VaKo Posted November 10, 2006 Posted November 10, 2006 Even if he posts the source code to the file, how do we know that the source is what matches the encrypted executable? We don't, but we have a choice if we have the source. I think it's good to post encrypted files since that's the only way around AV and it's the responsibility of the person downloading to load on a test box with FileMon, RegMon, TCPMon, Wireshark, Snort .. etc. to see if it's malicious. Surely no one expects a file they're downloading to hack other systems to not be coded in such a way that it gives the author a back door also. :) Seriously, the USB hacks are attracting a boat load of traffic here, lots of people who won't have even heard of those programs, let along know how to use them. We're not saying this is a Bad Program, we're just saying that some of the mods are paranoid so you don't have to be. I know other people have posted encrypted files before and no one has really complained about it. No, we haven't done anything before. Lets just say we were lax. I think someone needs to post HOW they're encrypting these files so we can all do it. I know there are a ton of howtos on bypassing AV by using a hex editor and IDApro (or was it Ollydbg). I know this kind of stuff takes a pretty in-depth knowledge of assembly, which I don't have. Bingo, thats my main point. This as a damn cool hack, so why not use peoples desire to use this to encouraging them to start learning about coding. Do a Google search for "Hexing your malware" and you'll find the article I'm referring to. Will do. Quote
spektormax Posted November 10, 2006 Posted November 10, 2006 the dource is the keylogger source, the encription is sadly a private packer. You are more than happy to sandbox it and test it, but unfrochunatly I cannot relise the packer as only liek 10 people have it Quote
Spartain X Posted November 11, 2006 Author Posted November 11, 2006 i am all for open source and freedom of knowledge but spektormax does have some point, if his encrypting methods are publicly disclosed av's a re going to find a signature for it and soon the source code will be obsolete because of the fact it no longer has the ability to defect the av's. was wondering if there can be a compromise can be made, like details into how the packer works (no source code) or a trusted person can check the packer if it does anything malicious. i would like to say again that i am for the sharing of source code and knowledge but there can be side affects as well, hope a compromise can happen, i mean isn't just sandboxing and logging all details of the program enough i.e. what burn said the dource is the keylogger source, the encription is sadly a private packer. You are more than happy to sandbox it and test it, but unfrochunatly I cannot relise the packer as only liek 10 people have it Quote
spektormax Posted November 11, 2006 Posted November 11, 2006 well the AV thing is besides the point, I'm afraid of skiddies using it to make thier bots invisable to AV's and that would be bad. If anyone had the packer, they know that its not malicious. Quote
moonlit Posted November 11, 2006 Posted November 11, 2006 I know for a fact that the packer he used is currently impossible to unpack. It might be great for defeating AVs and protecting sensitive files from being decompiled and such but the problem is that it takes more effort to find out what a program packed this way actually does than most people are willing to put in to making sure they're about to run a safe application or tool. This means that someone could in theory pack almost anything in to an almost perfectly packed exe and no-one would know. In a project like this with as many potential users as we have here, this could be disasterous. Anyone who needs to know can find packers that do this just at the click of a button, those who don't need to know where to find this strength of packer don't need to know where to find it. So in short; sure, encrypt and pack your exes 'till your heart's content but don't post them here because no-one knows what's in them. Quote
Spartain X Posted November 12, 2006 Author Posted November 12, 2006 I know for a fact that the packer he used is currently impossible to unpack. It might be great for defeating AVs and protecting sensitive files from being decompiled and such but the problem is that it takes more effort to find out what a program packed this way actually does than most people are willing to put in to making sure they're about to run a safe application or tool. This means that someone could in theory pack almost anything in to an almost perfectly packed exe and no-one would know. In a project like this with as many potential users as we have here, this could be disasterous. Anyone who needs to know can find packers that do this just at the click of a button, those who don't need to know where to find this strength of packer don't need to know where to find it. So in short; sure, encrypt and pack your exes 'till your heart's content but don't post them here because no-one knows what's in them. i guess we could compromise and not post packed exes and for the most part avkilll will do most of the work and stop av's picking up on what's being run again don't remove the link to the keylogger's source as anyone can easly see how itopperates Quote
spektormax Posted November 12, 2006 Posted November 12, 2006 heres a nice compromise, that solves everyones problem, skidies, packed exe's, and need to get over AV's; PM me if you want the packed secured, non avable exe, since I know every non skidde here prity much, I know who U can send it, and they will know its ben tested by other people and its safe, everyonecool with that? Quote
DLSS Posted November 12, 2006 Posted November 12, 2006 heres a nice compromise, that solves everyones problem, skidies, packed exe's, and need to get over AV's; PM me if you want the packed secured, non avable exe, since I know every non skidde here prity much, I know who U can send it, and they will know its ben tested by other people and its safe, everyonecool with that?sure ... Quote
Moo Posted November 12, 2006 Posted November 12, 2006 maybe I'm not understanding the problem, but why can't we get the programs that would be packed, and the packing program? This way we would be able to see that programs and make sure they are safe, and then pack them on our own? Quote
moonlit Posted November 12, 2006 Posted November 12, 2006 maybe I'm not understanding the problem, but why can't we get the programs that would be packed, and the packing program? This way we would be able to see that programs and make sure they are safe, and then pack them on our own? That's what I was aiming for, but the objection to that is that the packer used might become a skiddie tool and due to its strength it's considered too much to let a skiddie get hold of. Quote
spektormax Posted November 13, 2006 Posted November 13, 2006 Like I said Illl be more than happy to pack stuff if you pm me Quote
moonlit Posted November 13, 2006 Posted November 13, 2006 Well if you do get someone else to pack things for you then do so at your own risk. What you guys do via PM is none of our business but just try to act responsibly. Think about it; if the packed exe you find on a forum somewhere is no different to a random packed exe from a member of that forum... do you trust either of them? Quote
spektormax Posted November 13, 2006 Posted November 13, 2006 well if they want it they can ask for it Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.