Thanks To DrIdle This tutorial is strictly for educational purposes only, I am not responsible for any of the action you may take upon others. Please, Don't abuse this tutorial, Use it wisely. Covered in Covert Transhumanism; A Mind Control. Programming •Electronic Telepathy/Synthetic Telepathy/v2k •Mind Control. Of Cyber and Cybernetic. Covert Transhumanism: A Mind Control Documentary. Covered in Covert Transhumanism; A Mind Control Documentary. Secrets of Cyber and Cybernetic Warfare Revealed. I'm not going to explain a completely new method of how executables can be made FUD. I guess most of the public available crypters do it similarly. But the problem with those crypters is that they get detected very soon after they were published. So I figured out a way to write my own crypter in C++. In this tutorial I'm going to explain how you can implement your own crypter and how you can play around with the code to get your exe FUD again if it gets detected some day. Maybe these ideas are not new to you and someone else posted them already here somewhere. In this case please let me know. I tested it with two RATs: - Poison Ivy server (v2.3.2) - Cybergate server (v1.07.5) (Hint: 'Compress with UPX' must be disabled) (other tools might also work with this technique, just test with your exe) The system is a Windows XP SP3 machine. I don't know if this also works for Vista and 7. Maybe someone can try? Server size: - Poison Ivy: 10KB (before), 46KB (after) - Cybergate: 290KB (before), 327KB (after) Antivirus (AV) detection. If you want to test your crypted exe with online AVs, do it only here () and don't forget to check the checkbox 'Do not distribute the sample'! Otherwise your exe will be distributed to the AV companies so they can exermine it and update their virus databases. So let's get started! Stuff you need 2. Implement the Encrypter 3. Implement the Stub (Decrypter) 4. Bind your encrypted exe with the Stub 5. Play around with code to get your exe to be FUD again 1. Stuff you need - Microsoft Visual C++ Express 2010: (the Express edition it is free) - Resource Hacker: - my implementations of the Encrypter and the Stub (Visual Studio projects): 2. Implement the Encrypter Open the Visual Studio project 'MyEncrypter' by double clicking on 'MyEncrypter.sln' (see '1. Stuff you need' for a download link). It should look like this (sorry, I have the german version of Visual Studio). (for all of you C++ pros out there: I know my code can be optimized. I'm not used to C++ coding, so please be lenient. This is for educational purpose, not for max performance) The Encrypter is a console application. You need it to encrypt your exe, so AVs are not able to find pattern matches. The encryption algorithm I used is the AES algorithm. These are the steps the Encrypter takes: 1. Open a given binary file 2. Encrypt the data with an AES key (you may change this key as you like) 3. Write the encrypted data to an output file (try to understand what the C++ code does!) Compile the Visual Studio project by pressing F7. Now you have got your Encrypter application 'MyEncrypter.exe' in the project output directory. The binary file to encrypt is passed to the Encrypter as the first parameter (e.g. 'MyEncrypter.exe server_to_encrypt.exe'). Either you do this by typing the command at the Win command prompt or you can also drag 'server_to_encrypt.exe' onto 'MyEncrypter.exe'. If the Encrypter runs successfully a file called 'encrypted.dat' will be generated in the same directory as the Encrypter. This encrypted file should have exact the same size as the unencrypted file. This was the easy part of the tut;) Now let's move on to the Stub. Implement the Stub (Decrypter) A Stub is the part of an exe, that is responsible for decrypting the rest of the exe on runtime and to run the decrypted code in memory. This way AVs which do only support a static code analysis (most of the AVs) do not have the chance to detect your exe. Only AVs which support dynamic code analysis are still able to detect it. But the dynamic analysis is very resource intensive so AVs running on normal end user computers don't support it. Open the Visual Studio project 'MyStub' by double clicking on 'MyStub.sln' (see '1. Stuff you need' for a download link). It should look like this. Nero crack serial number. The Stub is a Win32 application. It decrypts the binary data found in the resource of the exe.
0 Комментарии
Оставить ответ. |
АвторНапишите что-нибудь о себе. Не надо ничего особенного, просто общие данные. Архивы
Март 2019
Категории |