Archives

All posts for the month January, 2013

rcrypt version 1.2 is now released!

rcrypt is a Windows PE binary crypter (a type of packer) that makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. PEs that use tls or other interesting features of the PE spec are not currently supported. I may add support for more spec features as time permits. In version 1.0 and 1.1 your funky active X and COM files will not work. If there is enough interest I will consider adding other features/support.

rcrypt features include:

encryption of all code/data

timelock puzzle

This is just a proof of concept tool to showcase the potential use of these techniques as well as potential shortcomings of various detection systems.

rcrypt is being released for educational purposes. I do not condone malicious or illegal use of this tool. Using this tool might also cause you to experience light headedness or fatigue. I also take no responsibility for any of these potential outcomes. Use your own discretion.

rcrypt 1.2

Minor re-addition of some internal functionality that was removed from versions 1.0 and 1.1 due to issues with windows xp/7 and 32/64 bit. Issues resolved and 1.2 is now out.

File MD5 sum: 1c0989a751038a49052a4e37f8879f43

File SHA1 sum: 4c22b51e466fd2516c68c94c2dd5f4dbf1bc395b

rcrypt v1.2 (File archive password: 0xrage.com)

 

rcrypt 1.1

Added in rcrypt version 1.1 is the optional switch -trick0. Read the readme for details.

File MD5 sum: 6c53c7d7dc6b342174b1eda13597c771

File SHA1 sum: 30f6fbf6c615269b6c894f7eec125a03c4cd5afd

rcrypt 1.1 (File archive password: 0xrage.com)