惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Know Your Adversary
Know Your Adversary
云风的 BLOG
云风的 BLOG
Recent Announcements
Recent Announcements
F
Fortinet All Blogs
B
Blog
罗磊的独立博客
宝玉的分享
宝玉的分享
Vercel News
Vercel News
Martin Fowler
Martin Fowler
N
Netflix TechBlog - Medium
P
Proofpoint News Feed
T
Threatpost
Security Latest
Security Latest
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Stack Overflow Blog
Stack Overflow Blog
I
Intezer
P
Privacy International News Feed
D
Docker
月光博客
月光博客
博客园 - 三生石上(FineUI控件)
M
MIT News - Artificial intelligence
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
L
Lohrmann on Cybersecurity
Google DeepMind News
Google DeepMind News
The Last Watchdog
The Last Watchdog
A
Arctic Wolf
IT之家
IT之家
S
SegmentFault 最新的问题
S
Securelist
博客园 - 叶小钗
N
News and Events Feed by Topic
F
Full Disclosure
Security Archives - TechRepublic
Security Archives - TechRepublic
Engineering at Meta
Engineering at Meta
Hacker News: Ask HN
Hacker News: Ask HN
博客园 - Franky
GbyAI
GbyAI
AI
AI
Y
Y Combinator Blog
WordPress大学
WordPress大学
Latest news
Latest news
Microsoft Security Blog
Microsoft Security Blog
人人都是产品经理
人人都是产品经理
N
News | PayPal Newsroom
The Cloudflare Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
I
InfoQ

博客园 - 星星之火

Writing own regular expression parser How Regexes Work Content Based Routing Web Services in .NET and J2EE 绝不因寂寞而爱上别人 比尔·盖茨给青年一代的11点忠告 在.Net环境下用C#操纵活动目录 - 星星之火 - 博客园 谁能简单说一下活动目录是什么东西? 广播,多播(二)(Broadcasting, Multicasting) 两毛钱爽一把 可以建立一个Udp Server,接收发往本机所有端口的数据包吗? 广播,多播(一)(Broadcasting, Multicasting) C#异步网络编程 应该由国家建立非法网站数据库 use Helper Classes to simplify you network programming a udp echo client a udp echo server xml digital signature when udp goes bad and how to solve it(C#) when tcp goes bad, and how to solve it
Poly-Engine Crypt String
星星之火 · 2004-07-16 · via 博客园 - 星星之火

Introduction

Interesting characteristic (for me!) of .NET the Framework, is the possibility to simulate situations that they were possible
only using the language assembler x86. I refer, in particular, to the STACK (sequence of data). The Stack can be considered
(reductively) as an area of "temporary memory" in which the data they are visible in inverse order to just the insertion.

Background

To emulate an other programming language in order "to confuse" the code against the decompilers !

Using the code

In .NET, therefore, class STACK is present. The main methods exposed from the .NET class STACK are following:

  • PUSH (Inserts the value in the stack. Equal instruction is present in the assembler language x86);
  • POP (Extracts the value from the stack. Equal instruction is present in the assembler language x86);
  • PEEK (Law a value from the stack);
  • COUNT (Counts the elements on the stack).

example vb.net code:

Dim st As New Stack

st.Push(1) 
st.Push(2) 
st.Push(3) 

Debug.WriteLine(st.Count) 
Debug.WriteLine(st.Peek) 

st.Pop() 

Debug.WriteLine(st.Count) 
Debug.WriteLine(st.Peek) 

st.Pop() 
st.Pop() 

Debug.WriteLine(st.Count) 

Understood as the stack works, for insertion/extraction of the data (*always* in inverse order), we are ready to implement
our algorithm of cryptography. We want to realize it (relatively simple), effective, it turns out to you always random source
code and that it comes dynamically executed from the compiler... then we want to construct a creative...vb.net...
Poly-Engine Crypter for the strings (...ehila! Who has said like the poly-engines present in the virus code? *yes* is the
answer!). In this tutorial I introduce to you like *only* implementing dynamic code using the functions of: sum, subtraction,
xor (for the nostalgic programmers of the assembler language x86: add, sub, xor) of byte.

We imagine of wanting to hide (crypt) the string:

Hello Word! (hex value: 48 65 6C 6C 6F 20 57 6F 72 64 21)

Dim _myStr As String = "Hello Word!"
Dim rand As New Random 
Dim _count As Integer 
Dim _valCrypt As Integer = 0 
Dim _value As Integer 
Dim ik As Integer

Debug.WriteLine("Dim st As New Stack(" & CStr(_myStr.Length - 1) & ")") 
Debug.WriteLine("Dim bCrypt As Integer = 0") 

For ik = _myStr.Length To 1 Step -1 
    _count = rand.Next(0, 3) 
    _value = Asc(Mid(_myStr, ik, 1))
    
    Debug.WriteLine(PolyEngineWrite(_valCrypt, _count, _value))
    Debug.WriteLine("st.Push(bCrypt)")
Next ik

Poly-Engine (core) Crypter:

Private Function PolyEngineWrite(ByRef valCrypt As Integer, _
                    ByVal count As Integer, _
                    ByVal value As Integer) As String
    Dim tempVal As Integer
    
    Select Case count
        
        Case 0
            tempVal = (valCrypt - value)
        
        Case 1, 3
            tempVal = (valCrypt Xor value)
        
        Case 2
            tempVal = (value - valCrypt)
    End Select
    tempVal = tempVal And 255
    valCrypt = value
    Return ("bCrypt = StackDecrypt(bCrypt, " & CStr(count) & ", &H" & Hex(tempVal) & ")")
End Function 

Generated Source Code

...the generated source code is *always* different!

random output (vb.net source code) example:

Dim st As New Stack(10) 
Dim bCrypt As Integer = 0

bCrypt = StackDecrypt(bCrypt, 2, &H21) 
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 1, &H45) 
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 0, &HF2) 
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 1, &H1D) 
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 2, &HE8) 
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 2, &HC9) 
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 0, &HB1) 
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 0, &H3)  
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 0, &H0)  
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 0, &H7)  
st.Push(bCrypt)
bCrypt = StackDecrypt(bCrypt, 2, &HE3) 
st.Push(bCrypt) 

The bytes comes manipulates from the StackDecrypt procedure and inserted into the stack with PUSH class method (sees
introduction):

Private Function StackDecrypt(ByVal bCrypt As Integer, _
                ByVal iOpCode As Integer, _
                ByVal iSalt As Integer) As Integer     
    Select Case iOpCode
        
        Case 0 
            bCrypt = (bCrypt - iSalt) 
        
        Case 1, 3 
            bCrypt = bCrypt Xor iSalt
        
        Case 2 
            bCrypt = (bCrypt + iSalt)
    End Select 
    bCrypt = bCrypt And 255
    Return bCrypt
End Function

**Now it does not remain that "to recompose" the string from the stack. For this last passage we can use (continuation of
the two examples of output):

Dim str As String = ""
Dim ij As Integer
For ij = 1 To st.Count
    str &= Chr(st.Pop)
Next ij

...the final string obtained from the dynamic process of the code decryption is: Hello Word!

Points of Interest

In a future article I will explain as it is possible to generate dynamic code in assembler language x86 and recalling it with
a callback execution!

With these techniques I try to implement secure code against the decompiler. It must be used in combination with a
obfuscator and a crypter. He will be available, to short, my .NET crypter ;-)

For other information please visits my web site  (in continuos modernization) 

History

July 2004: First Public Release (sorry for my bad english...i'm italian)

About Marcello Cantelmo


President of the "Cantelmo Software" Company (situated in Lecce-Italy). Development Software and Professional Component for .NET Platform.

Click here to view Marcello Cantelmo's online profile

from: CodeProject.com