Signature scrambler?
Pages: 12
Hmm. This thread just took a shady turn :( |
How? :D was just trying to explain my self! Were not meant to sound offensive, but file size and useless instructions in the assembly is okay for me, for the purpose i am trying to produce.
I am also disabling optimizations on the g++
parts of my program can still be caught by signature recognition
avoiding being caught? Trying to hide your code's signature ? Know of anything that might try to do this sort of thing?! I am not offended; you sound like you are playing around to learn, but the things you ask are not things done by honest software.
avoiding being caught? Trying to hide your code's signature ? Know of anything that might try to do this sort of thing?! I am not offended; you sound like you are playing around to learn, but the things you ask are not things done by honest software.
Yes=)
Well i am sharing my project, so if i were not to have my "polymorph engine" , and one version getd caught, then everyone's version is caught.
You're right , and i am playing around to learn new things. But wanted to make some sort of precausion when sharing it around (the .exe) so that everyone does not share the same signature
And yeah you are right. Generally polymorph engines are used in order to hide malicious malware from anti virus programs, or to avoid signature detection for anti cheats etc
Well i am sharing my project, so if i were not to have my "polymorph engine" , and one version getd caught, then everyone's version is caught.
You're right , and i am playing around to learn new things. But wanted to make some sort of precausion when sharing it around (the .exe) so that everyone does not share the same signature
And yeah you are right. Generally polymorph engines are used in order to hide malicious malware from anti virus programs, or to avoid signature detection for anti cheats etc
Last edited on
| If i were to insert junk only at the end, some parts of my program can still br caught by signature recognition. |
So you want to avoid your app[s] being caught as a Trojan or virus by anti-virus software?
Legit software creators don't want to hide.
| a Trojan or virus |
Or a program to cheat at a game, which is what he seems to be up to.
At any rate, virus writers have created numerous programs to do this, although it's usually part of the virus itself so each copy it makes of itself in the wild is different.
| Legit software creators don't want to hide. |
The project could concievably be used to improve existing systems.
Last edited on
There are legitimate (or at least justifiable) uses for nearly any tool, even those that are adversarial in nature.
As a somewhat questionable example, something to disguise programs undergoing signature scans, could be theoretically used to hide closed-source anti-virus tools from malware that does these kinds of scans and prevents the applicable processes from launching. It's certainly not something you'd do often, and it's almost certainly not why OP is interested in this, but it's an example.
-Albatross
As a somewhat questionable example, something to disguise programs undergoing signature scans, could be theoretically used to hide closed-source anti-virus tools from malware that does these kinds of scans and prevents the applicable processes from launching. It's certainly not something you'd do often, and it's almost certainly not why OP is interested in this, but it's an example.
-Albatross
Have not been on for a while, sorry about that!
Alright, someone pointed it out, i am writing cheat software. Which typically means that, if one were to upload one copy of my .exe cheat, and the anti cheat team or whatever managed to get that .exe in their hands => they retrieve the signature and puts that signature into their signature anti cheat scan list, then all those copies will be detected.
So to counter act this problem, i introduce my polymorph engine, and pump out different signatures for every version, which makes detection for all alot harder since they are now unique in a sense.
Also, someone pointed out that there are legitimate use cases for polymorph engine's other than just bypassing signature scans found in anti virus or games etc.. That is very true.
Polymorph engines can either be of obfuscation or encryption, so if one were to obfuscate their application with all sorts of junk, reverse engineering it becomes alot harder, almost impossible if done properly. This is a good example of this: http://stunnix.com/prod/cxxo/
Alright, someone pointed it out, i am writing cheat software. Which typically means that, if one were to upload one copy of my .exe cheat, and the anti cheat team or whatever managed to get that .exe in their hands => they retrieve the signature and puts that signature into their signature anti cheat scan list, then all those copies will be detected.
So to counter act this problem, i introduce my polymorph engine, and pump out different signatures for every version, which makes detection for all alot harder since they are now unique in a sense.
Also, someone pointed out that there are legitimate use cases for polymorph engine's other than just bypassing signature scans found in anti virus or games etc.. That is very true.
Polymorph engines can either be of obfuscation or encryption, so if one were to obfuscate their application with all sorts of junk, reverse engineering it becomes alot harder, almost impossible if done properly. This is a good example of this: http://stunnix.com/prod/cxxo/
Last edited on
When I reverse engineer, I just pull the assembly I want out and put in, intact. I don't usually try to actually unravel it. But yes, there are legit uses. And as I said, I believe that learning the dark arts is the only way to defend against them... so I am not going to get bent out over your studies. I think its a cool thing to play with. I certainly hacked my share of games over the decades.... its just that most of them were before the online game concept existed...
I had this neat background process that could keep one value in memory locked; so you could like lock your health integer to 100% and never die or have infinite ammo etc ... :)
I had this neat background process that could keep one value in memory locked; so you could like lock your health integer to 100% and never die or have infinite ammo etc ... :)
Last edited on
| Have not been on for a while, sorry about that! |
Nobody cares. You seem too stupid to write anything worthwhile anyway.
When I reverse engineer, I just pull the assembly I want out and put in, intact. I don't usually try to actually unravel it. But yes, there are legit uses. And as I said, I believe that learning the dark arts is the only way to defend against them... so I am not going to get bent out over your studies. I think its a cool thing to play with. I certainly hacked my share of games over the decades.... its just that most of them were before the online game concept existed... I had this neat background process that could keep one value in memory locked; so you could like lock your health integer to 100% and never die or have infinite ammo etc ... :) |
Yep, totally agree with that! Pretty cool what is possible to accomplish. I am a university student aswell so for me to be doing my own projects and see what i can accomplish with the knowledge being taught really helps to enhance the learning process.
Nobody cares. You seem too stupid to write anything worthwhile anyway |
Ehm? That went from 0 to 100? Take something to eat.
Topic archived. No new replies allowed.
Pages: 12