Revision as of 10:25, 29 April 2003 edit Heron (talk \| contribs) Administrators 29,328 edits m sp ← Previous edit		Revision as of 10:32, 29 April 2003 edit undo Theresa knott (talk \| contribs) Extended confirmed users 22,922 edits m sp and fixing links Next edit →
Line 1: In computer science (or more often, in computer underground terms) ~~<b>pollymorphic~~'''polymorphic code~~</b>~~''' is the act of mutating code and at the same time keeping the original [[algorithm]] intact. This is often used by [[computer virus]]es and [[shellcode]] to keep their [[encryption\|de/en-cryption-engines]] from being detected by [[anti virus software]] and [[Intrusion Detection Software]]. ==== ~~how~~How it works ==== An algorithm that uses, for example, the variables A and B but not the variable C could stay intact even if you added lots of codes that changed the content in the variable C. Line 52: some_random_number The code inside "Encrypted" could then search the code between Decryption_Code and [[CryptoKey]] and remove all the code that alters the variable C. Before the next time the encryption engine is used, it could input new ~~unnessisary~~unnecessary C-altering codes. Start: Line 87 ⟶ 89: some_random_number The code above will decrypt the code inside "Encrypted" with a mutated crypto-engine. Then it will ~~transfere~~transfer control to the decrypted code inside "Encrypted". The code in there will remove all the codes that alters C. Then it will input new codes that alters C at other (random) locations in the crypto-algorithm. The change of "GOTO Encrypted" to "RETURN_TO_SYSTEM" will make it possible to re-use the old encryption engine (as [[XOR]] works in both ways.) then it will do ''something'' (like spreading to other files in the case of a virus) and at last, it will return to the Decryption_Code. If the code is trying to replicate itself (in the case of a [[computer worm]] or [[computer virus]]) it will need to encrypt the code inside "Encrypted" before it sends it away.

Polymorphic code: Difference between revisions