[x]
We are happy to see you on AH
AH - AndhraHackers is a place to entertain as well to spread knowledge around.
One of the most exciting Indian Community over Internet.

We would like you to Join AH Forum Today.

Why to JOIN AH forum ?
+  Andhra Hackers , Indian Hackers , Indian Cyber Warriors , Ethical Hackers Forum
|-+  °l||l° HacKing/Exploits Zone °l||l°» HacKing Tut.» Beginners Guide to Crypters and Stub
Username:
Password:
Home Help Search Terms of Service Login Register
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Beginners Guide to Crypters and Stub  (Read 154 times)
0 Members and 3 Guests are viewing this topic.
chota_satish
Full Member
***

Karma: +4/-0
Offline Offline

Posts: 115
« on: February 06, 2010, 09:44:04 AM »
Que. What this tutorial covers?
Ans.

    * What is a crypter?
    * What constitute a crypter?
    * Are all crypters same?Confused
    * How many types of crypters are there?
    * FUD/UD, What the hell is that?
    * Stub?Omg What is it use?
    * Will my Crypter remain FUD forever?
    * How to make sure my crypter remain FUD for the longest time?


Crypters

A Crypter is free software used to hide our viruses, RATs or any keylogger from anti-viruses so that they are not detected and deleted by anti-viruses. Thus, a crypter is a program that allow users to crypt the source code of their program. Generally, antivirus work by splitting source code of application and then search for certain string within source code.

Screen shot of a crypter:




Crypters may be coded in different launguages but there functionality remain almost the same i.e to crypt your detectable servers so they become FUD...


FUD

FUD means Fully Undetectable and UD means Undetectable.

A FUD crypter is theoretically/practically not detected by any AV at the time of it being scanned on Virus Scanners.
Screen shot of a FUD scan:




With increased use of Crypters to bypass anti-viruses, AV became more advanced and started including crypter definitions to even detect crypter strings within code. So, use of crypter to hide Rats(PI, Bifrost), Stealers and Bots became more complicated as nowadays, no publicly available crypter is FUD.

So, if you crypt RAT, Bot servers with publicly available crypters, they are bound to be detected by antiviruses. This is because most FUD crypters remain "FUD" for maximum of one or two days after their public release.Then they become UD.

So, if you want a FUD or close to FUD crypter, I suggest Buying one or learn to make public crypters FUD or Semi-FUD(The crypter which is detected by 2-3 AV's).

Parts of a Crypter

A Crypter has 2 parts:

    * Client
    * Stub


A) The client is the interface where we may upload our file and use the options it brings, according to the programmer that made the crypter and crypt our files.


B) The stub is an executable file(.exe) or a. Dll some times. This file is used as a filter for files that are uploaded to the client crypter.

Functioning :
Once the client is open, it loads its stub ... goes through the file, and accordingly the file gets crypted as the stub.

Here is how executable crypters work:

1) The actual processor commands of a protected binary are crypted/obscured/munged whatever

2) When the protected application first starts, a small decrypter stub is first run that restores all of the original processor commands for the executable in memory.

3) Finally, the decrypter stub ends and transfers execution to the original entry point (OEP) and the program runs normally. So, basically the crypter's that have in-built stubs gets detected very fast, the others take some time to get detected.

Also you can modify the stub once it gets detected by changing the entry and exit points.


Types of Crypter


    * External Stub
    * Internal Stub
    * Runtime
    * Scantime


External Stub : Well most of you have downloaded a public crypter by now and when you open the folder you have seen 2 things:

Client.exe and Stub.exe

These type of crypters are called External Crypter in which the functionality of the crypter pretty much depends on the external stub.
You delete the stub and the crypter is useless.

Internal Stub : The crypters that contain only Client.exe fall under this category. In this the stub is coded within the crypter.

There are ways to detach the stub from the crypter, but in some other tutorial.



Runtime Crypters : The crypters that crypts a server that remains Undetectable upon running in the memory of a PC is called a runtime crypter.
This is the one you want for all your servers and executables.


Scantime Crypter : The crypters that crypts a server that remains Undetectable upon scanning by AV's but when run in the PC gets detected by the AV.


How long my Crypter will be FUD?

Well If you have read this far chances are you still are/or will be using public crypters for a while. So chances are that your crypter will go Semi-FUD within 1-3 weeks. Depends on the crypter and your own good will.

If you want that your FUD public/private crypters to remain FUD use only novirusthanks.org with option enabled DO NOT Re-Distribute data.

Screen shot of the CORRECT way :
Logged
Andhra Hackers , Indian Hackers , Indian Cyber Warriors , Ethical Hackers Forum
« on: February 06, 2010, 09:44:04 AM »
 Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  


whitec0de.com | Techian.com | GfxLovers.com | CDN Pic | Inj3ct0r Exploit DB | Garage4Hackers
Theme by Indian Servers. Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC MySQL | PHP | XHTML | CSS
Page created in 0.096 seconds with 27 queries.