Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

File Encoder using key in byte array [C#]

Meteor2142
Meteor2142
in Programming and Coding

Featured Replies

Posted

Hello guys!
 
I'm now on finding out how cryptor works (more on my previous topic)
So there is some stub, with randomly generated method names, and randomly generated byte array that crypts the file:
 
Sample of decryptin code:
 

string text = (string)ResourceManager...byte[] array = new byte[text.Length];// and decrypt method     string text =  (string)resourceManager.GetObject(...... //using the string from crypted resources (i dont how its even store in resouces like that)    byte[] array = new byte[text.Length];    for (int i = 0; i < text.Length; i++)    {        array[i] = (byte)text[i]; // decryption    }//the

most simple maybe... how to make encoder from this? ByteKey used in resourcemanager to decode encrypted string 
 
Second sample:
same:

string text...byte[] array... for(int i=0; i < text.Length; i++){   for(int j=0; j < bytekey.length; j++) {    array[i] = text[i] ^ bytekey[j]; // creating an decrypted array from resources using bytekey   }

}
 
ByteKey looks like:

private static byte[] ByteKey = new byte[]{198, 155, 210, 181, 170, 198, 80, 247, 165, 134, 249, 215, 18, 204, 212, 8, 71, 122, 144, 187, 164, 225, 159, 57}; 

 
3rd sample:

        for (int j = 0; j < text.Length; j++)        {            array[i] ^= text[j];        }

 
Sorry for bad engl and post, but i really need to know how to mape an encryptor!

 

If there is some people can help me, in few day i will release a simple encryptor using this methods! 

TY!

This is simply XOR encoding. Encrypt==Decrypt. Simply replicate the decrypting procedure and you are done. Btw if you are using this to encrypt a file(to avoid AV detection?) this is a terrible choice of algorithm. Heuristics will detect it.


  • Author

This is simply XOR encoding. Encrypt==Decrypt. Simply replicate the decrypting procedure and you are done. Btw if you are using this to encrypt a file(to avoid AV detection?) this is a terrible choice of algorithm. Heuristics will detect it.

 

It's only a main method of encoding, there even more methods as RunPE, steganography  etc.

More here - http://blogs.cisco.com/security/talos/reversing-multilayer-net-malware 

RunPE used to be the main choice, however due to the progression of API's (VirtualAlloc, VirtualProtect, WriteProcessMemory, CreateRemoteThread etc.) it is highly classified as a malicious operation. 


 


Going back to the xor encoding, while effective at scrambling data, it can and will be detected by AV's or even in a sandbox environment. Also I dont know if the forum is appropriate for such topics.(I don't know though, I am just assuming because of the nature of malware topics)


  • 2 months later...

Hope this will help you....C# Encryption


 


Dov


Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.