our schools network has SSL 128-bit, a few months with a few hundred thousand computers and we could crack the key, find out whatever 128 cipher they're using, but it could be done, couldn't it?? Lol it says that it's "The highest encryption possible" when you click on it . That's funny... Last edited by AlexP on 30 Jan 2008, 19:51; edited 1 time in total |
|||
30 Jan 2008, 19:36 |
|
revolution 30 Jan 2008, 19:49
Okay, the SHA macros are different from my SHA code. I see what you mean now. The x86 and ARM code I am unable to post In case you didn't see it the SHA macros are here.
|
|||
30 Jan 2008, 19:49 |
|
AlexP 30 Jan 2008, 19:53
at least I can study those and figure out what was wrong when I tried them. Thought I was seein' things for a second there.
|
|||
30 Jan 2008, 19:53 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.