Revision as of 15:40, 18 June 2021 edit OllivierRob (talk \| contribs) 36 edits m →Polymorphic encryption ← Previous edit		Revision as of 16:22, 22 June 2021 edit undo 182.189.192.27 (talk) The example on XOR polymorphic code was incomplete. Fixed that! Tag: Visual edit Next edit →
Line 21: For example, in an algorithm using the variables A and B but not the variable C, there could be a large amount of code that changes C, and it would have no effect on the algorithm itself, allowing it to be changed endlessly and without heed as to what the final product will be. Start: much encrypted code▼ GOTO Decryption_Code ~~...~~ Encrypted: ▲ ...lots ~~much~~of encrypted code... Decryption_Code: C = C + 1 A = Encrypted Loop: B = A C = 3214 A B = B XOR CryptoKey *A = B C = 1 C = A + B A = A + 1 GOTO Loop IF NOT A = Decryption_Code C = C^2 GOTO Encrypted CryptoKey: some_random_number The encrypted code is the payload. To make different versions of the code, in each copy the garbage lines which manipulate C will change. The code inside "Encrypted" ("lots of encrypted code") can search the code between Decryption_Code and CryptoKey and each algorithm for new code that does the same thing. Usually, the coder uses a zero key (for example; A [[xor]] 0 = A) for the first generation of the virus, making it easier for the coder because with this key the code is not encrypted. The coder then implements an incremental key algorithm or a random one.

Polymorphic code: Difference between revisions