rcrypt 1.3

Added functionality:
– breaks certain automated analysis engines
– added polymorphism to various other existing functionlities

If you don’t know what rcrypt is check out the original post

md5 sum: 80cc3105b0f035daa0cd19e85bc7c379
sha1 sum: 345fb729fcda1ef5bf004869abc1634092685718

download rcrypt

archive pw:

rcrypt version 1.2 is now released!

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. PEs that use tls or other interesting features of the PE spec are not currently supported. I may add support for more spec features as time permits. In version 1.0 and 1.1 your funky active X and COM files will not work. If there is enough interest I will consider adding other features/support.

rcrypt features include:

encryption of all code/data

timelock puzzle

This is just a proof of concept tool to showcase the potential use of these techniques as well as potential shortcomings of various detection systems.

rcrypt is being released for educational purposes. I do not condone malicious or illegal use of this tool. Using this tool might also cause you to experience light headedness or fatigue. I also take no responsibility for any of these potential outcomes. Use your own discretion.

rcrypt 1.2

Minor re-addition of some internal functionality that was removed from versions 1.0 and 1.1 due to issues with windows xp/7 and 32/64 bit. Issues resolved and 1.2 is now out.

File MD5 sum: 1c0989a751038a49052a4e37f8879f43

File SHA1 sum: 4c22b51e466fd2516c68c94c2dd5f4dbf1bc395b

rcrypt v1.2 (File archive password:


rcrypt 1.1

Added in rcrypt version 1.1 is the optional switch -trick0. Read the readme for details.

File MD5 sum: 6c53c7d7dc6b342174b1eda13597c771

File SHA1 sum: 30f6fbf6c615269b6c894f7eec125a03c4cd5afd

rcrypt 1.1 (File archive password:


Hey guys. So after much speculation that most people won’t just run arbitrary binaries that require root (despite being signed etc) I’ve decided to release the source to sessionlist on github! I guess after deving for windows all these years I just assumed people just double click everything and select ok ;P

Anyway if you don’t know what sessionlist is see the post below. Feel free to use this tool as you see fit, and if you find bugs and feel like sharing I’d be grateful! I’m sure this tool can be improved upon so let those creative juices flow!




It’s been a little while huh. Well I’ve decided to release the finished v0.1 beta of my sessionlist tool.

A little about it and why I created it.

HTTP is a simple protocol, and many use it to create “program-like” websites. With asynchronous requests available in almost every browser (including mobile ones) it’s no surprise that many people create a zillion and one sites for almost any purpose. The underlying issue with HTTP is that it is stateless. How do you create the illusion of program state in a naturally stateless protocol? The correct answer is to create a new protocol that is designed for this purpose however that didn’t happen. Instead we have silly hacks that allow us to pretend to have state while using HTTP. How is this accomplished? Well, we pass variables and their values back and forth with every single request! It will cause overhead but they’re websites not real programs! To make this more manageable many web scripting languages support sessions which can reduce the overhead by storing a session id in browser cookies instead of all the variables/values and use the session id to look up server stored variable/values. Of course now all you need to facilitate authentication is the session id.

So if a website relies on cookies to store authentication details, be it via session id or other state information, a user can simply nab this information and present it as if they were the user and they should be authenticated as if they logged in with valid credentials.

Sessionlist v0.1 is a network sniffer that simply observes cookies sent over HTTP (via port 80 or user configured port via cmd line) and keeps track of them. It will save a list of sites and cookie data along with user-agent strings which should be sufficient to effectively spoof the user who generated the traffic. All you need is a plugin that allows you to set your own user agent and cookie data. I personally have found Firefox’s modify headers plugin to work perfectly but I’m sure others are fine as well. Using this tool to sniff traffic you can basically collect authentication data as it passes over the wire (or air). This will work on unencrypted HTTP traffic but if you’re familiar with SSL MITM attacks you can make this work on those sites as well. Generally for wireless sniffing you don’t need to perform any MITM attack but if you’re on a switched network then obviously a regular MITM attack will be needed. There are many tools that perform those functionalities so use your favorite.

As mentioned before this tool is a beta so there are bound to be bugs so please let me know as you find them so I can squash them and make this a better tool! I’ve included 32 and 64 bit builds. I may release this tool as open source sometime in the future.

The release archive is signed with my public pgp key which you can find on my about page. Click [here] for that. Once you’ve imported my public key simply run:

gpg [thefile.gpg]

If the signature is good then you’re set. If the signature fails then you are probably dealing with a tampered file (or you incorrectly imported my key somehow).

All feedback is appreciated and enjoy!


Released version 1.0 with MORE bug fixes and UI changes! Threading issues have been fixed as well!


Older versions:

(v0.2 changelog)

Released version 0.2 with minor bug fixes and a much better capture engine (removed idiotic threading crap; until another version pthread will remain linked).



Android malware is everywhere. If you want to quickly get listings of permissions used by APK files check out my scanperms program.

Here is an example output on a trojanized app called AndroidDogwar mentioned on this site:

Found permission VIBRATE which has the following attribute:
Allows access to the vibrator

Found permission INTERNET which has the following attribute:
Allows applications to open network sockets.

Found permission ACCESS_COARSE_LOCATION which has the following attribute:
Allows an application to access coarse (e.g., Cell-ID, WiFi) location

Found permission READ_PHONE_STATE which has the following attribute:
Allows read only access to phone state.

Found permission SEND_SMS which has the following attribute:
Allows an application to send SMS messages.

Found permission WRITE_SMS which has the following attribute:
Allows an application to write SMS messages.

Found permission READ_CONTACTS which has the following attribute:
Allows an application to read the user’s contacts data.

Found permission RECEIVE_BOOT_COMPLETED which has the following attribute:
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.


This app had been modified to send SMS messages to everyone on your contact list. Namely that you enjoy hurting small animals.

I find this useful for scanning directories full of APKs.

Note: new vesion v02b updated APKtool to 1.4.3

Note: new version adds fixes. Download the latest below.


md5: d41a4f57dd0833dc1612ebbf40e024fb



If you’re running a lightweight window manager then chances are you might also be interested in using a lightweight desktop manager as well.

x11-misc/slim is a super light desktop manager for running whatever WM you decide to go with, in my case evilwm. It comes with a variety of themes (available in package form via x11-themes/slim-themes) which are very nice.

Behold my Evangelion based theme, Nerv! Sexify your slim today!

Nerv Theme

To install and use the theme download and untar. You should have the directory nerv/ with three files. Move this directory into the themes directory (generally /usr/share/slim/themes). Now edit your /etc/slim.conf file and edit the following line:

current_theme nerv


nerv theme screen

So I’ve finally decided to stop attempting to write my own blog software from scratch (I know I know) and just use an open source one like everyone else. I hope you people are happy now that the commies have won. Conforming to “standards” n’ all. Well don’t let it get to your heads because everything on this site will be 100% ME with 0% added fat.


That being said I plan to add some useful information to these archives in the hopes that not only will it help me stay more organized than I have been, but that it will also help out others in some form or fashion. So keep checking back as there is more to come!