From: liveline on 7 Jun 2010 17:51 does someone know good encryption sheme to encrypt and compresss PE executable? (i.e. to make custom Run-time packer) For encryption I would choose AES-256 with random key, but how to implement encryption/compression scheme: we need strip out the old PE header and put in a new stock header that performed the decryption. Also, proper obfuscation would need to actually interpret and reoptimize the machine code of the program to be obfuscated.
From: Tom St Denis on 8 Jun 2010 07:01 On Jun 7, 5:51 pm, "liveline" <livel...(a)news.eternal-september.org> wrote: > does someone know good encryption sheme to encrypt and compresss PE > executable? (i.e. to make custom Run-time packer) > For encryption I would choose AES-256 with random key, but how to implement > encryption/compression scheme: we need strip out the old PE header and put > in a new stock header that performed the decryption. Also, proper > obfuscation would need to actually interpret and reoptimize the machine code > of the program to be obfuscated. In the PE format you can just append your encrypted content to the end of the executable. So just make a loader than expects an encrypted payload after itself. Then realize this is pointless since the average 12 yr old will break it.
From: Dave -Turner on 8 Jun 2010 07:56 The executable could only be executed if the user is prompted for the password when it starts, are you sure that's what you're after? Because if not then AES256 is no harder to get past than an XOR - the executable can be dumped from memory after it's been decrypted and loaded.
From: unruh on 8 Jun 2010 14:42 On 2010-06-08, Dave -Turner <admin(a)127.0.0.1> wrote: > The executable could only be executed if the user is prompted for the > password when it starts, are you sure that's what you're after? Because if > not then AES256 is no harder to get past than an XOR - the executable can be > dumped from memory after it's been decrypted and loaded. And then the "ask for password" routine replaced by something that always says "succeeded" Unless there is a continual decryption process going on, with continual requests for passwords to run that next decryption. > >
From: Dave -Turner on 9 Jun 2010 01:16 > And then the "ask for password" routine replaced by something that > always says "succeeded" Yes, but you'd still need to know the password first though to get to that stage.
|
Next
|
Last
Pages: 1 2 Prev: Why hash function (e.g. MD5) cannot be a MAC Next: Best practice for password hashing |