flat assembler
Message board for the users of flat assembler.

Index > Macroinstructions > XOR Crypting Macro

Author
Thread Post new topic Reply to topic
Tommy



Joined: 17 Jun 2003
Posts: 489
Location: Norway
Tommy 25 Aug 2004, 16:54
Here is a XOR crypting macro.. Just played around with fasm's macro features... Smile
Code:
; XOR crypting macro
macro crypt start,length,key {
  local x,y,key_size,key_pos
  virtual at 0
    db key
    key_size = $
  end virtual
  key_pos = 0
  repeat length
    load x from start+%-1
    virtual at 0
      db key
      load y from key_pos
    end virtual
    x = x xor y
    store x at start+%-1
    key_pos = key_pos + 1
    if key_pos >= key_size
      key_pos = 0
    end if
  end repeat
}

; data goes here... (tip: use file directive)
db 'Hello world!',13,10,'How are you?'
; encrypt
crypt 0,$,'testkey'
; decrypt
;crypt 0,$,'testkey'    
Post 25 Aug 2004, 16:54
View user's profile Send private message Visit poster's website Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo 25 Aug 2004, 17:30
Very nice macro example !!
Post 25 Aug 2004, 17:30
View user's profile Send private message Yahoo Messenger Reply with quote
Nikolay Petrov



Joined: 22 Apr 2004
Posts: 101
Location: Bulgaria
Nikolay Petrov 26 Oct 2004, 06:40
Tommy,
You open my eyes... Idea Surprised Shocked Smile
thanks
it's a really very nice macro example
Post 26 Oct 2004, 06:40
View user's profile Send private message Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1166
Location: Overflow
Matrix 08 Nov 2004, 21:58
Nice work!
Now you can easily hide your text messages, or your images for example.
and harder to decompile too.

but in some cases i think its nice to see this in my code:
Code:
    

i dk why but it looks great in my code. Smile
Post 08 Nov 2004, 21:58
View user's profile Send private message Visit poster's website Reply with quote
Tommy



Joined: 17 Jun 2003
Posts: 489
Location: Norway
Tommy 09 Nov 2004, 07:25
Very Happy
Post 09 Nov 2004, 07:25
View user's profile Send private message Visit poster's website Reply with quote
mimas



Joined: 21 Jul 2003
Posts: 10
mimas 27 Jun 2005, 09:59
sorry for the revival of this old thread but I've got a question.

A long time ago (I leave assembly for a while), I have converted this idea into a code crypter (a lame layer cryptor). I'm back in busyness now, and I want to make a better version of this erf... preprocessing cryptor.

there is the code
Code:
format PE CONSOLE
entry start

include '%fasminc%\win32a.inc'

macro begincrypt name
{
  name#.begin:
}

macro endcrypt name, key
{
   name#.end: 
   count = (rva name#.end - rva name#.begin)  
   repeat count - 1    
     load b byte from name#.begin+%-1  
     b = (b xor key) 
     store byte b at name#.begin+%-1
   end repeat
}

section '.text' code readable executable writeable
start:
   mov edi, layer.begin
   mov ecx, layer.end - layer.begin -1
 @@:
    mov al, byte [edi]
    xor al, 0x11
    stosb
    sub ecx, 1
    jne @b

   begincrypt layer
    invoke FindWindow, 0, szTitle
    push eax
    push edi
    mov edi, layer2.begin
    mov ecx, layer2.end - layer2.begin - 1
   @@:
      mov al, byte [edi]
      xor al, 0x05
      stosb
      sub ecx, 1
      jne @b
    pop edi

    begincrypt layer2
      pop eax
      invoke SetWindowText, eax, szMessage
    endcrypt layer2, 0x05 
    invoke ExitProcess, 0
   endcrypt layer, 0x11

   nop ; for visual purpose
   nop

section '.data' data readable writeable
  szMessage db 'Hello world!',0
  szTitle db 'flat assembler 1.56',0

section '.idata' import data readable writeable
  library kernel32,'kernel32.dll',\
          user32,'user32.dll'
  import kernel32,\
         ExitProcess,'ExitProcess'
  import user32,\
         FindWindow,'FindWindowA',\
         SetWindowText,'SetWindowTextA'
    
Watch fasm version. Smile

So... there is big trouble with the preprocessor and data convertion: it give me a out of range if I want to play a little more with crypted value, adding it a seed or something that may use a word instead of a byte for result. Is there a way to cast a word into a byte (or something else) and vice versa ?

[OT]I take a look at the new preprocessor, it's seems so "sexy". Fun to come. Smile
Post 27 Jun 2005, 09:59
View user's profile Send private message Reply with quote
mimas



Joined: 21 Jul 2003
Posts: 10
mimas 02 Jul 2005, 23:19
It was simple. I did miss something last time.

Code:
load b byte from %+ name#.begin -1
t = byte (((b xor key) + 220)  and 0xFF)
store byte t at %+ name#.begin -1    
Post 02 Jul 2005, 23:19
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY 16 Sep 2005, 00:24
Hi Tommy! I really enjoy you macro. Could you please coment your macro so I can study it, please? I'm trying to learn fasm macro language, is there any tutorial?
Also, I want to crypt my code, and not just data as I would do with:
Code:
db not ('F' xor 8), not ('A' xor 8), not ('S' xor 8), not ('M' xor 8)
    

so macro is the way to do it! Very Happy
Post 16 Sep 2005, 00:24
View user's profile Send private message Reply with quote
Tommy



Joined: 17 Jun 2003
Posts: 489
Location: Norway
Tommy 16 Sep 2005, 08:20
http://decard.net/article.php?body=tajga&chapter=preproc
(maybe I'll comment it later.. gotta go to school now..)
Post 16 Sep 2005, 08:20
View user's profile Send private message Visit poster's website Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 25 Nov 2005, 19:48
*FIXED*
Post 25 Nov 2005, 19:48
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY 24 Jan 2008, 17:33
I find this macro very usefull. Recently I found it in "Interesting threads".

Here is an example of it's usage:
Code:
include 'win32ax.inc'
; XOR crypting macro
macro crypt start,length,key { 
  local x,y,key_size,key_pos 
  virtual at 0 
    db key 
    key_size = $ 
  end virtual 
  key_pos = 0 
  repeat length 
    load x from start+%-1 
    virtual at 0 
      db key 
      load y from key_pos 
    end virtual 
    x = x xor y 
    store x at start+%-1 
    key_pos = key_pos + 1 
    if key_pos >= key_size 
      key_pos = 0 
    end if 
  end repeat 
}

main:
     call decrypt_code
     call start_code
     invoke ExitProcess,0

start_code:
     invoke MessageBox,0,'Hello world!','FASM rulez!',0
     ret
     db 'This data is also crypted! Smile',0
end_code:

decrypt_code:
     mov edi,start_code
     mov ecx,end_code-start_code
     @@:
     xor byte[edi],8
     inc edi
     dec ecx
     test ecx,ecx
     jnz @b
     ret

crypt start_code,end_code-start_code,8
.end main    


Good for fast code encryption. Add junk code and load APIs with GetProcAddress and you have pretty good PE protection made only with the program's code.


Here is a disassembly for viewing the results:
Code:
;DisASsembled file, Original file: test.exe  TatraDAS disassembler 2.9.8, Ivan Kohut (c) 2007

; ********************************************
; Code Section Number: 0
; ********************************************
BITS 32



;Program Entry point

  CALL _0x0040105E
  CALL _0x00401012
  PUSH byte 0x00

;Imported function 'ExitProcess' from 'KERNEL32.DLL' used
  CALL dword [0x0040205E]
;Call from 0x00401005
_0x00401012:
  BOUND ECX,[EAX]
  LOOPNE _0x0040101A
  OR byte [EAX],CL
  OR byte [ESI+0x49],CL
  POP EBX
  INC EBP
  SUB byte [EDX+0x7D],BH
  INSD 
  JB _0x0040104D
  OR AL,AH
  ADD EAX,dword 0x40080808
  INSD 
   UNDEFINED OPCODE!
  db 0x64
  db 0x64
  db 0x67
  db 0x28
  db 0x7F
  db 0x67
  db 0x7A
  db 0x64
  db 0x6C
  db 0x29
  db 0x08
  db 0x62
  db 0x08
  db 0xF7
  db 0x1D
  db 0x74
  db 0x28
  db 0x48
  db 0x08
  db 0xCB
  db 0x5C
  db 0x60
  db 0x61
  db 0x7B
  db 0x28
  db 0x6C
  db 0x69
  db 0x7C
  db 0x69
  db 0x28
  db 0x61
  db 0x7B
  db 0x28
;Jump from 0x00401022
_0x0040104D:
  IMUL ESP,[EBX+EDI*2+0x67],dword 0x717A6B28
  JS _0x004010D3
  INSD 
  INSB 
  SUB dword [EAX],EBP
  XOR AH,[ECX]
  db 0x08
;Call from 0x00401000
_0x0040105E:
  MOV EDI,dword 0x00401012
  MOV ECX,dword 0x0000004C
;Jump from 0x0040106F
_0x00401068:
  XOR byte [EDI],byte 0x08
  INC EDI
  DEC ECX
  TEST ECX,ECX
  JNE _0x00401068
  RETN    
Post 24 Jan 2008, 17:33
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP 30 Jan 2008, 02:33
Wow... xor crypting is so useless it's only used in viruses to hide from scanners, try something that's easy to implement but is much more secure, like the function
Code:
f(x,y,z) = x^y (mod z)
    

Given that this is very simple, and the basis of no doubt the greatest cryptographic revolution since monoalphabetic substitution (The RSA public-key cipher), this is a very simple operation. If you use the proper optimizations (like x^6 is the same as (x^2)*(x^2)*(x^2), you could have two data bytes and one key byte be the basis for this very simple function (or macro, it would be small). I'm working right now on an extremely optimized AES library if anyone's interested in code. Only schedules done so far, working on main crypt now.
Post 30 Jan 2008, 02:33
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 30 Jan 2008, 07:28
Maybe you missed this discussion.
Post 30 Jan 2008, 07:28
View user's profile Send private message Visit poster's website Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP 30 Jan 2008, 14:11
Yes, I did, but there's your SHA512 code! (thought it was copyrighted, shouldn't u take it off???) Still, your macro's simply do the powmod function, and apparently quite well. Would be a simple crypt by itself, am i right? I mean, as long as they can figure out how to decrypt Smile.
Post 30 Jan 2008, 14:11
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 30 Jan 2008, 15:04
AlexP wrote:
Yes, I did, but there's your SHA512 code! (thought it was copyrighted, shouldn't u take it off???)
Copyright by who? I wrote the code and I placed no copyright on it. So therefore it is public domain. Feel free to use it you so desire for anything whatsoever.
AlexP wrote:
Still, your macro's simply do the powmod function, and apparently quite well. Would be a simple crypt by itself, am i right? I mean, as long as they can figure out how to decrypt Smile.
Yes it is a powmod function, that is what RSA is. And it is already used for encrypting, usually it is used to encrypt a symmetric cypher key in things like SSL. Although ECC is now taking over for the higher security it provides.
Post 30 Jan 2008, 15:04
View user's profile Send private message Visit poster's website Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP 30 Jan 2008, 19:36
Okay, here it is from the "working with 64-bit numbers...." thread in windows, when I asked u to post your SHA-512 code so I could see it:
Quote:

AlexP: I can' t post my existing SHA code. Although written by me it is not owned by me, my company retains copyright. The macros I posted above are as far as I can go with posting code.

But looking at your code it is not all that clear. In my code I used macros named things like: sigma0, sigma1, alpha0, alpha1, cho, maj. Then a round macro and finally combined then into a short piece of code that is mostly macros that does the hashing. I find the macro names provide a clear overview of the process that is taking place in the main loop.


And yeah, I'm trying to get a hybrid RSA-AES system going, bought a book on RSA and factoring/prime numbers, tons of the popular algorithms for primality testing, stuff like that so I could learn a lot before I even thought of starting. I know RSA is extremely complex to have a secure system going, and if I ever get AES done I'll spend a few weeks (or months) studying books about RSA and other fun stuff. I was going to do a stand-alone RSA cipher, but of course it would take forever to crypt anything large... I'll have something fun running on my computer someday, and I know I'll look back someday and say "Wow... I never want to see another proof again!!!". Luv the math though, I'm top percent in my high school class for it Very Happy .

PS: Our schools network has SSL 128-bit, a few months with a few hundred thousand computers and we could crack the key, find out whatever 128 cipher they're using, but it could be done, couldn't it?? Lol it says that it's "The highest encryption possible" when you click on it Smile. That's funny...


Last edited by AlexP on 30 Jan 2008, 19:51; edited 1 time in total
Post 30 Jan 2008, 19:36
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 30 Jan 2008, 19:49
Okay, the SHA macros are different from my SHA code. I see what you mean now. The x86 and ARM code I am unable to post Sad In case you didn't see it the SHA macros are here.
Post 30 Jan 2008, 19:49
View user's profile Send private message Visit poster's website Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP 30 Jan 2008, 19:53
Smile at least I can study those and figure out what was wrong when I tried them. Thought I was seein' things for a second there.
Post 30 Jan 2008, 19:53
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.