News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Encryption, Data questions

Started by doxor, March 17, 2006, 08:29:52 PM

Previous topic - Next topic

doxor

1. Encryption.
I've made an encryption/decryption module in Visual Basic, and i wanted a decryption module.
Well in Visual Basic:

Dim temp As String
Dim temp2 As String
--------------------------------------------------------------------
Private Function decrypt(textodecrypt As String)
temp2 = ""
For i = 1 To Len(textodecrypt)
temp = Asc(Mid(textodecrypt, i, 1))
temp = temp - 1                                         'Any number [the decryption part]
If temp < 0 Then temp = temp + 255
temp = Chr(temp)
temp2 = temp2 & temp
Next i
decrypt = temp2
End Function


Was wondering if anyone could port that into masm? I've only seen harder encryption methods, which isn't the point of my program,
So i was wondering if anyone could help?

2. Reading Data
Anyway to read the data written at the end of the EXEfile?
For e.g., File = 4.0 kbs, then you added 0.1kbs of data to the end, how would you read that 0.1kbs of data, and use that in the EXE?


Regards,

Doxor

P1

doxor,

Welcome a Board !!!     

Forum 'Search' is your friend, along with Google.   

Do a 'Search', this subject has been discussed here before.

Please read the forum rules too!

Quote from: doxor on March 17, 2006, 08:29:52 PM2. Reading Data
Anyway to read the data written at the end of the EXEfile?
For e.g., File = 4.0 kbs, then you added 0.1kbs of data to the end, how would you read that 0.1kbs of data, and use that in the EXE?
It's your first post and you have asked for help on a technique used by viruses.  So I will ask, what you are doing with this technique ???  Couple with the fact, that viruses are encrypting themselves more and more for polymorphic reasons.

Regards,  P1   


doxor

1. Reads the key from the end of the file
2. Uses the key to decrypt

Before, i was just pasting the data into a location of the file, but this isn't so useful if the user edits the file in anyway.
And the decryption method, I did a search but found nothing that met my requirements... Maybe i'm being noobish?
Could anyone give me a helping hand? =]

P1

Quote from: doxor on March 17, 2006, 09:48:43 PM
1. Reads the key from the end of the file
2. Uses the key to decrypt

Before, i was just pasting the data into a location of the file, but this isn't so useful if the user edits the file in anyway.
And the decryption method, I did a search but found nothing that met my requirements... Maybe i'm being noobish?
Could anyone give me a helping hand? =]
Strike Two!!!  :tdown  To ask a question like this in the first place was Strike One, knowing the rules of the forum.   

There are other ways to bury data, without using a .exe file.  In a plain file encrypted, does the same thing.

Let me repeat myself.  I did not ask what you were doing, and repeating yourself is not good.   I asked what are you doing with the technique???  I have asked an open ended question on purpose, so as not to put words in your mouth.

Which .exe files are you modifying?  Ignoring Questions are all strikes. 

Be brave, post your code!!!  It will remove all doubts.

BTW, the last person who asked this question, but was unwilling to explain themselves, had the thread closed.

Regards,  P1  :8)


EduardoS

P1, be more flexible...
He is a Visual Basic programer, he don't know how to port that simple algo to asm and don't know even a simple task like insert data at end of an exe,
How he will build viruses??? :lol :lol :lol

But lets see his answer.

P1

Quote from: EduardoS on March 17, 2006, 11:04:14 PMP1, be more flexible...But lets see his answer.
I am, that's why this threat is still open.  ( Fraudian slip ??? t and d are not that far apart. )

I have not ever had to dymanically modify an .exe file for data storage.  As far as hiding data goes, any file extension will do.  We have data streams too. 

Any PE hack kit will let you set an entry point in an .exe file.  The fight against viruses starts with keeping a check on writers.

We just did this in January with mickalia, their post was moved to the trash.  For almost the same thing.

Regards,  P1  :8)

EduardoS

Quote from: P1 on March 17, 2006, 11:19:43 PM
( Fraudian slip ??? t and d are not that far apart. )
I don't understand what you mean here...

Backing to the data in exe, i see it beeing used one time, after doxor answer why he want it i tell where i see that (don't want give the ideia to him).

redskull

forgive me for not being up on the whole computer crime lifestyle, but how is appending an EXE file/encryption related to virius writing?  In the most general terms possible, as to not violate the forum rules

alan
Strange women, lying in ponds, distributing swords, is no basis for a system of government

zooba

Quote from: redskull on March 18, 2006, 06:16:11 AM
forgive me for not being up on the whole computer crime lifestyle, but how is appending an EXE file/encryption related to virius writing?  In the most general terms possible, as to not violate the forum rules

Windows will always load the entire executable file into memory (except maybe .rsrc section?). Once malicious code is in memory it's only a small step to actually execute it.

Doxor, I don't see where you are using a key in your algorithm...

MichaelW

Quote from: redskull on March 18, 2006, 06:16:11 AM
forgive me for not being up on the whole computer crime lifestyle, but how is appending an EXE file/encryption related to virius writing?  In the most general terms possible, as to not violate the forum rules

Essentially, viruses replicate by inserting copies of themselves into an executable, most commonly a program.

eschew obfuscation

hutch--

Guys,

Lets see what the answer is first from doxor. P1 is right that some viruses append data to the end of an EXE file to infect it and modify the exe header to branch directly to that data/code and execute it. At the other end of the spectrum, it is not uncommon to append true data to the end of an EXE file that it uses by reading it from disk. From memory Winrar SFX modules do this but many other apps also do it as it means the PE loader only loads the executable image fom disk without loading the data with it.

If this is even vaguely going in the direction of appended malicious data, P1 will close this thread. the solution for doxor is to tell us properly what he is trying to do and if it looks like its OK, P1 will allow it, otherwise its off to the trash heap.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

doxor

wow...
uhm big deal over nothing? :S
The program i am building is for a "test your skills" kind of thing
The program will be open for download, and the user has to test his skills and "crack" the password
The key will be at the end of the file, and he has to manipulate that to get the password hidden inside the file. [i.e. change the valu it's decrypting, 1-255]
Also just general curiosity.


And i code visual basic, and can hardly code asm... how am i meant to build a virus?

evlncrn8

Quote from: doxor on March 18, 2006, 09:08:06 AM
And i code visual basic, and can hardly code asm... how am i meant to build a virus?

you dont need to know asm to write a virus, i could write one in vb, but it'd be relatively huge heh
all you need to know is the technique, from then the language you write in really does not matter
and if you code in visual basic, how come you're on an assembly forum :)

hutch--

Yes,

Its called a "crackme". Topic closed.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

P1

Quote from: P1 on March 17, 2006, 11:19:43 PMI am, that's why this threat is still open.  ( Fraudian slip ??? t and d are not that far apart. )
The slip was thread vs threat.  Thread is a topical discussion.  Threat: 1. An expression of an intention to inflict pain, injury, evil, or punishment. 2. An indication of impending danger or harm. 3. One that is regarded as a possible danger; a menace.

Regards,  P1  :8)