Results 1 to 22 of 22

Thread: RASH - EXE-cryptor

  1. #1
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    Just made a private release of RASH EXE-cryptor.

    The package contains a GUI for EXE-encryption. If someone wants to test it - please email me. New RASH has no compression by itself - only nice and simple XOR-based encryption.


  2. #2
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    The file wrapped by this cryptor cannot be correctly decrypted by any AV software. For example:

    Before
    URL
    After
    URL


  3. #3
    Member
    Join Date
    Jan 2007
    Location
    Moscow
    Posts
    239
    Thanks
    0
    Thanked 3 Times in 1 Post
    Nice!
    But KLabs will write decryptor in 5 minutes after they'll get your cryptor

  4. #4
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    The stub contains decryptor which can be copy pasted. But currently the decryptor contains a two operands trick which fools all AV/generic decryptors - that's why even AVP and VBA cannot decrypt it...

    Just fun art...

  5. #5
    Member
    Join Date
    Jan 2007
    Location
    Moscow
    Posts
    239
    Thanks
    0
    Thanked 3 Times in 1 Post
    KAV has comparably weak emulator today. Best ones are in NOD32 and BitDefender. I think they'll decrypt your code in emulator, but they have time limit, because AV can't work indefinitely

  6. #6
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    The catch not in time. RASH contains instruction that all AV don't support. As a result a wrong key generated.

  7. #7
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    About strong emulation. Previously RASH has a simple LZW compression with no anti-emulation tricks. Only KAV and VBA32 correctly decompress the code.

  8. #8
    Expert
    Matt Mahoney's Avatar
    Join Date
    May 2008
    Location
    Melbourne, Florida, USA
    Posts
    3,255
    Thanks
    306
    Thanked 778 Times in 485 Posts
    They don't need to decrypt your code. The AV will just add your decryption code to their signature files.

  9. #9
    Member
    Join Date
    Jun 2009
    Location
    Kraków, Poland
    Posts
    1,471
    Thanks
    26
    Thanked 120 Times in 94 Posts
    matt:
    so all rash encrypted would be marked as viruses. imo more intelligent is to extract original entry point from crypted executable an then set up breakpoint on that place. so av won't need decryptor

    or one can make cryptor that uses external passwords for de/ crypting, eg. to decrypt & run you must provide password in command line, eg. yourprogram.exe --password mypassword

  10. #10
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    Quote Originally Posted by Matt Mahoney
    The AV will just add your decryption code to their signature files.
    Yep! Even if this is an experimental software for fun - without any malicious goal...

  11. #11
    Administrator Shelwien's Avatar
    Join Date
    May 2008
    Location
    Kharkov, Ukraine
    Posts
    3,134
    Thanks
    179
    Thanked 921 Times in 469 Posts
    Guess, the next step is writing a polymorphic decompressor generator

  12. #12
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    ...or a compressor written in 100% ASM...

  13. #13
    Administrator Shelwien's Avatar
    Join Date
    May 2008
    Location
    Kharkov, Ukraine
    Posts
    3,134
    Thanks
    179
    Thanked 921 Times in 469 Posts
    > ...or a compressor written in 100% ASM...

    That's not a very creative idea.
    And also with algorithms like your LZW it might be actually
    simpler to write in asm as complex control flow is harder to
    express with C and the like.

    ...Also is there any reason at all to care about compressor's size?

  14. #14
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    Quote Originally Posted by Shelwien
    Also is there any reason at all to care about compressors size?
    Nope. But sometimes in ASM we may add an extra hand tuned optimizations...

  15. #15
    Member
    Join Date
    Jan 2007
    Location
    Moscow
    Posts
    239
    Thanks
    0
    Thanked 3 Times in 1 Post
    Quote Originally Posted by Shelwien
    ...Also is there any reason at all to care about compressors size?
    1. Prove yourself that you are programmer, not java_coding_monkey.
    2. Microcontollers: car electronics, RFIDs, emmbedded software, etc.

  16. #16
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    Quote Originally Posted by nimdamsk
    1. Prove yourself that you are programmer, not java_coding_monkey.
    Actually, I think not need to prove anything to anyone. If youre mature programmer you may do programming on any language and compiler without things like Delphi is for lame kids ASM is for cool programmers... You know what I mean...

  17. #17
    Expert
    Matt Mahoney's Avatar
    Join Date
    May 2008
    Location
    Melbourne, Florida, USA
    Posts
    3,255
    Thanks
    306
    Thanked 778 Times in 485 Posts
    You need a small decompressor for self extracting archives, or high ranking on LTCB

  18. #18
    Member
    Join Date
    Feb 2008
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts


    Could i try out the RASH? I could not find your email address, encode, so i am posting here. My email is contact@renderarmy.com Thanks in advance!!!!

  19. #19
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    Just sent a link to you. You may remove your email address from the post.

  20. #20
    Member
    Join Date
    Feb 2008
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Where is the download link ?

  21. #21
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    Quote Originally Posted by rkn
    Where is the download link ?
    Download link is hidden...

  22. #22
    The Founder encode's Avatar
    Join Date
    May 2006
    Location
    Moscow, Russia
    Posts
    3,954
    Thanks
    359
    Thanked 332 Times in 131 Posts
    I do not post it, because RASH will be added to Anti-Virus databases, even before actual release. Currently, I've made some ASM driven decryption and decompression for RASH... Which will be in next "releases".

Similar Threads

  1. exe prefilter quick comparison
    By evg in forum Data Compression
    Replies: 7
    Last Post: 23rd May 2009, 16:20
  2. I need a better version of sweep.exe
    By SvenBent in forum Data Compression
    Replies: 11
    Last Post: 27th October 2008, 23:58
  3. New Disassembled LZTurbo.exe 0.92...
    By Raymond_NGhM in forum Forum Archive
    Replies: 1
    Last Post: 19th April 2008, 08:58
  4. Disassembled LZTurbo.exe 0.92...
    By Raymond_NGhM in forum Forum Archive
    Replies: 10
    Last Post: 17th April 2008, 14:29
  5. rash - dummy EXE packer
    By encode in forum Forum Archive
    Replies: 17
    Last Post: 26th January 2008, 12:27

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •