Click here to Skip to main content
11,412,526 members (74,886 online)
Click here to Skip to main content

Poly-Engine Crypt String

, 11 Jul 2004 CPOL
Rate this:
Please Sign up or sign in to vote.
Hide (crypt) string with a polymorphic dynamic code ("game" with the class Stack!).

Sample Image - StackCrypt.gif


Interesting characteristic (for me!) of the .NET framework, is the possibility to simulate situations that were possible only using the language assembler x86. I refer, in particular, to the STACK (sequence of data). The stack can be considered (reductively) as an area of "temporary memory" in which the data are visible in the inverse order to insertion.


To emulate another programming language in order "to confuse" the code against the decompilers!

Using the code

In .NET, therefore, class STACK is present. The main methods exposed from the .NET class STACK are the following:

  • PUSH (Inserts the value in the stack. Equal instruction is present in the assembler language x86);
  • POP (Extracts the value from the stack. Equal instruction is present in the assembler language x86);
  • PEEK (Returns last value from the stack);
  • COUNT (Counts the elements on the stack).

Example VB.NET code:

Dim st As New Stack
st.Push(1) 'insert 1 into the stack
st.Push(2) 'insert 2...
st.Push(3) 'insert 3...
Debug.WriteLine(st.Count) 'return: 3
Debug.WriteLine(st.Peek) 'return last value onto the stack: 3
st.Pop() 'extract value 3
Debug.WriteLine(st.Count) 'return: 2
Debug.WriteLine(st.Peek) 'return last value onto the stack: 2
st.Pop() 'extract value 2
st.Pop() 'extract value 1
Debug.WriteLine(st.Count) 'return 0

Understood as the stack works, for insertion/extraction of the data (*always* in inverse order), we are ready to implement our algorithm of cryptography. We want to realize it (relatively simply), effectively. It turns out to your always getting random source code and that it comes dynamically executed from the compiler... We want to construct a creative...VB.NET app...

Poly-Engine Crypter for the strings (...ehila! Who has said like the poly-engines present in the virus code? *yes* is the answer!). In this tutorial, I introduce to you *only* implementing dynamic code using the functions of: sum, subtraction, XOR (for the nostalgic programmers of the assembler language x86: add, sub, xor) of byte.

We imagine of wanting to hide (crypt) the string:

Hello Word! (hex value: 48 65 6C 6C 6F 20 57 6F 72 64 21)
Dim _myStr As String = "Hello Word!"
Dim rand As New Random 'used for randomize operations on the byte
Dim _count As Integer '0=sub/1=xor/2=add/3=xor ...only your creativity :-)))
Dim _valCrypt As Integer = 0 'temporary value
Dim _value As Integer 'single char value
Dim ik As Integer
Debug.WriteLine("Dim st As New Stack(" & CStr(_myStr.Length - 1) & ")") 
Debug.WriteLine("Dim bCrypt As Integer = 0") 'init value 0
For ik = _myStr.Length To 1 Step -1 'from last char (stack inverse order)
    _count = rand.Next(0, 3) 'random value
    _value = Asc(Mid(_myStr, ik, 1))
    '+ generation
    Debug.WriteLine(PolyEngineWrite(_valCrypt, _count, _value))
Next ik
'...end procedure poly-generation

Poly-Engine (core) Crypter:

Private Function PolyEngineWrite(ByRef valCrypt As Integer, _
                    ByVal count As Integer, _
                    ByVal value As Integer) As String
    Dim tempVal As Integer
    Select Case count
        Case 0
            tempVal = (valCrypt - value)
        Case 1, 3
            tempVal = (valCrypt Xor value)
        Case 2
            tempVal = (value - valCrypt)
    End Select
    tempVal = tempVal And 255
    valCrypt = value
    Return ("bCrypt = StackDecrypt(bCrypt, " & _
       CStr(count) & ", &H" & Hex(tempVal) & ")")
End Function

Generated Source Code

...the generated source code is *always* different!

Random output (VB.NET source code) example:

Dim st As New Stack(10) 'lenght string - 1
Dim bCrypt As Integer = 0
bCrypt = StackDecrypt(bCrypt, 2, &H21) '01. 00h  +  21h = 21h (!)
bCrypt = StackDecrypt(bCrypt, 1, &H45) '02. 21h Xor 45h = 64h (d)
bCrypt = StackDecrypt(bCrypt, 0, &HF2) '03. 64h  -  F2h = 72h (r)
bCrypt = StackDecrypt(bCrypt, 1, &H1D) '04. 72h Xor 1Dh = 6Fh (o)
bCrypt = StackDecrypt(bCrypt, 2, &HE8) '05. 6Fh  +  E8h = 57h (W)
bCrypt = StackDecrypt(bCrypt, 2, &HC9) '06. 57h  +  C9h = 20h (space)
bCrypt = StackDecrypt(bCrypt, 0, &HB1) '07. 20h  -  B1h = 6Fh (o)
bCrypt = StackDecrypt(bCrypt, 0, &H3)  '08. 6Fh  -  03h = 6Ch (l)
bCrypt = StackDecrypt(bCrypt, 0, &H0)  '09. 6Ch  -  00h = 6Ch (l)
bCrypt = StackDecrypt(bCrypt, 0, &H7)  '0A. 6Ch  -  07h = 65h (e)
bCrypt = StackDecrypt(bCrypt, 2, &HE3) '0B. 65h  +  E3h = 48h (H)

The bytes come manipulated from the StackDecrypt procedure and inserted into the stack with PUSH class method (see Introduction):

Private Function StackDecrypt(ByVal bCrypt As Integer, _
                ByVal iOpCode As Integer, _
                ByVal iSalt As Integer) As Integer     
    Select Case iOpCode
        Case 0 
            bCrypt = (bCrypt - iSalt) 
        Case 1, 3 
            bCrypt = bCrypt Xor iSalt
        Case 2 
            bCrypt = (bCrypt + iSalt)
    End Select 
    bCrypt = bCrypt And 255
    Return bCrypt
End Function

**Now it does not remain that "to recompose" the string from the stack. For this last passage, we can use (continuation of the two examples of output):

Dim str As String = ""
Dim ij As Integer
For ij = 1 To st.Count
    str &= Chr(st.Pop)'it composes final string
Next ij

...the final string obtained from the dynamic process of the code decryption is: Hello Word!

Points of Interest

In a future article, I will explain as it is possible to generate dynamic code in assembler language x86 and recalling it with a callback execution!

With these techniques, I try to implement secure code against the decompiler. It must be used in combination with a obfuscator and a crypter. They will be available, to short, my .NET crypter Wink | ;-)

For other information please visit my web site (in continuous modernization).


July 2004: First public release. (Sorry for my bad English...I'm Italian)


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Marcello Cantelmo
President Cantelmo Software
Italy Italy
President of "Cantelmo Software" (micro-ISV situated in Lizzanello (Lecce) - Italy): Development Software and Professional Component for .NET Platform. Author of Goliath .NET Obfuscator
Follow on   Twitter

Comments and Discussions

GeneralCantelmo Goliath.NET Obfuscator (Pre-Release) Pin
Marcello Cantelmo at 26-Jan-05 2:27
sussMarcello Cantelmo26-Jan-05 2:27 
GeneralNot bad Pin
Big Pete at 20-Jul-04 1:33
memberBig Pete20-Jul-04 1:33 
GeneralRe: Not bad Pin
Marcello Cantelmo at 20-Jul-04 3:53
sussMarcello Cantelmo20-Jul-04 3:53 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.150427.1 | Last Updated 12 Jul 2004
Article Copyright 2004 by Marcello Cantelmo
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid